An Encapsulating Protocol to Obtain Claims and Requirements
Because we implemented digital identities using security tokens,
it follows pretty naturally that the encapsulating protocol is WSSecurity
itself. WS-Security de?¬?nes how to attach and use security
tokens to messages. Such a de?¬?nition does not change
regardless of the source from which the WS-Security token was
derived, being it SAML, X.509, Kerberos, or any other technology.
WS-Security serves the purpose of the encapsulating protocol
very well.
A Means to Bridge Technology and Organizational Boundaries
Using Claims Transformation
Claims transformation can be easily performed by an STS.
Security tokens are ?¬‚exible enough to provide the technology
and claim types transformations for bridging differences in requirements
such as the ones described in the section ???Claim
Transformers.???
The Dance of Identity??”Implemented by WS-*
Now that we have de?¬?ned a mapping between the Identity
Metasystem and web services elements, we can give concrete
indications about how the sequences presented in the section
???The Dance of Identity??? can be implemented with technologies
available today. We will revisit the two sequences, specifying
how every step is realized with WS-*.
Pages:
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272