In the area of electronic communications, user authentication is performed to identify and authenticate a particular user. An authentication scheme may include the use of a security token service (STS) that brokers the authentication of the user for one or more web services. The STS issues security tokens to a user device that can be used to authenticate the user to one or more web services.
In some instances, a plurality of web services is grouped into a security domain where the web services each accept the token issued by an STS. A user is authenticated by the STS and may communicate, by virtue of a token issued to the user by the STS, with the web services in that domain. If a user requests access to a web service associated with another security domain, another token is required. In web service federation, the STS associated with the first domain issues a second token to the user that allows the user to request a third token from the STS associated with the second domain.