Therefore, we defer consideration about
it until after the discussion on WS-*. All the other components
?¬?nd perfect ?¬?ts in the entities and capabilities provided by the
WS-* speci?¬?cations.
AWay to Represent Identities Using Claims
The obvious candidate for representing an identity in data exchanges
is the WS-Security token. A token is self-contained and
claim-based by design, so it owns the necessary expressive
power for describing a digital identity as we de?¬?ned it. The de?¬?-
nition of token in WS-Security and the token-pro?¬?les mechanism
avoids dependencies from existing and future
authentication technologies, maintaining the potential to embrace
them all. Finally, a token issued by an STS can be tracked
with cryptographic certainty to its source. That makes the RSTRSTR
transaction described in the section ???WS-Trust??? the perfect
implementation of the process, followed by the S for acquiring
an identity from the IP.
A Means for Identity Providers, Relying Parties, and Subjects to
Negotiate
Web services architectures try to keep out of band communication
to a minimum, aiming to expose all the information relevant
to invocation via standard means. WSDL and WS-Policy,
with its specializations such as WS-SecurityPolicy, make explicit
to everyone the requirements that must be satis?¬?ed for being
able to use a certain web service.
Pages:
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270