Web Services Trust standard

Web Services Trust (WS-Trust) is a proposed Organization for the Advancement of Structured Information Standards (OASIS) standard that enables security token inter-operability by defining a request/response protocol. This protocol allows SOAP actors, such as a Web services client, to request of some trusted authority that a particular security token be exchanged for another. The trust service, which is provided with WebSphere Application Service, uses the secure messaging mechanisms of WS-Trust to define additional extensions for the issuance, exchange, and validation of security tokens.

WS-Trust defines a request and response protocol for security token exchange. A client sends a RequestSecurityToken (RST) to a security token service. The request includes the security token that the client is asking to be exchanged. The security token service responds back with a RequestSecurityTokenResponse (RSTR) that contains the new token.

In addition to the token exchange, the WS-Trust request/response protocol is general enough to support token issuance, where the client presents a claim to the trust service for the service to authorize through the issuance of a corresponding security token. Token validation is where the client presents a token to the trust service and asks that its validity be determined.

Also, WS-Trust enables the issuance and dissemination of credentials within different trust domains. To secure a communication between two parties, the two parties must exchange security credentials (either directly or indirectly). Each party must first determine if they can trust the asserted credentials of the other party.

Version 1.0 of the OASIS WS-Trust specification defines extensions to Web Services Security (WS-Security) for issuing and exchanging security tokens and for providing ways to establish and access the presence of trust relationships. Using these extensions, applications can engage in secure communication, and these extensions are designed to work with the general Web Services framework. The general Web Services framework includes the WSDL service descriptions, UDDI businessServices and bindingTemplates, and SOAP messages.

WebSphere Application Server supports the OASIS Version 1.1 submission draft, which became available in February 2005. However, WebSphere Application Server is not providing a full security token service that implements all the contents of the WS-Trust draft specification.

The WebSphere Application Server support of WS-Trust focuses on establishing a security context token for Web Services Secure Conversation (WS-SecureConversation). The WS-Trust support focuses on the four operations for the security context token: issue, renew, validate, and cancel. The major component for WS-Trust that WebSphere Application Server supports is the security token service, which is referred to as the trust service.

For information about WS-Trust:



Related concepts
Web Services Secure Conversation
Trust service
Related information
Web Services Trust Language
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cwbs_wstruststd
File name: cwbs_wstruststd.html