This article describes how to secure a Web Service using a central Token Server.
The standards WS-Trust, WS-Policy, WS-SecurityPolicy and Web Services Security, formerly known WS-Security, are used.
A simple scenario with a consumer, a web service and a Security Token Service (in short STS) would serve as an example.
What is WS-Trust?
This specification defines a standard where in a web- service requiring some sets of authentication and message level security can trust a third party web-service( called as Security Token Service-STS) which is going to authenticate the actual request and will issue a token that can be accepted by the web –service.
The web-service should rely and trust the STS so that is can give response to the request authenticated by STS.
The Below Diagram shows the Flow of the Request between the components involved in a simple set-up showing WS-TRUST mechanism:
1: Web-Service Provider (WSP)
2: Web-Service Consumer (WSC)
3: Secure Token Service (STS)