SOA Security

The SOA Security class will provide the students with a sound knowledge of XML security basics. Then, it will present to the students the implementation of security and identity management as a service using the two emerging open, user-centric identity standards like OpenID and XACML for fine-grained authorization. Students will learn about Web services security standards, including WS-Security, WS-Trust, WS-Secure Conversation, and WS-Security Policy. The course will also review the problems of certifying services non-functional properties, including security and privacy ones.


The SOA Security class focuses on the following points:

  • Learn the basics of XML security including encryption and signature
  • Learn the role of XML standards in managing Web Service security and identity
  • Gain a deep knowledge of techniques for service assurance and certification

Course topics include:

  • Introduction
    • XML Basics
    • XML Encryption and Signature
  • Web Service Security
    • WS-Security, WS-Trust
    • WS-Secure Conversation,  WS-Security Policy
  • Identity Management Technology
    • Basics in Identity Management
    • IM Platforms
    • Open ID
  • Fine-grained authorization languages
    • Policy evaluation and decision architectures
    • XACML and SAML
    • XACML domain profiles
  • Service certification
    • Introduction to assurance
    • Security certifications
    • Service certifications


  • Written Examination: 30.00%
  • The written examination is considered valid if the grade is >= 18/30
  • Team Design Project and presentation: 70.00%
  • Extra points will be given during lessons with specific homeworks.
  • Please remember that each grade for written examinations and projects are valid for one year.

6 credits
INSTRUCTOR: Ernesto Damiani

Incoming Lesson

    No Eventi