An end-user authenticates to the Web Service Client. the inbound token can be username with password, X.509, or Kerberos. The Web Services Client requests a token required to access the Web Service Provider. OpenSSO STS verifies the user credentials and issues a SAML security token. The SAML security token provides proof that the user has authenticated. The Web Service Client presents the SAML security token to the Web Service Provider. The Web Service Provider verifies that the token was issued by a trusted security token service and contains proof that the user has authenticated. The end-user is granted access to the Web Service.