PingFederate Web Services 2.6 Released - Download Now

New Security Token Service (STS) Adds Support for OASIS WS-Trust 1.3 and SiteMinder SMSESSION Tokens

Ping Identity® today announced PingFederate® Web Services 2.6 is available for immediate download from its Web site, www.pingidentity.com. Now packaged as an optional add-on module for PingFederate, Ping Identity’s industry-leading standalone federated identity software, PingFederate Web Services 2.6 adds support for the OASIS WS-Trust 1.3 standard, as well as the ability to create and validate CA SiteMinder SMSESSION tokens.
 
PingFederate Web Services, previously called PingTrust, is an optional PingFederate module designed for organizations wanting to extend their browser-based Internet Single Sign-On architecture to incorporate Web services and Service-Oriented Architectures (SOAs). It acts as a WS-Trust Security Token Service (STS), creating and validating security tokens that get bound into SOAP messages to carry user identity information in a standards-based manner.

PingFederate Web Services 2.6 adds support for OASIS WS-Trust version 1.3, the first version of WS-Trust to be published as an official industry standard by OASIS. In addition, it adds the ability to create and validate SMSESSION tokens. With this new capability, SiteMinder-enabled enterprises can create Web service clients and providers that use WS-Trust to issue or validate proprietary SMSESSION tokens, as well as exchange SMSESSION tokens for other token types such as SAML assertions.

Applications depend on user-level identity to protect critical resources, generate audit trails for regulatory compliance and support user-based billing. Before the advent of WS-Trust and Web Services Security (WSS), organizations had to implement proprietary application-level extensions to make the identity of the specific user requesting the execution of a particular Web service available to a Web service provider. Unfortunately, these extensions introduced questionable security. Furthermore, they are impractical in B2B use cases where Web service clients and providers are developed, maintained and operated by different organizations.

“The STS vision was based on the notion that there would be a complete end-to-end, standards-based mechanism for identity-enabled Web services,” said Patrick Harding, CTO of Ping Identity. “Now that WS-Trust is an OASIS standard, our customers can leverage the interoperability inherent in Web services that is not available in proprietary methods.”