axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh attanayake <>
Subject Re: establishing trust between two or more standalone STS
Date Mon, 08 Aug 2011 07:36:23 GMT
Hi Maicon,

Federated STSs and Attribute Services are defined in the WS- Federation
Specification but currently Apache Rampart has not implemented the
Federation specification. We group of students from University of Moratuwa
are implementing this specification for Apache Rampart as a part of our
final year project and we are willing to make it available in the rampart
public svn.


On Sat, Aug 6, 2011 at 1:53 AM, Maicon Stihler <> wrote:

> Hi,
> I want to use apache rampart to establish a federated environment, but I'm
> having trouble to find details on how to operate the STS on a standalone
> setup.
> In this scenario, I would create as many STS as there are security domains,
> and establish trust relationships between them all. Thus the users from each
> security domain could obtain security tokens to access services on different
> security domains.
> Reading the documentation on the Rampart web site, it is not very clear how
> the STS is operated (e.g. how do I create a custom STS that runs separated
> from the relying party? or how do I tell the STS who should be trusted when
> validating tokens from other STSs?)
> From the samples, it seems that the STS is embedded on rampart itself, but
> I want to create an STS that acts as an attribute authority (i.e. it would
> retrieve attributes about subjects on a custom db like LDPA, PgSQL, etc).
> I apologise for such a basic question. I've been reading about
> WS-Federation (more precisely, the active requestor profile), but I couldn't
> find any implementation for it, so I thought about of emulating part of it
> (not the metadata about the federation, autoconfiguration based on policies,
> etc) using apache rampart. I thank you in advance for any tips or directions
> to other resources on this subject.
> Best regards,
> Maicon Stihler
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.**<>
> For additional commands, e-mail:

Suresh Attanayake

Blog :
LinkedIn :
Twitter :

View raw message