Following are characteristics of the scenario:
- RESTful web service requires SWT token.
- Credentials validated by the same authority that exposes the RESTful web service.
- RESTful web service is accessed by intermediary and not by the end user.
- Credentials must not be shared with intermediary.
- Use ACS as an OAuth authorization server.
- Use WIF Extensions for OAuth CTP.