WS-Trust
   HOME
*





WS-Trust
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange. The WS-Trust specification was authored by representatives of a number of companies, and waapproved by OASISas a standard in March 2007. Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework. Overview WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including: * the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-Security specification. * the formats of the messages used to request security tokens and the responses to those messages. * mechanisms for key exchange WS-Trust is ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Security Token Service
Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign. In a typical usage scenario involving a web service that employs WS-Trust, when a client requests access to an application, the application does not authenticate the client directly (for instance, by validating the client's login credentials agai ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Web Services Interoperability Technology
Web Services Interoperability Technology (WSIT) is an open-source project started by Sun Microsystems to develop the next-generation of Web service technologies. It provides interoperability between Java Web Services and Microsoft's Windows Communication Foundation (WCF). It consists of Java programming language APIs that enable advanced WS-* features to be used in a way that is compatible with Microsoft's Windows Communication Foundation as used by .NET. The interoperability between different products is accomplished by implementing a number of Web Services specifications, like JAX-WS that provides interoperability between Java Web Services and Microsoft Windows Communication Foundation. WSIT is currently under development as part of Eclipse Metro. WSIT is a series of extensions to the basic SOAP protocol, and so uses JAX-WS and JAXB. It is not a new protocol such as the binary DCOM. WSIT implements the WS-I specifications, including: *Metadata **WS-MetadataExchange ** WS-T ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


List Of Web Service Specifications
There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI. Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all. Web service standards listings These sites contain documents and links about the different Web services standards identified on this page. * IBM Developerworks: Standard and Web Service innoQ's WS-Standard Overview() MSDN .NET Developer Centre: Web Service Specification Index PageOASIS Standards and Other Approved WorkOpen Grid Forum Final DocumentXML CoverPageW3C' ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Apache Axis2
Apache Axis2 is a web service engine. It is a complete redesign and re-write of the widely used Apache Axis SOAP stack. Implementations of Axis2 are available in Java and C. Axis2 provides the capability to add Web services interfaces to Web applications. It can also function as a standalone application server. Why Apache Axis2 A new architecture for Axis2 was introduced during the August 2004 Axis2 Summit in Colombo, Sri Lanka. Some concepts from Axis 1.x, like handlers etc., have been preserved in the new architecture. Apache Axis2 supports SOAP 1.1 and SOAP 1.2, and it has integrated support for the REST style of Web services. The same business-logic implementation can offer both a WS-* style interface as well as a REST/POX style interface simultaneously. Axis2/Java has support for Spring Framework. Axis2/C is a high-performance Web services implementation. It has been implemented with portability and ability to be embedded or hosted in Apache Httpd, Microsoft IIS or Ax ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


WS-*
There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI. Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all. Web service standards listings These sites contain documents and links about the different Web services standards identified on this page. * IBM Developerworks: Standard and Web Service innoQ's WS-Standard Overview() MSDN .NET Developer Centre: Web Service Specification Index PageOASIS Standards and Other Approved WorkOpen Grid Forum Final DocumentXML CoverPageW3C' ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security. Features WS-Security describes three main mechanisms: * How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation. * How to encrypt SOAP messages to assure confidentiality. * How to attach security tokens to ascertain the sender's identity. The specification allows a variety of signature formats, encryption algorithms and multiple trust domains, and is open to various security token models, such as: * X.509 certificates, * Kerberos tickets, * User ID/Password cr ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Security Token
A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens include wireless keycards used to open locked doors, or in the case of a customer trying to access their bank account online, bank-provided tokens can prove that the customer is who they claim to be. Some security tokens may store cryptographic keys that may be used to generate a digital signature, or biometric data, such as fingerprint details. Some may also store passwords. Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. Connected tokens utilize a variety of interfaces including USB, near-field communication (NFC), radio-frequency identification (RFID), or Bluetoo ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Windows Communication Foundation
The Windows Communication Foundation (WCF), previously known as Indigo, is a free and open-source runtime and a set of APIs in the .NET Framework for building connected, service-oriented applications. .NET Core 1.0, released 2016, did not support WCF server side code. WCF support was added to the platform with support for .NET Core 3.1, .NET 5, and .NET 6 in 2022. The architecture WCF is a tool often used to implement and deploy a service-oriented architecture (SOA). It is designed using service-oriented architecture principles to support distributed computing where services have remote consumers. Clients can consume multiple services; services can be consumed by multiple clients. Services are loosely coupled to each other. Services typically have a WSDL interface (Web Services Description Language) that any WCF client can use to consume the service, regardless of which platform the service is hosted on. WCF implements many advanced Web services (WS) standards such as WS-Ad ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Windows Identity Foundation
Windows Identity Foundation (WIF) is a Microsoft software framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation capable applications. Windows Identity Foundation is supported on IIS 6/Windows Server 2003, IIS 7/Windows Vista, Windows Server 2008 and Windows 7. Version 1.0 shipped as a standalone product, but the product is now included as a part of Microsoft .NET Framework v4.5. Major features WIF has the following major features: * It allows developers to build claims-aware applications by providing a set of application programming interfaces (APIs) that help developers write code to make access decisions to applications based on claims. * It provides templates to help developers get started building claims-aware applications. * It provides utilities that facilitate creation of a trust relationship between a claims-aware application (sometimes ref ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

OASIS (organization)
The Organization for the Advancement of Structured Information Standards (OASIS; ) is a nonprofit consortium that works on the development, convergence, and adoption of open standards for cybersecurity, blockchain, Internet of things (IoT), emergency management, cloud computing, legal data exchange, energy, content technologies, and other areas. History OASIS was founded under the name "SGML Open" in 1993. It began as a trade association of Standard Generalized Markup Language (SGML) tool vendors to cooperatively promote the adoption of SGML through mainly educational activities, though some amount of technical activity was also pursued including an update of the CALS Table Model specification and specifications for fragment interchange and entity management. In 1998, with the movement of the industry to XML, SGML Open changed its emphasis from SGML to XML, and changed its name to OASIS Open to be inclusive of XML and reflect an expanded scope of technical work and standa ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]