- Title
- Security Token Services Profile
- Description
- The Security Token Services Profile supports the exchange of SAML 2.0 assertions to support federated Identity and Access Management.
Taxonomy
Standards
Guidance
How the SAML 2.0 Token has been retrieved from the local STS to be used at the federated STS is not a federation issue.
The operations that are specified here are the minimal operations that SHALL be implemented by the STS in order to support the exchange of SAML Security Tokens between federation partners. Other operations that are defined by the relevant specification MAY be implemented by the STS in accordance with those specifications.
- Issue
Based on the credential provided/proven in the request, a new token is issued, possibly with new proof information.
Providers and Consumers SHALL use the following WS-Addressing actions to enable specific processing context to be conveyed to the recipient
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
Providers and Consumers SHALL use the following URI as a wst RequestType element
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
- Renew
A previously issued token with expiration is presented (and possibly proven) and the same token is returned with new expiration semantics.
Providers and Consumers SHALL use the following WS-Addressing actions to enable specific processing context to be conveyed to the recipient
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
Providers and Consumers SHALL use the following URI as a wst RequestType element
-http //docs.oasis-open.org/ws-sx/ws-trust/200512/Renew