ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Smorul <>
Subject Re: authentication, SAML
Date Tue, 26 Jul 2005 01:00:51 GMT

Has there been any progress on SecureConversation in wss4j? The last 
postings regarding it seemed to indicate some refactoring was going on and 
the current version was not stable.


On Mon, 25 Jul 2005, Anne Thomas Manes wrote:

> As defined by WS-Trust, a security token service (STS) is a web
> service that issues, renews, and validates security tokens. The client
> presents a set of claims, and if the claims provide sufficient proof,
> the STS returns the requested token. The client can then use the token
> to supply authentication information on subsequent SOAP requests. Each
> SOAP request must be re-authenticated, though, unless the client and
> server establish and maintain some type of extended security session.
> WS-SecureConversation defines a binding of WS-Trust for creating this
> type of extended security session. WS-SecureConversation defines a new
> token type called a security context token. When using
> WS-SecureConversation, the client and server need to authenticate each
> other only once at the start of the conversation.
> Anne
> On 7/22/05, Milton Fidel vega <> wrote:
>> Is correct, that the same system are the identiy provider and the
>> service provider supplier? (if there is not a identity provider )
>> this is correct?
>> It's a Web Service exclusively for authentication, this emit the signed
>> assertion via web service response after the client has autenthicated
>> for te web service logic, so that in following calls to the Web services
>> business, the messages soap of the client include the assertion in the
>> soap headers and it are not authenticated again.
>> Thanks

View raw message