WS-Trust in WSIT 1.0
By Jiandong Guo on Sep 17, 2007
WSIT 1.0 is released today in line of the release of Glassfish V2. WS-Trust is supported in WSIT 1.0 as a major security feature.
Here is a summary of the WS-Trust support in WSIT:
1. Support for token issuance protocol
2. Support for Security Token Service (STS) Framework for building STS as a
independent Web service.
3. Client and Service Authentication and Security with issued tokens from STS
within the general framework of WS-Security and WS-SecurityPolicy.
More about STS support:
1. Provide a general framework for building STS as an Web service for issuing
2. Authentication and secure communication between client and STS handled in the
same way as for a regular Web service.
3. Support for issuing SAML1.0, SAML 1.1 and SAML2.0 tokens by default.
4. Support for issuing symmetric key and public key (partially)
5. Extensible to support for issuing other types of tokens
6. Allows for plugging-in authorization mechanisms for controlling the issuing of
the tokens according to the user's identity and the targeted service.
7. Allows for plugging-in user mappings for controlling the user
identity/attributes carried in the SAML token issued by STS for different services.