Security for Web Services and Service-Oriented Architectures
Security for Web Services and Service-Oriented Architectures
- Used Book in Good Condition
Web services technologies are advancing fast and being extensively deployed in many di?erent application environments. Web services based on the eXt- sible Markup Language (XML), the Simple Object Access Protocol (SOAP), andrelatedstandards,anddeployedinService-OrientedArchitectures(SOAs) are the key to Web-based interoperability for applications within and across organizations. Furthermore, they are making it possible to deploy appli- tions that can be directly used by people, and thus making t
List Price: $ 89.99
Price: [wpramaprice asin=”354087741X”]
[wpramareviews asin=”354087741X”]
Chiradeep Chhaya "Genetically Alien"
Promising work but mediocre execution,
1. The premise of the book is pretty valuable. There is need for updated literature that takes web services security out of the standards world and makes it more approachable. On that count, I laud the initiative.
2. The book, however, suffers from several significant issues:
a. The proof-reading, for a book that purports to be a reference on the topic, is abysmal. Consider this snippet on page 35 related to threat modeling: “even though the security functions provided by the middleware are becoming more and more reach and complete,…”. Any technical editor should have picked up the multiple mistakes in this sentence. Unfortunately, such mistakes abound in the book.
b. In trying to emphasize theory, the book often comes across as dry and irrelevant. For example, table 3.2 related to STRIDE Categories and the surrounding explanation on page 32, while being factually complete, seem like they belong to a Microsoft Press book. At the level the book aims for, what’s important is not an explanation of STRIDE (why wouldn’t I read Howard’s or Swiderski’s books for that?) but how that relates to Web services. Explaining the STRIDE concepts as related to a fictional Web Service might have been much more useful.
c.Some of the technical terms used in the book are downright incorrect. For example, on page 35, in the same paragraph as #2(a), the authors talk of “RBAC-based authorization mechanisms”. RBAC itself stands for Role Based Access Control. What does it mean for an authorization mechanism to be RBAC-based?
d. If this book is to be useful at all, the figures need to be seriously improved. They are miniature, complex and hardly span a quarter of a page. In short, they are barely decipherable and there’s a lot of text referring to such figures that becomes disconnected.
With all this said, I still give the book 3 stars because there is at least some method to the approach and it’s much better than reading a bunch of W3C or OASIS standards. Not to mention the fact that chapter 3 refers to CAPEC that I had, in part, contributed attack patterns to
I would definitely wish for the editors at Springer to take a serious look at the language and technical terminology and make figures more understandable. The book has a lot of promise and it would be a shame if such matters were to obscure that.
0
Was this review helpful to you?
|Coimbatore Chandersekaran
Excellent Work on Web Security,
0
Was this review helpful to you?
|