A leader in Internet Identity Management technologies needed to develop a standalone application that implements a Security Token Service to extend Identity Management to web services. To facilitate development and accelerate time-to-market the client sought a partner who could seamlessly integrate with its core development team and support standard processes based on the agile approach. The client was looking for a partner who would co-development the solution from step one. Luxoft was chosen for its ability to provide a highly qualified team ready to work as an extension of the client’s product development and testing teams.

The Solution:

Collaborating closely with the client, the Luxoft team helped architect, design and develop the standalone Security Token Server - PingTrust.  The solution creates and validates security tokens that are bound into SOAP messages compatible with the Web Services Security (WSS) standard.  The result brings standards-based, trusted, user identity to Web Services and Service-Oriented Architectures (SOAs).

PingTrust builds on two open security standards that set the stage for true interoperability and a solution that scales.  OASIS Web Services Security 1.0 (formerly WS-Security) enables the embedding of security tokens in SOAP messages, while WS-Trust establishes a mechanism for obtaining and validating tokens from a Security Token Service (STS).  PingTrust supports both .NET and Java applications, and Web-based and rich clients.  PingTrust can operate on the Web Services Client-side, Provider-side, or on both sides of a Web Service transaction.

PingTrust is a lightweight, standalone, modular product that:

• Provides out-of-the-box support for several token types including SAML 1.1 and SAML 2.0, x.509, Kerberos and username/password, and is extensible to support custom tokens
• Provides a Web-based console for 100% GUI configuration
• Moves identity-related security and cryptography code out of applications by consolidating token security token processing into a centralized, shared server
• Aggregates trust management to dramatically simplify administration
• Does not require a heavyweight identity management system