This chapter so far has discussed how tokens are provided, validated, and cancelled in the STS. These operations are (at least in theory) relatively independent of WS-Trust. For example, they could be used as an API to provide/validate/process, etc. tokens. In this section we'll be exploring the larger picture of how this internal token handling functionality works in the context of a client invocation. In this section we will cover some common functionality that is used by all of the WS-Trust operations in the STS implementation.