Sun OpenSSO Enterprise 8.0 Technical Overview

Web Services Security and Security Token Service Interfaces

The main dependencies and interactions of the Security Token Service and security agents in a web services security scenario are with the interfaces of the OpenSSO Enterprise Client SDK. This includes the following:

The Web Services Security framework and the Security Token Service include the following Java packages as part of the Client SDK

For more information, see the Sun OpenSSO Enterprise 8.0 Java API Reference and the Sun OpenSSO Enterprise 8.0 Developer’s Guide.

com.sun.identity.wss.provider

com.sun.identity.wss.provider provides administrative interfaces for configuration of the WSC and WSP with their respective security mechanisms and Security Token Service configuration. They are called by the security agent during run time, and also by applications that would like to secure messages. On the WSC side, they are called to secure the web service request and to validate any response from the WSP. Similarly, there are interfaces for this functionality on the WSP side. When a WSC is configured to communicate with the Security Token Service, security mechanisms and security tokens would be obtained from it. When a WSP is configured to communicate with the Security Token Service, its resource offering would be published at the Security Token Service.


Tip –

A WSC and a WSP can be associated with more than one Security Token Service.


com.sun.identity.wss.security

com.sun.identity.wss.security provides classes that create, manage and represent security tokens and their processing. This SPI can plug in new security token implementations to the Security Token Service.

com.sun.identity.wss.sts

com.sun.identity.wss.sts contains classes for getting security tokens from the Security Token Service end point and converting an end user token from one format to another (for instance, converting to the OpenSSO Enterprise proprietary SSOToken in order to validate it against the Authentication Service and Policy Service). It also contains an SPI to issue different security tokens, attribute provider and authorization provider.