WS-Trust

WS-Trust is a WS- * specification that extends the WS-Security specification. The aim of WS-Trust is to convey assured properties for certain subjects for a domain and between different domains (trust domains). In particular, this involves issuing, renewing and validating security tokens as well as ways of conveying, establishing and evaluating secure message exchange.

The WS-Trust specification was developed by a large number of companies and recognized as a standard by OASIS in March 2007 .

overview

WS-Trust includes:

• The concept of a Security Token Service (STS) - a web service that issues security tokens that are compatible with WS-Security .
• The format of the messages that are used to request security tokens and the responses to these requests
• Mechanisms for exchanging keys.

Information flow with a Security Token Service (STS)

A client wants to access a specific service endpoint. In a first step, he asks the endpoint which STS he has to request in order to get a valid token. After the client has received the valid (signed) token from the STS, it can send the request containing the token from the STS to the service endpoint. The client is now authenticated. The service endpoint still has to decide on the authorization and then send an appropriate response.

WS-Trust uses the WS-SecurityPolicy and WS-MetaDataExchange standards and extends the WS-Security and WS-SecureConversation specifications .

Implementations

• Microsoft's Windows Communication Foundation (WCF)
• Oracle's Web Services Interoperability Technology (WSIT)
• SAP NetWeaver Identity Management

WS-Trust developer

The companies involved in the development were Actional Corporation , BEA Systems , Computer Associates International , IBM , Layer 7 Technologies , Microsoft , Oblix , OpenNetwork Technologies , Ping Identity Corporation , Reactivity , RSA Security Inc. and Verisign .

Web links

• WS-Trust specification in version 1.3
• IBM page about WS-Trust ( Memento from June 9, 2012 in the Internet Archive )
• Video explanation on WS-Trust (English)
• Example of how WS-Trust works

Individual evidence

1. ↑ www.oasis-open.org
2. ↑ http://help.sap.com/saphelp_nwidmic_72/helpdata/en/56/74c5a6cf30402390df5abbfded5195/content.htm?frameset=/en/2f/8af286449c4453a8514ba598938581/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc559/frameset.htm¤tbaedacc559/frameset.htm¤tbaedacc559/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc581/frameset.htm¤tbaedacc581/frameset