No, O'Reilly Media hasn't published a book on 'Security in SOA' in their world famous Head First series (at least not that I know of). This post is about a wonderful presentation on the above mentioned subject, conducted by Prabath SiriWardena, couple of weeks back at the WSO2 Summer School. Prabath is one of my colleagues at WSO2 and he is one of the most experienced folks we got. Prabath's expertise is on computer security and at WSO2 he leads all security related projects including WSO2 Identity Server. In this summer school presentation Prabath has started simple, by explaining the fundamental concepts of computer security like confidentiality, integrity and availability and goes on to more complex topics such as public key cryptography, transport level and message level secuity, WS-Security specs and Username-Token authentication. He gives a glimpse on various options available to SOA architects and Web Service authors to secure their applications at different levels while emphasizing on the importance of interoperability.
Throughout the presentation he has kept things simple yet extremely interesting. You will find the entire presentation sort of follows the storyline based, fun-filled teaching method which is a very effective technique commonly used in the books of the Head First series (and hence the title).
If you want to learn the fundamentals of Security in SOA and how it is used in the enterprise (or how it should be used in the enterprise), this presentation would be a great starting point. So start flipping through the slides now and see for yourself.