Web Services Trust Language ( WS-Trust )

Is is ready for using?

Version 1.1 was released in May 2004 as an initial public draft.  It is yet to be approved by either OASIS or the W3C.

Who is working on in?
BEA, CA, IBM, Layer 7, Microsoft , Netegrity, Oblix, OpenNetwork, Ping Identity, Reactivity, RSA, VeriSign, Westbridge

What's it for?
WS-Security defines the basic mechanisms for providing secure messaging. In order to secure a communication between two parties, the two parties must exchange security credentials (either directly or indirectly). However, each party needs to determine if they can "trust" the asserted credentials of the other party. This specification defines extensions to WS-Security that provide a methods for issuing, renewing, and validating security tokens and, ways to establish, assess the presence of, and broker trust relationships.

Can we use it?
The revised Version 1.1 drafts of WS-Trust  are featured prominently in Microsoft's WSE 2.0 announcements. "What's New" says that WSE's support of the WS-Trust and WS-SecureConversation specifications "provides the capability to programmatically request a security token using a SOAP message, and that token can be used for a series of SOAP messages between a SOAP message sender and a target Web service. WSE allows you to build a security token service or configure one that issues security context tokens. When configured to issue security context tokens, a SOAP message sender can use the token to sign and/or encrypt a series of SOAP messages, known as a conversation, between a SOAP message sender and the target Web service."

Where can I find more information?

WS-Trust Specification from IBM