<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}]  ([STS]) is a service capable managing security [tokens], which enables clients to obtain appropriate access [credentials] (or [Security Tokens]) for [protected Resources] in heterogeneous environments or across [security Domains]. [{$pagename}] [Token Service Provider] which is typically part of a [claims]-based [Identity and Access Management] [Framework] such as a [WEB Access Management] or [Access Control] system or a [Enterprise Access Manager Product][{$pagename}] is [Responsible] [Life cycle] management of [Security Tokens] including:
* Issuing [Security Tokens]
* [Validation] of [Security Tokens]
* renewing of [Security Tokens]
* [Token Revocation][{$pagename}] this may typically be thought of as a function within the:
* [Authorization Server] within [OAuth 2.0]
* [Identity Provider (IDP)] within [SAML]
A [{$pagename}] ([STS]) is a service capable managing security [tokens], which enables clients to obtain appropriate access [credentials] (or [Security Tokens]) for [protected Resources] in heterogeneous environments or across [security Domains].  

!! [WS-Trust]
Web Service clients have used [WS-Trust] [WS-Security Tokens] as the [protocol] to interact with an [STS] for [token] exchange, however [WS-Security Tokens] is a fairly heavyweight [protocol], which uses [XML], [SOAP], etc.  

Whereas, the trend in modern Web development has been towards lightweight services utilizing [REST]ful patterns and [JSON Web Tokens].  The [OAuth 2.0] [Authorization] Framework [RFC 6749] and [OAuth 2.0] [Bearer Tokens] [RFC 6750] have emerged as popular standards for authorizing and securing access to [HTTP] and [REST]ful resources but do not provide everything necessary to facilitate token exchange interactions.!! [OAuth 2.0 Token Exchange]  
[OAuth 2.0 Token Exchange] defines a lightweight [protocol] extending [OAuth 2.0] that enables clients to request and obtain [Security Tokens] ([JWTs]) from [Authorization Servers] as a [{$pagename}].

!! [Identity Brokers] and [WEB Access Management]
[Identity Brokers] and [WEB Access Management] products act as a [{$pagename}] by issuing a &quot;common&quot; though often proprietary [Security Token] where the [Identity Brokers] provide a [{$pagename}] which enables [clients] to exchange these [Tokens] for appropriate access [credentials] (or different [Security Tokens]) for various [Protected Resources]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Security Token Service|Wikipedia:Security_token_service|target='_blank'] - based on 2015-05-14
</pre>