EMI STS Documentation

Functional Description

The Security Token Service (STS) is a partial implementation of the OASIS WS-Trust specification.It is a service that can be used for transforming an existing security token into another security token format. Security token, on the other hand, is defined in the WS-Security specifications as a collection of claims that can be attached into a Web Service message.

The incoming token formats that are supported by EMI STS implementation include username and password that is validated against an LDAP directory, and SAML assertion. From these types of tokens, STS can issue an X.509 certificate or a proxy certificate containing the users' VO attributes.

The picture below describes the interaction between the components of the service. The big yellow box describes the STS: it is accessed with a SOAP client, and it aggregates the required information for the tokens from external parties (online CA and VOMS services):


System Administrator Documentation

Other Documentation

Test and Certification Reports

Topic attachments
I Attachment History Action Size Date Who Comment
PNGpng STS-Architecture-ValeryTschopp.png r1 manage 70.3 K 2013-02-07 - 11:52 HenriMikkonen STS architectural overview (c) Valery Tschopp / SWITCH
PDFpdf sts-design_document-1.0.pdf r1 manage 517.2 K 2013-02-08 - 14:14 HenriMikkonen STS Software Design Document v1.0.0
PDFpdf sts-service_interface_description-1.0.pdf r1 manage 275.0 K 2013-02-11 - 10:35 HenriMikkonen Current documentation in PDF
PDFpdf sts-service_reference_card-1.0.pdf r1 manage 343.2 K 2013-02-11 - 10:35 HenriMikkonen Current documentation in PDF
PDFpdf sts-sys_admin_guide-1.0.pdf r1 manage 564.6 K 2013-02-11 - 10:35 HenriMikkonen Current documentation in PDF
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r8 - 2013-02-26 - HenriMikkonen
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback