4 Replies Latest reply on Nov 11, 2010 11:38 AM by Markus Decke

    PicketLink 2 :: STS API Discussion

    Anil Saldanha Master

      I want to dedicate this thread to discuss the possibilities for a generic API for the STS to cater to the various FIM standards/tech available such as SAML2, WS-T, OpenID and OAuth.


      It is my belief that all token formats can be captured into a select set of representation and can be handled by a generic STS.


      The API needs to:

      1. Issue a token
      2. Validate a token
      3. Renew a token
      4. Cancel a token.




      Let us look at the various technologies/standards that we want to support:


      Token Format


      My initial take is to go with the token format in the API to be byte[].