The two examples we have seen, Kerberos and SAML, perform
that operation in very different ways. WS-Trust generalizes the
token-issuance operation to WS-Security tokens. In other words,
WS-Trust extends WS-Security with methods for issuing, renewing,
and validating security tokens in a platform-agnostic manner.
The advantage is evident. Whereas WS-Security assumes
that you managed to create your token outside of your web
service architecture, using some unspeci?¬?ed security technology,
WS-Trust allows you to also model, in technology-agnostic
fashion, the operations necessary to obtain tokens. Thanks to
WS-Trust, web services??“based systems can now enjoy the ?¬‚exibility
of issued token??“based technologies with the added bonus
of not being tied to any speci?¬?c stack.
How does that all work? With its 75 pages of dense security
considerations, the WS-Trust 1.3 OASIS Standard speci?¬?cation is
a fairly complex document. A comprehensive description of the
standard is beyond the scope of this book. However, it is of
paramount importance to understand very well the main scenario
and the associated terminology because it is the cornerstone
of today??™s Identity Metasystem implementation.
Pages:
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258