New Security portal website

A friend of mine is interested in creating a Security portal website of sorts for various service oriented web sites that require user authentication. A single sign-on design but would pass through to the intended web site providing the end service. Would the book provide enough examples to point them in the right direction to implement a secure design. They have talked about the multi-factor authentication process (Password + Smartcard + Biometrics) that you had mentioned in another post. Is that type of technology covered in your book?

I'm not looking for a solution but something to point them in the right direction to create a secure application.

John,

Thanks for asking this question...

The book explores a full case-study (Chapter 14) illustrating "How to design and implement security for a Web-based application PORTAL (eRewards Portal) right from scratch" that integrates J2EE applications and B2B Web services. The case study digs deep from identifying the security requirements, architecture, design, security infrastructure design, risk analysis, trade-off analysis, applying security patterns, security architecture components (web-tier, bus-tier, web-service tier), Policy design, tier and factor analysis, implementation model, testing....and finally deployment, monitoring.

To enable multi-factor authentication, we have dedicated a chapter (Chapter 15) on "Architecture and Implementation strategies for incorporating Smartcards and Biometrics" in J2EE applications. We also highlighted the best practices and pitfalls while choosing these practices.

Hope this helps.

/Ramesh

Thanks for you response.