Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

2017-07-07 02:10:07

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Padding in JCE block ciphers

paint method

PAM (Pluggable Authentication Module) 2nd

for biometrics

for smart cards

PAPs (Policy Administration Points) 2nd

ParamValidator class

Parlay Group 2nd

Partial content of XML documents, accessing

Participants and responsibilities in security patterns

Assertion Builder

Audit Interceptor

Authentication Enforcer

Authorization Enforcer

Container Managed Security

Credential Tokenizer

Dynamic Service Management 2nd

Intercepting Validator 2nd

Intercepting Web Agent

Message Inspector

Message Interceptor Gateway

Obfuscated Transfer Object

Password Synchronizer

Policy Delegate

Secure Base Action 2nd

Secure Logger

Secure Message Router

Secure Service Facade 2nd

Secure Service Proxy

Secure Session Object

Single Sign-on Delegator

Partitioning in network topology

Passive RFID tags

Password Manager

Password Synchronizer Manager

Password Synchronizer pattern 2nd

consequences

forces

participants and responsibilities

problem

reality check

related patterns

sample code

security factors and risks

solution

strategies

structure

Password-Based Encryption (PRE)

Passwords

Credential Tokenizer patterns

exploits

Identity management 2nd

in authentication

JAAS authorization

keystore

SAML

smart cards

synchronization 2nd [See also Password Synchronizer pattern]

vendor products for

Web tier patterns

PasswordSyncLedger class

notification messages from

sample code 2nd

PasswordSyncListener class

sample code 2nd

screen display messages from

PasswordSyncManager class 2nd 3rd

PasswordSyncRequest class 2nd 3rd

Patches

in Secure UP

problems from

Patterns, security. [See Security patterns]

PBEWithMD5AndDES algorithm

PC/SC framework

PCKS providers

PDPs (policy decision points)

SAML

sample programs

XACML 2nd

XACML 2.0 with SAML 2.0

Penetration tests

PEPs (Policy Enforcement Points)

SAML 2nd

XACML

XACML 2.0 with SAML 2.0

Performance

helper classes for

in security patterns

Audit Interceptor 2nd

Business tier

Intercepting Validator

Message Interceptor Gateway

Obfuscated Transfer Object

Policy Delegate

Secure Logger 2nd

Secure Pipe 2nd

J2EE network topology

Permission class 2nd

PermissionCollection class 2nd

Permissions

J2EE

Java 2

JNLP

MIDlets

tag library for

Web tier patterns

PermissionsCollection class

Persistent mode

Personal Data Ordinance

Personal Health Information (PHI)

Personal identification 2nd

authentication

best practices

biometric. [See Biometric identification and authentication]

enabling technologies. [See Enabling technologies for personal identification]

physical and logical access control

pitfalls

references

RFID-based

smart cards. [See Smart cards]

PGP (Pretty Good Privacy)

in PKI

in trust models

PHI (Personal Health Information)

Phishing

Physical access control 2nd

PINs for smart cards 2nd

Pipes

Secure Pipe pattern. [See Secure Pipe pattern]

Web tier patterns

Pipes and Filters pattern

Pitfalls

in case study

in personal identification

in security patterns

Business tier

Identity management

security provisioning

Web services

PKCS#11 interface standard 2nd

PKCS#15 interface standard

PKCS1 algorithm

PKI (Public Key Infrastructure)

in Security Wheel

limitations

Web tier patterns

XML

PKITS (Public Key Interoperability Test Suite)

PKIX

PKIXParameters class

Platforms in case study

Plug-ins

for biometrics

for smart cards

in Java System Access Manager

Pluggable Authentication Module (PAM) 2nd

for biometrics

for smart cards

Point-to-Point Channel pattern

Point-to-point interfaces

Pointers in Java

POJO business objects 2nd

policies

failures

in case study

in security patterns

Business tier 2nd

Identity management

Intercepting Web Agent

Secure Service Facade

Web tier

in Security Wheel

J2EE domains for

JAAS authorization

Java 2

management

DMTF

EPAL

IETF Policy Management Working Group

in Web services 2nd 3rd 4th

Parlay Group

services for

reality checks for

XACML 2nd 3rd

Policy Administration Points (PAPs) 2nd

Policy class

Policy Decision Point Authority

Policy decision points (PDPs)

SAML

sample programs

XACML 2nd

XACML 2.0 with SAML 2.0

Policy Delegate pattern 2nd

consequences

forces

participants and responsibilities

problem

reality check

related patterns

sample code

security factors and risks

solution

strategies

structure

Policy Enforcement Points (PEPs)

SAML 2nd

XACML

XACML 2.0 with SAML 2.0

Policy repository

SAML

XACML

Policy sets

Policy stores

Policytool tool 2nd 3rd

Portals

in use cases 2nd

in user account provisioning

SSO through

Possibility risk factor

in case study

in risk analysis

Post-issuance applet downloads

Post-process audit handling

Post-synchronization event strategy

PRE (Password-Based Encryption)

Pre-process audit handling

Prerequisites in case study

Presentation tier

J2EE 2nd

reality checks for

Pretexting Provisions

Pretty Good Privacy (PGP)

in PKI

in trust models

Preventive transformations

Primitives in Java

Principal class

Principal-based policy files

Principals

Authorization Enforcer pattern

delegation of

J2EE

JAAS authorization

JAAS Login Module Strategy

Liberty specifications

propagation of

resource

Printing certificate information

Priorities

Privacy

Secure Pipe pattern

security provisioning patterns

Security Services

XACML

Privacy-rule administrators

Private keys

Private/public key pairs

PrivateCredentialsPermission class

PrivateKey interface

PrivilegedAction

Proactive assessment

Proactive security 2nd

Probability risk factors

Problem in security pattern templates

Assertion Builder

Audit Interceptor

Authentication Enforcer

Authorization Enforcer

Container Managed Security

Credential Tokenizer

Dynamic Service Management

Intercepting Validator

Intercepting Web Agent

Message Inspector

Message Interceptor Gateway

Obfuscated Transfer Object

Password Synchronizer

Policy Delegate

Secure Base Action

Secure Logger

Secure Message Router

Secure Pipe

Secure Service Facade

Secure Service Proxy

Secure Session Object

Single Sign-on Delegator

process method

processPasswordSyncRequests method

Profiles

in case study

J2ME

SAML 2nd 3rd

XACML

Programmatic security

authentication

authorization

Authorization Enforcer pattern

J2EE 2nd 3rd 4th

Container Managed Security pattern

EJB method using

Password Synchronizer pattern

validation logic

Proprietary solutions

Protected resources

Protection domains

J2EE

Java 2

ProtectionDomain class

Protocol Binding strategy

Assertion Builder pattern

Credential Tokenizer patterns

Password Synchronizer pattern

Protocols

Business tier patterns

Java System Access Manager

SAML

Security Services

Protocols stack

Provider classes

JCA

JCE

Providers

authorization 2nd

J2EE

JMS

JSSE

Liberty specifications 2nd

LoginModule

PCKS

Secure Message Router pattern

session state maintenance

Web services 2nd

Provisioning Service Points 2nd

Provisioning Service Targets

Provisioning services. [See User account provisioning]

Proxies

in Liberty specifications

Secure Service Proxy pattern. [See Secure Service Proxy pattern]

Proxy pattern 2nd

Proxy tunneling

PSTID-ID mapping tables

Public Accounting Board

Public credential set

Public Key Infrastructure (PKI)

in Security Wheel

limitations

Web tier patterns

XML

Public Key Interoperability Test Suite (PKITS)

Public keys

in assessment checklists

LDAP 2nd

PublicKey interface

publishPasswordSyncResult method

Index

Категории