The SOA Security class will provide the students with a sound knowledge of XML security basics. Then, it will present to the students the implementation of security and identity management as a service using the two emerging open, user-centric identity standards like OpenID and XACML for fine-grained authorization. Students will learn about Web services security standards, including WS-Security, WS-Trust, WS-Secure Conversation, and WS-Security Policy. The course will also review the problems of certifying services non-functional properties, including security and privacy ones.

COURSE OBJECTIVES:

The SOA Security class focuses on the following points:

• Learn the basics of XML security including encryption and signature
• Learn the role of XML standards in managing Web Service security and identity
• Gain a deep knowledge of techniques for service assurance and certification

Course topics include:

• Introduction
  • XML Basics
  • XML Encryption and Signature
• Web Service Security
  • WS-Security, WS-Trust
  • WS-Secure Conversation,  WS-Security Policy
• Identity Management Technology
  • Basics in Identity Management
  • IM Platforms
  • Open ID
• Fine-grained authorization languages
  • Policy evaluation and decision architectures
  • XACML and SAML
  • XACML domain profiles
• Service certification
  • Introduction to assurance
  • Security certifications
  • Service certifications

COURSE EVALUATION

• Written Examination: 30.00%
• The written examination is considered valid if the grade is >= 18/30
• Team Design Project and presentation: 70.00%
• Extra points will be given during lessons with specific homeworks.
• Please remember that each grade for written examinations and projects are valid for one year.