HOME

TheInfoList



Click Here for Items Related To - Security Token Service
OR:
Security Token Service on:   [Wikipedia]   [Google]   [Amazon]

Security token service (STS) is a cross-platform
open standard An open standard is a standard that is openly accessible and usable by anyone. It is also a prerequisite to use open license, non-discrimination and extensibility. Typically, anybody can participate in the development. There is no single definitio ...
core component of the
OASIS In ecology, an oasis (; ) is a fertile area of a desert or semi-desert environmentWS-Trust web services single sign-on infrastructure framework specification.. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
s. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as
OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provid ...
, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM,
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
,
Nortel Nortel Networks Corporation (Nortel), formerly Northern Telecom Limited, was a Canadian Multinational corporation, multinational telecommunications and data networking equipment manufacturer headquartered in Ottawa, Ontario, Canada. It was foun ...
and
VeriSign Verisign Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and gene ...
. In a typical usage scenario involving a web service that employs WS-Trust, when a client requests access to an application, the application does not authenticate the client directly (for instance, by validating the client's login credentials against an internal database). Instead, the application redirects the client to a security token service, which in turn authenticates the client and grants it a security token. The token consists of a set of
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. ...
data records that include multiple elements regarding the identity and group membership of the client, as well as information regarding the lifetime of the token and the issuer of the token. The token is protected from manipulation with strong cryptography. The client then presents the token to an application to gain access to the resources provided by the application. This process is illustrated in the
Security Assertion Markup Language Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based m ...
(SAML) use case, demonstrating how single sign-on can be used to access web services. Software that provides security token services is available from numerous vendors, including the open-source Apache CXF, as well as closed-source solutions from
Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The wor ...
(for interfacing with authentication services backed by an
Oracle Database Oracle Database (commonly referred to as Oracle DBMS, Oracle Autonomous Database, or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation. It is a database commonly used for running online ...
) and Microsoft (where STS is a core component of Windows Identity Foundation and
Active Directory Federation Services Active Directory Federation Services (AD FS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. ...
). While security token services are themselves typically offered as web services used in conjunction with other web services,
software development kit A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific ...
s (SDKs) for native applications (such as cloud-storage clients) also exist.


See also

* Access Control Service * Relying party * Identity provider


References

{{Authentication APIs Cloud standards Password authentication Federated identity Identity management initiative Computer access control protocols