New to WS-Trust? Not sure what an STS is?? Read on.
Let's say there is a special service "A" you really really want to talk to - the problem is it accepts only SAML 1.1 tokens, and all you have to offer is a X.509 certificate... so what do you do?
An STS or a "Security Token Service" can save your day. Want to know how?
When you present your X.509 Token to your special Service "A", it will redirect you to a Security Token Service or STS "B" it trusts. Luckily for you, STS "B" verifies and accepts your X.509 Token, and in response, issues a SAML 1.1 Token. In simple words, its verified that you are who you say you are and offers you a token in exchange for the one you presented. (Ofcourse STS "B" has to know what to offer you in exchange).
Now you can use the SAML1.1 token to talk to the service.
In other words, STS is a service that is trusted by both the client and the Web service and provides interoperable security tokens.
STS to the rescue!
Check out Glassfish for the latest WS-Trust implementation!