zBest Quest, Inc.   

                                           Advanced Software Development and Training

Home         Services    Software Development        Educational Services          Feedback         Contact Us    

Security Architecture
Harmony between Nature and  Technology is zBest Quest.

        

 

 

           

 

Security Architecture for Web and Enterprise Systems.

            Concepts, Protocols, and Supporting Technologies

 Web systems and Enterprise systems have been undergoing tremendous changes, evolution, and complexity over the last decade or so. Security in such systems has been taking a leading significance, as one of the major design considerations. The body of knowledge required to create security is spread over a large number of standards, protocols, and supporting technologies, some of which are barely out of incubation. 

Course Description:

This course presents Web and Enterprise systems’ security architectures. It covers their rapidly changing technologies and provides concise definitions for the features and terminology used in creating such architectures. The student is introduced to the various essential technologies /standards at a level of detail necessary to understand and be able to build security into such complex systems. In addition, the major factors and tradeoffs in the design and deployment of such architectures will be addressed.

Upon completing the course, the student should have the knowledge and skills required to propose, compare, analyze, and recommend architectures for building, extending, and integrating security into Web and Enterprise systems. In-class Lab exercises that include real-life case studies will be conducted.

 

Audience

The course is targeted for all of those who desire, or have the need to understand security’s big picture and its promise for Electronic Commerce and B2B, including new and experienced Web developers, IT personnel, system analysts, S/W developers, R & D managers, product marketing managers, program and project management personnel who want to understand, build and integrate security. 

Course Structure: The course is designed to accommodate students with various abilities and backgrounds. Each topic will be presented beginning with a simple high-level architectural view, and moves forward progressively to cover more advanced contents, thus allowing the maximum benefits for students with varied backgrounds and skills.
Course Objectives:   

 

bulletProvide concise definitions for the concepts, features, and technologies used in creating security for Web and Enterprise systems.   
bulletIntroduces and covers the various essential technologies and standards necessary to build security into such systems.
bulletProvide the student with the foundational knowledge and skills required to propose, compare, analyze, and recommend architectures for security.
bulletGives an architectural overview of the protocols and supporting technologies required to incorporate and implement security.
bulletEvaluate the major design decisions and trade-off in implementing security.
bulletExamines the needs and tools to support Industry’s emerging trends, including Service-Oriented Architecture “SOA”, SAML, XML security, and WS-Security.

Outline Details

 topic 1: Web and Enterprise Systems Architecture: Brief Overview                                    System Architecture

topic 2: Security Needs.
                 Authentication
                 Authorization
                 Defense
                 Integrity
                 Privacy
                 Auditing/Non-Repudiation               Manageability                    

Topic 3: Technologies that Address Security Needs
                       How to address Security needs in a typical environment, Tools and Technologies
                  Authentication Technologies
                  Access Control
                  Firewalls
                  VPN
                  Tier Security
                  Cryptography
                  Single Sign-on

Topic 4: Security Architecture in detail
                  Firewalls
                  VPN
                  Tier Security

      Topic 5: Cryptography
                        Symmetric and Asymmetric Cryptography
                        Levels of Encryption
                        Industry Standards
                        PKI
                        Trade-offs

                 

SECURITY FOR Service-Oriented Architecture “SOA”     

 

Topic 6:  Web Services: Brief Overview
                  XML
                  What Is XML?
                  XML support for Web Systems / applications
                  XML-enabled Architectures
                  SOAP
                  What Is SOAP? Simple Object Access Protocol
                  WSDL
                  UDDI       

Topic 7: Web Services Security
        SSL/TLS for Web Services
        XML Security
        WS-Security
        SAML

  Topic 8: XML Security Details
                  Motivation
                  Standards
                  Data Protection
                  Key Management / Exchange

Topic 9: WS-Security Details
        Architecture
        Evolution
        Future

Topic 10: Managing Security and Security Trade-offs
                  Administration Choices
                  Centralization
                  Single Sign-on
                  Delegated Management
                  B2C and B2B Security

Security Glossary

Course Summary

 

 

 
Send mail to adel@zbestquest.com with questions or comments about this web site.
Last modified: June 08, 2004