WS-Trust
{{more citations needed|date=October 2023}}
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.
The WS-Trust specification was authored by representatives of a number of companies, and was [http://www.oasis-open.org/archives/announce/200703/msg00004.html approved by OASIS] as a standard in March 2007.
Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework.
Overview
WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including:
- the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-Security specification.
- the formats of the messages used to request security tokens and the responses to those messages.
- mechanisms for key exchange
WS-Trust is then implemented within Web services libraries, provided by vendors or by open source collaborative efforts. Web services frameworks that implement the WS-Trust protocols for token request include: Microsoft's Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF - as of .NET 4.5, WIF is integrated into .NET Core), Sun's WSIT framework, Apache's Rampart (part of axis2), and others. In addition, vendors or other groups may deliver products that act as a Security Token Service, or STS. [http://www.microsoft.com/azure/accesscontrol.mspx Microsoft's Access Control Services] is one such service, available online today. PingIdentity Corporation also markets an STS. Microsoft's ADFS also provides implementation of an STS.
Authors
The companies involved in defining WS-Trust were:
- Actional Corporation, BEA Systems, Inc.
- Computer Associates International, Inc.
- International Business Machines Corporation
- Layer 7 Technologies
- Microsoft Corporation
- Oblix Inc.
- OpenNetwork Technologies Inc.
- Ping Identity Corporation
- Reactivity Inc.
- RSA Security Inc.
- VeriSign Inc {{Citation needed|date=January 2012}}
References
External links
- [http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/ws-trust.html WS-Trust specification document, v1.4]
- [http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.html WS-Trust specification document, v1.3]
- [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx OASIS' Web Services Secure Exchange (WS-SX) Technical Committee]
- [http://www.ibm.com/developerworks/library/specification/ws-trust/ IBM's page on Web Services Trust Language]