Security Token Service
   HOME

TheInfoList



Click Here for Items Related To - Security Token Service
OR:
Security Token Service on:   [Wikipedia]   [Google]   [Amazon]

Security token service (STS) is a cross-platform
open standard An open standard is a standard that is openly accessible and usable by anyone. It is also a prerequisite to use open license, non-discrimination and extensibility. Typically, anybody can participate in the development. There is no single definition ...
core component of the
OASIS In ecology, an oasis (; ) is a fertile area of a desert or semi-desert environment'ksar''with its surrounding feeding source, the palm grove, within a relational and circulatory nomadic system.” The location of oases has been of critical imp ...
group's
WS-Trust WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker ...
web services
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
infrastructure framework specification.. Within that
claims-based identity Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet. It also provides a consistent approach for applications runnin ...
framework, a secure token service is responsible for issuing, validating, renewing and cancelling
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
s. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as
OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider ...
, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM,
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
,
Nortel Nortel Networks Corporation (Nortel), formerly Northern Telecom Limited, was a Canadian multinational telecommunications and data networking equipment manufacturer headquartered in Ottawa, Ontario, Canada. It was founded in Montreal, Quebec, ...
and
VeriSign Verisign Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and gener ...
. In a typical usage scenario involving a web service that employs WS-Trust, when a client requests access to an application, the application does not authenticate the client directly (for instance, by validating the client's login credentials against an internal database). Instead, the application redirects the client to a security token service, which in turn authenticates the client and grants it a security token. The token consists of a set of
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable ...
data records that include multiple elements regarding the identity and group membership of the client, as well as information regarding the lifetime of the token and the issuer of the token. The token is protected from manipulation with strong cryptography. The client then presents the token to an application to gain access to the resources provided by the application. This process is illustrated in the Security Assertion Markup Language (SAML) use case, demonstrating how
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
can be used to access web services. Software that provides security token services is available from numerous vendors, including the open-source
Apache CXF Apache CXF is an open source software project developing a Web services framework. It originated as the combination of Celtix developed by IONA Technologies and XFire developed by a team hosted at Codehaus in 2006. These two projects were combin ...
, as well as closed-source solutions from
Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The word '' ...
(for interfacing with authentication services backed by an
Oracle Database Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online t ...
) and Microsoft (where STS is a core component of
Windows Identity Foundation Windows Identity Foundation (WIF) is a Microsoft software framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation ...
and Active Directory Federation Services). While security token services are themselves typically offered as web services used in conjunction with other web services,
software development kit A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific to ...
s (SDKs) for native applications (such as cloud-storage clients) also exist.


See also

*
Access Control Service Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the f ...
*
Relying party A relying party (RP) is a computer term used to refer to a server providing access to a secure software application. Claims-based applications, where a claim is a statement an entity makes about itself in order to establish access, are also calle ...
*
Identity provider An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. ...


References

{{Authentication APIs Cloud standards Password authentication Federated identity Identity management initiative Computer access control protocols