[Cloud Computing]Mechanisms: Secure Token Service

本文介绍安全令牌服务(STS)的工作原理及其在云环境中的应用。STS通过验证消费者身份并颁发包含消费者声明的安全令牌来实现单点登录(SSO)。这些令牌受到数字签名保护,防止被篡改,并可用于Kerberos和SAML等标准。此外,STS还提供了一种标准化的安全令牌,以便依赖方用于访问控制决策。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Secure Token Service

A secure token service (STS) issues security tokens as a result of consumer requests for single sign-on (SSO) tokens. The STS authenticates the consumer and issues a security token that contains consumer claims and is protected from manipulation by a digital signature. Example tokens issued include Kerberos and SAML.

The STS provides:

  • Enforcement of organizational identification and authentication policies and requirements.
  • Production of a standardized security token for relying parties to consume for access control decisions.
  • Interface with authoritative data sources to verify claims and produce accurate security assertions.
  • Security controls to provide a set of countermeasures against security threats.
  • Centralized identification and authentication services to offload redundant security requirements from relying parties. It is extensible to support various security token requirements.

Figure 1 - An example of an STS providing attribute tokens to an authentication gateway service.

Figure 1 assumes that the STS has been provisioned with Organization A’s cloud consumer attributes. Organization A has developed Service A and Service B to use the tokens passed on by the authentication gateway service (AGS), which uses the attributes issued by the STS to make access control decisions. The consumer authenticates to the AGS which requests an attribute token from the STS. The AGS supplies the attribute token to the consumer for presenting their authentication status and attributes to relying party cloud services.

Related Patterns:

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值