What is WS fed and WS-Trust?

What is WS fed and WS-Trust?

Web Services Federation (WS-Federation or WS-Fed) is part of the larger WS-Security framework and an extension to the functionality of WS-Trust. The features of WS-Federation can be used directly by SOAP applications and web services. WS-Fed is a protocol that can be used to negotiate the issuance of a token.

What is WS-Trust used for?

WS-Trust specifies protocol mechanisms for requesting, issuing, renewing, validating, canceling security tokens independent from the application type. It also defines formats for messages used to request tokens, and responses to those messages.

What is WS-Federation authentication?

WS-Federation is a protocol that allows a user to access resources and services on multiple security domains or networks as long as a trust relationship is established.


WS_Fed authentication works much the same way as SAML authentication does. The details of what it sends are called different things, but the flow of information is similar. WS-Fed uses a different protocol than SAML, and the information that it needs in the response token is different.

Is WS Trust secure?

Web Services Trust Language (WS-Trust) refers to a protocol defined for particularly controlling the issuance, renewal and validation of Web security tokens. The protocol is an extension of Web Services Security and provides a framework for secure communication between various Web applications.

Is WS-Trust secure?

Does WS-Federation use SAML?

WS-Federation carries its credentials in claims, and the most popular claim type is, ironically, a SAML Assertion.

What is the difference between WS-Fed and SAML?

WS-Fed (WS-Federation) is a protocol from WS-* family primarily supported by IBM & Microsoft, while SAML (Security Assertion Markup Language) adopted by Computer Associates, Ping Identity and others for their SSO products.

What is token service?

A token service provider (TSP) is responsible for the issuance and management of payment tokens. Becoming your own TSP reduces costs and increases security as you avoid tokenization fees and remain the sole guardian of your original card numbers.

What is the OASIS standard for web services security?

Web Services Security v1.0 (WS-Security 2004) [OASIS 200401] This OASIS Standard is composed of the following five files: Web Services Transaction v1.1 This specification consists of three documents available as follows:

What is the purpose of the oasis WSS TC?

The purpose of the OASIS WSS TC is to continue work on the Web Services security foundations as described in the WS-Security specification, which was written within the context of the Web Services Security Roadmap as published in April 2002.

What is Oasis?

OASIS was founded in 1993 as SGML Open to promote the use of SGML technologies, and changed its name to OASIS in 1998 to reflect a broader scope and technical mission. The following specifications were developed under the SGML Open technical process.

What is included in the XACML OASIS standard?

The XACML v1.0 OASIS Standard (normative) includes the following: OpenDocument Format for Office Applications (OpenDocument) v1.0 Security Assertion Markup Language (SAML) v2.0 The complete SAML v2.0 OASIS Standard set (PDF format) and schema files are available in this zip file. The approved specification set consists of: