Securing Web Service using Secure Token Service

A web service is an application that exposes some type of business or infrastructure functionality though a callable interface that is both language-neutral and platform-independent. The Web Services Security is widely available via two major specifications – WS-Security and Liberty ID-WSF Security. WS-Security specification is developed by the OASIS Security Committee and it is developed along with other WS-\* specifications such as WS-Trust, WS-Policy. Web Services Trust Language (WS-Trust) uses the secure messaging mechanisms of WS-Security to define additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials within different trust domains.

WS-Trust defines mechanisms for delegating authentication, authorization and user identity mapping/management to an authority called Security Token Service (STS) for a requestor to access a Web Service.

OpenSSO Enterprise implements security for web services as well as a Security Token Service to issue and validate security tokens to any third party clients.

This presentation gives an overview about Web Service Security and OpenSSO STS architecture.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Federated Identity Management, Security, Service Oriented Architecture

Search

Categories
Archives
« luglio 2014
lunmarmergiovensabdom
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today