WS-Trust

WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including:

• the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-Security specification.
• the formats of the messages used to request security tokens and the responses to those messages.
• mechanisms for key exchange

WS-Trust is then implemented within Web services libraries, provided by vendors or by open source collaborative efforts.[2] Web services frameworks that implement the WS-Trust protocols for token request include: Microsoft's Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF - as of .NET 4.5, WIF is integrated into .NET Core), Sun's WSIT framework, Apache's Rampart (part of axis2), and others. In addition, vendors or other groups may deliver products that act as a Security Token Service, or STS. Microsoft's Access Control Services is one such service, available online today. PingIdentity Corporation also markets an STS. Microsoft's ADFS also provides implementation of an STS.[3]

The companies involved in defining WS-Trust were:

• Actional Corporation, BEA Systems, Inc.
• Computer Associates International, Inc.
• International Business Machines Corporation
• Layer 7 Technologies
• Microsoft Corporation
• Oblix Inc.
• OpenNetwork Technologies Inc.
• Ping Identity Corporation
• Reactivity Inc.
• RSA Security Inc.
• VeriSign Inc

• WS-Trust specification document, v1.4
• WS-Trust specification document, v1.3
• OASIS' Web Services Secure Exchange (WS-SX) Technical Committee
• IBM's page on Web Services Trust Language

• WS-Security
• WS-* Web Service Specifications
• Web Services
• OASIS (organization)
• Security Tokens
• Security Token Service (STS)
• Identity management