WS-Trust

WS- Trust is a WS-* specification that extends the WS-Security specification. The goal of WS-Trust is to provide guaranteed properties for specific subjects for a domain and between domains (trust domains). Special priority is given to the issuing, renewing, and validating security tokens as well as opportunities to teach safe exchange of messages to establish and evaluate.

The WS-Trust specification was prepared by a variety of companies and recognized by OASIS Standard in March 2007.

Overview

WS-Trust includes:

  • The concept of a Security Token Services ( STS) - a web service that the security tokens out there that are compatible with WS-Security.
  • The format of the messages that are used to request security tokens as well as the answers to these questions
  • Mechanisms for exchanging keys.

Information flow with a Security Token Service (STS )

A client wants to access a particular service endpoint. To this end, he asks in a first step, the end point, which STS he has to ask to get a valid token. After the client has received the valid (signed ) token from the STS, it can send the request containing the token of the STS to the service endpoint. Thus, the client is authenticated. The service endpoint has yet to decide on the authorization and send an appropriate response.

WS-Trust uses the standards WS -SecurityPolicy and WS- Metadata Exchange and extends the specification WS-Security and WS-SecureConversation.

Implementations

Developers of WS-Trust

The companies involved in the development were Actional Corporation, BEA Systems, Computer Associates International, IBM, Layer 7 Technologies, Microsoft, Oblix, Open Network Technologies, Ping Identity Corporation, Reactivity, RSA Security Inc., and VeriSign.

829547
de