open standard
An open standard is a standard that is openly accessible and usable by anyone. It is also a common prerequisite that open standards use an open license that provides for extensibility. Typically, anybody can participate in their development due to ...
core component of the
OASIS
In ecology, an oasis (; : oases ) is a fertile area of a desert or semi-desert environmentWS-Trust web services single sign-on infrastructure framework specification.. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of
IBM
International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...
,
Microsoft
Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
, Nortel and VeriSign.
In a typical usage scenario involving a web service that employs WS-Trust, when a client requests access to an application, the application does not authenticate the client directly (for instance, by validating the client's login credentials against an internal database). Instead, the application redirects the client to a security token service, which in turn authenticates the client and grants it a security token. The token consists of a set of
XML
Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...
data records that include multiple elements regarding the identity and group membership of the client, as well as information regarding the lifetime of the token and the issuer of the token. The token is protected from manipulation with strong cryptography. The client then presents the token to an application to gain access to the resources provided by the application. This process is illustrated in the Security Assertion Markup Language (SAML) use case, demonstrating how single sign-on can be used to access web services.
Software that provides security token services is available from numerous vendors, including the open-source Apache CXF, as well as closed-source solutions from Oracle (for interfacing with authentication services backed by an
Oracle Database
Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a proprietary multi-model database management system produced and marketed by Oracle Corporation.
It is a database commonly used for ru ...