Integration of the OAuth and Web Service family security standards

There are more and more scenarios requiring the transparent integration of heterogeneous security services in order to facilitate application development, simplify deployment and provide a seamless user experience. One of the most common use cases occurs when resources make use of OAuth to provide a simple and flexible way to authorize clients in order to access protected resources. But different OAuth implementations normally use distinct types of authorization grant and access tokens. This heterogeneity can be tackled by leveraging on WS-Trust, which is especially intended to offer integration mechanisms among services that implement WS-* specifications. By integrating these mechanisms it is possible to reduce the complexity supported by the OAuth Authorization Server (AS), so easing the interoperability through the delegation of the issuance and validation processes. This work also proposes a solution to cover the needs of WS-Trust clients which intend to use OAuth resources. (C) 2013 Elsevier B.V. All rights reserved.