What is the security advantage of STS in web services?

Posted by Neil McF on Stack Overflow See other posts from Stack Overflow or by Neil McF
Published on 2010-05-21T14:21:36Z Indexed on 2010/05/21 18:00 UTC
Read the original article Hit count: 381

Filed under:

security

|

web-services

|

ws-security

Hello,

I've started reading up on security (particularly authentication) with web services and I see a lot of references to security token services.

From what I see, they take a username-password (or something) and, on validation, return a digital token. How is using this token any more secure then just relying on the username-password in the first place?

© Stack Overflow or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about web-services

Testing your Web services using the Data Web Services Test Client

as seen on Internet.com - Search for 'Internet.com'
Paul Zikopoulos introduces you to the Data Web Services Test Client that's available in IBM Data Studio Version 1.2 or later >>> More
Webservices error for dev.virtualearth.net/webservices/geocode

as seen on Stack Overflow - Search for 'Stack Overflow'
I am getting the following stacktrace and have no idea what I am looking at and how to debug and fix it: Here is the error: Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your… >>> More
Setting up Metro 2.0 with Jetty 7

as seen on Stack Overflow - Search for 'Stack Overflow'
This question relates to a previous question of mine. I am attempting to set-up a low overhead Web Container using Jetty 7 that I can deploy Web Services using Metro 2.0. I have installed the following Metro 2.0 libs into jetty/lib: webservices-extra-api.jar webservices-extra.jar webservices-rt… >>> More
Interview questions about ASP.NET Web services.

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I have seen there are lots of myth’s about asp.net web services in fresher level asp.net developers. So I decided to write a blog post about asp.net web services interview questions. Because I think this is the best way to reach fresher asp.net developers. Followings are few questions about asp.net… >>> More
Service-Oriented Architecture and Web Services

as seen on DotNetBlocks - Search for 'DotNetBlocks'
Service oriented architecture is an architectural model for developing distributed systems across a network or the Internet. The main goal of this model is to create a collection of sub-systems to function as one unified system. This approach allows applications to work within the context of a client… >>> More