At nearly every client site, I’m asked to put together a recommended reading list on a variety of subjects. Web Services security is generally among them. SO, I’m putting together a list of the links that usually make it on that list.
There is obviously a lot of material here. It’s unlikely that most people will read specification documents line-for-line. If there is an area you need to focus on, here are the links.
- X509v3 Specification
- X509 Article on Wikipedia
- PKI book: Understanding PKI: Concepts, Standards, and Deployment Considerations (amazon link)
- WS-Security Specification
- WS-SecurityPolicy Specification
- WS-SecurityPolicy Example Specification
- XML Encryption Specification
- XML Digital Signature Specification
- SAML2 Spec
- Username Token Spec
- x509 Token Profile Specification
- Demystifying WS-Security book (amazon link)
- WS-Trust Spec
- SSLv3 Spec
- TLSv1 Spec
- AES Spec
- 3DES Spec
- LDAP Specification
- WS-I Basic Security Profile