developerWorks

AIX and UNIX
Information Mgmt
Lotus
Rational
Tivoli
WebSphere

Java™ technology
Linux
Open source
SOA and Web services
	New to SOA and Web services
	Downloads & products
	Open source projects
	Standards
	Technical library
	Training
	Forums
	Events
Web development
XML

My developerWorks
About dW
Submit content
Feedback

Related links
	ISV resources
	alphaWorks (emerging technologies)
	IBM Academic Initiative
	IBM Student Portal
	IBM Virtual Innovation Center (Bus. Partners)
	IBM Redbooks
	IBM Press books
	IBM communities

Local sites
	developerWorks 中国
	developerWorks Japan
	developerWorks 한국
	developerWorks Россия
	developerWorks Brasil
	developerWorks en español
	developerWorks Việt Nam

developerWorks > SOA and Web services >

WS-Federation: Passive Requestor Profile

Level: Advanced

Contributors: IBM, BEA Systems, Microsoft, VeriSign, RSA Security

08 Jul 2003

The WS-Federation specification defines an integrated model for federating identity, authentication and authorization across different trust realms and protocols. This specification defines how the WS-Federation model is applied to passive requestors such as Web browsers that support the HTTP protocol.

For the passive mechanisms to work seamlessly with WS-Federation, and provide a single or reduced sign-on, there needs to be a service that will verify that the claimed requestor is really the requestor. Initial verification MUST occur in a secure fashion, for example, using SSL/TLS or HTTP/S.

Get the specification

Description	Date	Access method
WS-Federation: Passive Requestor Profile specification (PDF, 786 KB)	July 2003	HTTP download

If you would like to contribute technical comments on this specification, please do so through our Feedback page.

Resources

Web Services Federation Language defines mechanisms to allow different security realms to federate by allowing and brokering trust of identities, attributes, authentication between participating Web services.
Federation in a Web services world describes the issues around federated identity management and a comprehensive solution based on the Web services model as outlined in the WS-Security roadmap.
Web Services Federation Active Requestor Profile defines mechanisms for requesting, exchanging and issuing security tokens within the context of active requestors.
Read "Security in a Web services World" for a proposed strategy for addressing security within a Web service environment (developerWorks, April 2002).

Back to top

Document options

Document options requiring JavaScript are not displayed

My developerWorks needs you!

Connect to your technical community