        |
Internet Single Sign-On was the first frontier for Internet Identity Security—sharing user identities via a portable, secure, Internet-friendly standard solved a complex technical problem while providing substantial business value. As Internet application technologies have evolved, however, another issue has emerged.
Web Services applications allow application functionality to be distributed across the Internet, facilitating the outsourcing of individual application components. For example, an application can literally call on hundreds of Web Services that provide live weather forecasts, stock quotes, etc.
Consider a large online retailer that serves its customers via the Web. The retailer has millions of customers that have registered on the retailer's Website. The retailer decides to outsource its consumer loyalty program to a service provider in order to increase sales, reduce costs, and personalize its users' experiences. The service provider needs to be able to obtain customers' identities from the retailer via Web Services so it can provide the appropriate personalized information.
The lack of a standard method for communicating user identities hindered early Web Services applications from gaining widespread business acceptance. Standards have emerged that enable Web Services to share user identities, but they have been complex and difficult to implement—until now.
PingFederate 6 provides a key component required to Identity-Enable Web Services: a Security Token Service (STS). On the client side, which can be a Web application or rich desktop application, the STS converts whatever security token that is used locally into a standard SAML security token containing the user's identity that are shared with the Web Services provider. On the provider side, the STS validates security tokens and can generate a new local token for consumption by other applications.
PingFederate Identity-Enabled Web Services
