• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

SAML and WS-Trust

 
Ranch Hand
Posts: 290
Oracle Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

Wondering what is the difference between SAML and WS-Trust or how they fit together.

Here is my understanding:
WS-Trust can issue, validate, renew and assess trust relationships. We have an STS which can issue validate or exchange these tokens, a requester and service provider.

SAML also has a service provider and an identity provider. A service requester is enrolled with at least one identity provider that the service provider trusts. The specification states that it resolves the problem with web browser SSO.

They have STS and identity provider, service requestor and provider, standar message syntax for requesting tokens,
But how do they differ and what they address specifically?

The Google SSO Google SSO can be implemented using WS-Trust as following:

1. User gets a token for Google mail from the STS in this case the partner.
2. User sends the request to Google Mail with the token
3. Google mail validates/exchanges it with STS


Thanks
Aryan
[ December 05, 2008: Message edited by: Aryan Khan ]
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Aryan,

WS-Trust 1.3 Interoperability Profile: SAML 2.0 Token Profile says -

1 Introduction

This profile provides the semantics for the use of a SAML 2.0 security token within messages that comply with the WS-Trust Interoperability Profile.



Based on that it seems to me that SAML can be used by messages, which adhere to the WS-Trust Interoperability Profile.

Regards,
Dan
 
Aryan Khan
Ranch Hand
Posts: 290
Oracle Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dan,

Thanks for the reply.

I have been reading about them lately as well.

I concluded that WS-Trust is used to renew , exchange and validate Security tokens which could be SAML assertions as well.

So a WS may send a SAML token to a STS for exchange to some other token format.

Thanks
Aryan
 
Aaaaaand ... we're on the march. Stylin. Get with it tiny ad.
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic