Overview#Security Token Service or STS is a Token Service Provider which is responsible for issuing security tokens, as part of a claims-based identity system.
A Security Token Service (STS) is a service capable of validating and issuing security tokens, which enables clients to obtain appropriate access credentials for resources in heterogeneous environments or across security Domains.
Whereas, the trend in modern Web development has been towards lightweight services utilizing RESTful patterns and JSON. The OAuth 2.0 Authorization Framework RFC 6749 and OAuth 2.0 Bearer Tokens RFC 6750 have emerged as popular standards for authorizing and securing access to HTTP and RESTful resources but do not provide everything necessary to facilitate token exchange interactions. OAuth 2.0 Token Exchange defines a lightweight protocol extending OAuth 2.0 that enables clients to request and obtain security tokens from authorization servers acting in the role of an STS.
More Information#There might be more information for this subject on one of the following:
- Authorization Server
- Geneva Framework
- OAuth 2.0 Token Exchange
- Relying Party
- Tokenization Service