WS-Trust
Encyclopedia
WS-Trust is a WS-* specification and OASIS
standard that provides extensions to WS-Security
, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
The WS-Trust specification was authored by representatives of a number of companies, and was approved by OASIS as a standard in March 2007.
Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework.
WS-Trust is then implemented within Web services libraries, provided by vendors or by open source collaborative efforts. Web services frameworks that implement the WS-Trust protocols for token request include: Microsoft's Windows Communication Foundation
(WCF) and Windows Identity Foundation
(WIF), Sun's WSIT framework
, Apache's Rampart (part of axis2
), and others. In addition, vendors or other groups may deliver products that act as a Security Token Service, or STS. Microsoft's Access Control Services is one such service, available online today. Ping Identity Corporation also markets an STS.
OASIS (organization)
The Organization for the Advancement of Structured Information Standards is a global consortium that drives the development, convergence and adoption of e-business and web service standards...
standard that provides extensions to WS-Security
WS-Security
WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
The WS-Trust specification was authored by representatives of a number of companies, and was approved by OASIS as a standard in March 2007.
Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework.
Overview
WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including:- the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-SecurityWS-SecurityWS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
specification. - the formats of the messages used to request security tokens and the responses to those messages.
- mechanisms for key exchange
WS-Trust is then implemented within Web services libraries, provided by vendors or by open source collaborative efforts. Web services frameworks that implement the WS-Trust protocols for token request include: Microsoft's Windows Communication Foundation
Windows Communication Foundation
The Windows Communication Foundation , previously known as "Indigo", is an application programming interface in the .NET Framework for building connected, service-oriented applications.-The architectures:...
(WCF) and Windows Identity Foundation
Windows Identity Foundation
Windows Identity Foundation is a Microsoft framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation capable applications....
(WIF), Sun's WSIT framework
Web Services Interoperability Technology
Web Services Interoperability Technology is an open-source project started by Sun Microsystems to develop the next-generation of Web service technologies...
, Apache's Rampart (part of axis2
Apache Axis2
Apache Axis2 is a core engine for Web services. It is a complete re-design and re-write of the widely used Apache Axis SOAP stack. Implementations of Axis2 are available in Java and C....
), and others. In addition, vendors or other groups may deliver products that act as a Security Token Service, or STS. Microsoft's Access Control Services is one such service, available online today. Ping Identity Corporation also markets an STS.
Authors
The companies involved in defining WS-Trust were: Actional Corporation, BEA Systems, Inc., Computer Associates International, Inc., International Business Machines Corporation, Layer 7 Technologies, Microsoft Corporation, Oblix Inc., OpenNetwork Technologies Inc., Ping Identity Corporation, Reactivity Inc., RSA Security Inc., and VeriSign Inc.External links
- WS-Trust specification document, v1.4
- WS-Trust specification document, v1.3
- OASIS' Web Services Secure Exchange (WS-SX) Technical Committee
- IBM's page on Web Services Trust Language
- WS-Trust specification document, February 2005 (outdated) (XMLsoap.org) (IBM)
- WS-Trust specification v1.0, December 2002 (outdated) (Verisign)