Web service security mechanisms are defined by OASIS standards.
See OASIS Standard
for WS-Security Specification
For information about the token profile standards, see:
SAML pass-through support is provided,
which enables interoperability with WS-Security SAML profiles, without
performing subject confirmation processing. This means that it does
not provide validation of the trust relationship between the SAML
subject and message content signatures. For information about the
SAML token profile standards, see:
LTPA pass-through support is also provided,
which enables LTPA binary tokens to be passed to an external security
token server (STS) for processing.
For more information about using the token profiles, see the following
topics: