Identity federation is enabled by requesting temporary security credentials from the AWS Security Token Service (STS). These credentials can be used to log into the AWS Management Console or to make AWS API requests. Temporary security credentials consist of a short-lived access key ID, a secret access key, and a session token. As with any AWS API request, federated users can sign the requests using the access key ID and secret access key; however, federated users must also pass the session token. There is no limit on the number of temporary security credentials that can be issued. Customers have the choice of using the open standard SAML 2.0 (Security Assertion Markup Language) or directly calling the AWS STS APIs.