jspωiki
Security Token Service

Overview#

Security Token Service (STS) is a service capable managing security tokens, which enables clients to obtain appropriate access credentials (or Security Tokens) for protected Resources in heterogeneous environments or across security Domains.

Security Token Service Token Service Provider which is typically part of a claims-based Identity and Access Management Framework such as a WEB Access Management or Access Control system or a Enterprise Access Manager Product

Security Token Service is Responsible Life cycle management of Security Tokens including:

Security Token Service this may typically be thought of as a function within the:

A Security Token Service (STS) is a service capable managing security tokens, which enables clients to obtain appropriate access credentials (or Security Tokens) for protected Resources in heterogeneous environments or across security Domains.

WS-Trust#

Web Service clients have used WS-Trust WS-Security Tokens as the protocol to interact with an STS for token exchange, however WS-Security Tokens is a fairly heavyweight protocol, which uses XML, SOAP, etc.

Whereas, the trend in modern Web development has been towards lightweight services utilizing RESTful patterns and JSON Web Tokens. The OAuth 2.0 Authorization Framework RFC 6749 and OAuth 2.0 Bearer Tokens RFC 6750 have emerged as popular standards for authorizing and securing access to HTTP and RESTful resources but do not provide everything necessary to facilitate token exchange interactions.

OAuth 2.0 Token Exchange #

OAuth 2.0 Token Exchange defines a lightweight protocol extending OAuth 2.0 that enables clients to request and obtain Security Tokens (JWTs) from Authorization Servers as a Security Token Service.

Identity Brokers and WEB Access Management#

Identity Brokers and WEB Access Management products act as a Security Token Service by issuing a "common" though often proprietary Security Token where the Identity Brokers provide a Security Token Service which enables clients to exchange these Tokens for appropriate access credentials (or different Security Tokens) for various Protected Resources

More Information#

There might be more information for this subject on one of the following: