A security token service returns a <RequestSecurityTokenResponse> in response to a <RequestSecurityToken> or <RequestSecurityTokenResponse> message. The response, which is represented by the RequestSecurityTokenResponse class, contains properties representing the RequestedSecurityToken class and the RequestedProofToken classes. The RequestedSecurityToken property contains the requested security token and within it an encrypted key, which is usually a symmetric session key. This encrypted key is encrypted with a key only the target Web service knows and thus is used by the SOAP message sender to sign and/or encrypt SOAP messages sent to the target Web service. Likewise, the RequestedProofToken property contains the same key; however, it is encrypted using a key that only the sender of the request has. The SOAP message sender can use this key to decrypt or verify SOAP messages encrypted or signed by the target Web service.
The RequestSecurityTokenResponse class maps to the <RequestSecurityTokenResponse> element.