An informal description of a Security Token Service is that it is a web service that offers some or all of the following services (among others):
-
It can issue a Security Token of some sort based on presented or configured credentials.
-
It can say whether a given Security Token is valid or not.
-
It can renew (extend the validity of) a given Security Token.
-
It can cancel (remove the validity of) a given Security Token.
-
It can transform a given Security Token into a Security Token of a different sort.
-
A client of the service can ask an STS for a Security Token of that particular type, which is then sent to the service provider.
-
The service provider could choose to validate the received token locally, or dispatch the token to an STS for validation.