Overview#

Security Token Service (STS) is a service capable managing security tokens, which enables clients to obtain appropriate access credentials (or Security Tokens) for protected Resources in heterogeneous environments or across security Domains. Security Token Service Token Service Provider which is typically part of a claims-based Identity and Access Management Framework such as a WEB Access Management or Access Control system or a Enterprise Access Manager ProductSecurity Token Service is Responsible Life cycle management of Security Tokens including:

• Issuing Security Tokens
• Validation of Security Tokens
• renewing of Security Tokens
• Token RevocationSecurity Token Service this may typically be thought of as a function within the:
• Authorization Server within OAuth 2.0
• Identity Provider (IDP) within SAML

A Security Token Service (STS) is a service capable managing security tokens, which enables clients to obtain appropriate access credentials (or Security Tokens) for protected Resources in heterogeneous environments or across security Domains.

WS-Trust#

Web Service clients have used WS-Trust WS-Security Tokens as the protocol to interact with an STS for token exchange, however WS-Security Tokens is a fairly heavyweight protocol, which uses XML, SOAP, etc.

Whereas, the trend in modern Web development has been towards lightweight services utilizing RESTful patterns and JSON Web Tokens. The OAuth 2.0 Authorization Framework RFC 6749 and OAuth 2.0 Bearer Tokens RFC 6750 have emerged as popular standards for authorizing and securing access to HTTP and RESTful resources but do not provide everything necessary to facilitate token exchange interactions.!! OAuth 2.0 Token Exchange OAuth 2.0 Token Exchange defines a lightweight protocol extending OAuth 2.0 that enables clients to request and obtain Security Tokens (JWTs) from Authorization Servers as a Security Token Service.

Identity Brokers and WEB Access Management#

Identity Brokers and WEB Access Management products act as a Security Token Service by issuing a "common" though often proprietary Security Token where the Identity Brokers provide a Security Token Service which enables clients to exchange these Tokens for appropriate access credentials (or different Security Tokens) for various Protected Resources

More Information#

There might be more information for this subject on one of the following:

• Authorization Server
• Federation
• Geneva Framework
• Identity Broker
• OAuth 2.0 Token Exchange
• Relying Party
• STS
• Token
• Tokenization Service

---

• [#1] - Security Token Service - based on 2015-05-14