Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

I/O, non-blocking

ID-FF (Identity Federated Framework) version 1.2

ID-SIS (Identity Service Interface Specification) version

ID-WSF (Identity Web Services Framework) version

IDEA symmetric cipher

Identification processes

Identity Federated Framework (ID-FF) version 1.2

Identity federation 2nd 3rd

     cross-domain

     Liberty Alliance

     SAML

Identity management 2nd 3rd 4th

    access control. [See Access control]

     access management services

     auditing 2nd 3rd

     core issues

     data synchronization services

     directory services

     importance

     in case study 2nd

     in use cases

     justifying

    Liberty Alliance Project. [See Liberty Alliance Project]

     network identity

    personal identification. [See Personal identification]

     point-to-point interfaces for

     policies

     provisioning services

     references 2nd

     reporting services

    SAML. [See SAML (Security Assertion Markup Language)]

     security patterns for 2nd 3rd

         Assertion Builder

         best practices

         Credential Tokenizer

         factor analysis

         Password Synchronizer

         pitfalls

         references

         Single Sign-on Delegator

         Web services

     service provisioning relationship

     services for

    single sign-on. [See Single sign-on (SSO) mechanisms]

     summary 2nd

    XACML. [See XACML (Extensible Access Control Markup Language)]

Identity Provider Agent strategy

Identity Provider Discovery Profile

Identity providers

     in case study

     Liberty Alliance

     Liberty specifications

     Message Inspector pattern

     Message Interceptor Gateway pattern

     Secure Message Router pattern

     Single Sign-on Delegator pattern 2nd

     user account provisioning

     Web services

Identity Service Interface Specification (ID-SIS) version

Identity termination strategy

Identity theft and spoofing

     Assertion Builder pattern

     Web services

Identity Web Services Framework (ID-WSF) version

IDSs (Intrusion Detection Systems)

IETF Policy Management Working Group

IMAP (Internet Message Access protocol)

Impact risk factor

Implementation

     Assertion Builder pattern

     AssertionContextImpl class

     biometrics

     JAAS authorization

     LoginModule class

     Policy Delegate pattern

     Secure UP 2nd

     smart cards

     SPML

     UserNameTokem class

implies method

Importing certificates 2nd

Inclusive canonicalization encryption

Information aggregators

Informative policies

Infrastructure

     Application Security Provider

     in case study 2nd 3rd

     in security patterns

         Business tier

         factor analysis

         Intercepting Web Agent

         Password Synchronizer

         Secure Pipe

         Web services 2nd

         Web tier

     J2EE

     policies

     Security Services

init method

     AuditClient

     Cipher

     HTTPProxy

     MBeanFactory

     MBeanManager

     PasswordSyncLedger

     PasswordSyncListener

     Policy Delegate pattern

     SimpleSOAPServiceSecurePolicy

     TakeAction

     WriteFileApplet

initConfig method

     ServiceConfig

     SSODelegatorFactoryImpl

initialize method

     KeyPairGenerator

     LoginModule

initSign method

initVerify method

Injection flaws

Input validation failures

Insider attacks

Integration and Integration tier

     in case study

     in identity management

     in patterns-driven design

     in security patterns

         Assertion Builder

         Intercepting Web Agent 2nd

         Password Synchronizer

         Secure Service Facade

         Secure Service Proxy

     J2EE

     reality checks

     rule-based

     user account provisioning

Integrity

     as security goal

     in Security Wheel

     Secure Pipe pattern 2nd

     Web services

Intellectual property

Intercepting Filter pattern

     and Audit Interceptor pattern

     and Authentication Enforcer pattern

     and Intercepting Validator pattern

Intercepting Validator pattern

     and Secure Base Action pattern 2nd

     consequences

     forces

     in case study 2nd 3rd 4th 5th

     participants and responsibilities 2nd

     problem

     reality check

     related patterns

     security factors and risks

     solution

     strategies

     structure

Intercepting Web Agent pattern

     consequences

     forces

     in case study

     participants and responsibilities

     problem

     reality check

     related patterns

         Container Managed Security

         Secure Service Proxy

     sample code

     security factors and risks

     solution

     strategies

     structure

Intercepting Web Agent strategy

Interceptor strategy

Interfaces

     CertPath

     JAAS

     JCA

     JCE

     JSSE

     Password Synchronizer pattern

     PKCS#11 and PKCS#15 standards

     Policy Delegate pattern

     Secure Service Facade pattern

Intermediary infrastructure

Internet Message Access protocol (IMAP)

Internet Scanner testing tool

Interoperability

     Liberty Phase 1

     Secure Message Router pattern

     Secure Pipe pattern

     security provisioning patterns

     user account provisioning

     Web services

Intrusion Detection Systems (IDSs)

Invalid data. [See Intercepting Validator pattern]

Invalidating HTTP sessions

Invocation, rule-based

invoke method

IP address capture

IP filtering

Iris verification

isAuthorized method

isCallerInRole method

     EJBContext

     J2EE authorization

Issuing authority in SAML

isUserInRole method 2nd 3rd

isValidStatement method

Iterative development in Secure UP

ITS4 testing tool