Anil, I've done some basic research regarding CXF. First of all, let me clarify there's currently nothing implemented in Native stack regarding ws-trust, so the only way I see users using ws-trust is they call the STS you're implementing as they would do with any other service endpoint. Then they manually create the messages for the service provider, etc. I think that's basically the Option A you wrote before, isn't it? We'll offer WS-Trust functionalities with JBossWS-CXF instead. I've just committed some testcases adapted from the Apache CXF sources that basically call the WS-Trust 1.0 test STS and endpoint of the WCF interoperability plugfest (http://fisheye.jboss.org/changelog/JBossWS/?cs=9974). A brief chat with Daniel Kulp (the CXF prj lead) confirmed that currently CXF has implementation for WS-Trust client side only, so no token validation at server side, etc. On client side, CXF currently have means of easily configuring the STS client: http://cwiki.apache.org/CXF20DOC/ws-trust.html: that works fine in JBossWS-CXF and would work with any STS implementation I think. We might want some kind of better integration tough. So, to sum up, the whole server side is still missing, so there's currently no interception point for that. I'll take a look at the identity stuff to understand what we could do better on client side for now. Please tell me if I'm missing something in the whole picture (which might be) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4228710#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...