An active STS is an STS that implements the WS-Trust protocol. In WIF, an active STS is built using WCF-based concepts, and can be either self-hosted or hosted in IIS. WIF provides the WCF Security Token Service template to help you build a simple STS that can be used for evaluation. To build a production STS, you would need to consider the necessary scalability and security considerations per your business needs. Do not use the simple STS as-is in your production environment. For more information, see WCF Security Token Service.

The WIF STS instancing model is per-call. This means that an STS instance is intended only for a single use: that is, you create a new instance of an STS, make the necessary method calls (such as Issue), and then clear that STS instance. If you try to use the same STS instance to call Issue across multiple token requests, rather than creating a new STS instance for each token request, the behavior is undefined.