Subject: Security Token Service (STS)
Author: authen
Posted on: 06/05/2010 07:10:58 PM
As part of this effort, the WS-Trust standard specified a Security Token Service (STS) that could be used by both Web Service Clients and Providers to perform operations on standard security tokens. On the Web service client side, which can be a Web application or rich desktop application, the STS converts whatever security token that is used locally into a standard SAML security token containing the user's identity that is shared with the Web Services provider. On the Web Service provider side, the STS validates incoming security tokens and can generate a new local token for consumption by other applications.
While WS-Trust envisioned token processing as occurring in two phases at the Web service client and provider, the underlying STS has no such restriction. As a result, larger organizations with multiple security domains have recognized the value of the STS as a “Universal Token Translator” that can convert any type of security token into any other type of security token - even if there are no Web services being used. For example, a STS can be used to convert a CA SiteMinder cookie into an IBM LTPA token.
References:
