This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes SAML and WS-Trust Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "SAML and WS-Trust" Watch "SAML and WS-Trust" New topic
Author

SAML and WS-Trust

Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Hi all,

Wondering what is the difference between SAML and WS-Trust or how they fit together.

Here is my understanding:
WS-Trust can issue, validate, renew and assess trust relationships. We have an STS which can issue validate or exchange these tokens, a requester and service provider.

SAML also has a service provider and an identity provider. A service requester is enrolled with at least one identity provider that the service provider trusts. The specification states that it resolves the problem with web browser SSO.

They have STS and identity provider, service requestor and provider, standar message syntax for requesting tokens,
But how do they differ and what they address specifically?

The Google SSO Google SSO can be implemented using WS-Trust as following:

1. User gets a token for Google mail from the STS in this case the partner.
2. User sends the request to Google Mail with the token
3. Google mail validates/exchanges it with STS


Thanks
Aryan
[ December 05, 2008: Message edited by: Aryan Khan ]

OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
Dan Drillich
Ranch Hand

Joined: Jul 09, 2001
Posts: 1167
Aryan,

WS-Trust 1.3 Interoperability Profile: SAML 2.0 Token Profile says -

1 Introduction

This profile provides the semantics for the use of a SAML 2.0 security token within messages that comply with the WS-Trust Interoperability Profile.


Based on that it seems to me that SAML can be used by messages, which adhere to the WS-Trust Interoperability Profile.

Regards,
Dan


William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Hi Dan,

Thanks for the reply.

I have been reading about them lately as well.

I concluded that WS-Trust is used to renew , exchange and validate Security tokens which could be SAML assertions as well.

So a WS may send a SAML token to a STS for exchange to some other token format.

Thanks
Aryan
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SAML and WS-Trust
 
Similar Threads
How to avoid re-authentiaction in case of invoking web service from j2me mobile client
Netbeans 6.5 and Web service security
SAML
Those who have taken Beta!
Generating a token request (WS-Trust)-HELP