WS-Trust is a
WS-* specification and
OASIS
In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environment[standard Standard may refer to:
Symbols
* Colours, standards and guidons, kinds of military signs
* Standard (emblem), a type of a large symbol or emblem used for identification
Norms, conventions or requirements
* Standard (metrology), an object ...]
that provides extensions to
WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
The protocol specifies how integrity and confidentiality can be enf ...
, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
The WS-Trust specification was authored by representatives of a number of companies, and wa
approved by OASISas a standard in March 2007.
Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the
Web services
A web service (WS) is either:
* a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or
* a server running on a computer device, listening for requests at a particular port over a n ...
framework.
Overview
WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including:
* the concept of a
Security Token Service Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.. Within that claims-based identity framework, a secure token service i ...
(STS) - a
web service
A web service (WS) is either:
* a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or
* a server running on a computer device, listening for requests at a particular port over a n ...
that issues
security token
A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked door ...
s as defined in the
WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
The protocol specifies how integrity and confidentiality can be enf ...
specification.
* the formats of the messages used to request security tokens and the responses to those messages.
* mechanisms for key exchange
WS-Trust is then implemented within Web services libraries, provided by vendors or by open source collaborative efforts. Web services frameworks that implement the WS-Trust protocols for token request include: Microsoft's
Windows Communication Foundation
The Windows Communication Foundation (WCF), previously known as Indigo, is a free and open-source runtime and a set of APIs in the .NET Framework for building connected, service-oriented applications.
.NET Core 1.0, released 2016, did not s ...
(WCF) and
Windows Identity Foundation
Windows Identity Foundation (WIF) is a Microsoft software framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation c ...
(WIF - as of .NET 4.5, WIF is integrated into .NET Core), Sun's
WSIT framework, Apache's Rampart (part of
axis2), and others. In addition, vendors or other groups may deliver products that act as a
Security Token Service Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.. Within that claims-based identity framework, a secure token service i ...
, or STS.
Microsoft's Access Control Servicesis one such service, available online today. PingIdentity Corporation also markets an STS. Microsoft's ADFS also provides implementation of an STS.
Authors
The companies involved in defining WS-Trust were:
* Actional Corporation, BEA Systems, Inc.
* Computer Associates International, Inc.
* International Business Machines Corporation
* Layer 7 Technologies
* Microsoft Corporation
* Oblix Inc.
* OpenNetwork Technologies Inc.
* Ping Identity Corporation
* Reactivity Inc.
* RSA Security Inc.
* VeriSign Inc
References
External links
OASIS' Web Services Secure Exchange (WS-SX) Technical CommitteeIBM's page on Web Services Trust Language
See also
*WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.
The protocol specifies how integrity and confidentiality can be enf ...
* WS-* Web Service Specifications
*Web Services
A web service (WS) is either:
* a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or
* a server running on a computer device, listening for requests at a particular port over a n ...
*OASIS (organization)
The Organization for the Advancement of Structured Information Standards (OASIS; ) is an Trade association, industry consortium that develops Technical standard, technical standards for information technology.
History
OASIS was founded under ...
* Security Tokens
* Security Token Service (STS)
*Identity management
Identity and access management (IAM or IdAM) or Identity management (IdM), is a framework of policies and technologies to ensure that the right users (that are part of the ecosystem connected to or within an enterprise) have the appropriate acce ...
Web service specifications
Security technology
Computer access control
Federated identity
Identity management
Identity management systems
{{www-stub