WS-Trust 1.3 and WS-SecureConversation 1.3 now standardized
There's a lot happening in the web-services standards world right now. A good example of this is that both WS-Trust 1.3 and WS-SecureConversation 1.3 have now been ratified by OASIS.
WS-Trust provides a simple protocol to allow someone to request a security token containing some set of claims from an Identity Provider (IdP). Because WS-Trust is part of the WS-* suite of protocols, it can be composed with other protocols to, for example, enjoy data integrity (signing) and data privacy (encryption) using WS-Security and WS-SecureConversation.
WS-SecureConversation adds to the capabilities of WS-Security and essentially enables the construction of a secure context that optimizes multiple calls between two parties.
These protocols are both used by Windows CardSpace, along with several other current and emerging technologies that enable dynamic, user-initiated identity federation.
Why is the ratification of these two important protocols a significant event? Well, as Gartner puts it:
"The availability of these new standards means that Web services security has finally reached an acceptable maturity level. The issuance and dissemination of credentials between different trust domains via an STS can now be achieved using a syntax that is familiar to most developers."
It's great to see the rich fabric of the WS-* protocols now reaching a level of maturity and sophistication that enable solutions to previously costly/difficult/impossible problems. Identity federation is just one example that many people don't even know they need, but once they start enjoying its benefits, will wonder how they did without it.
