Amazon STS as Token Vending Machine: Is User Session Management a valid Usecase?

Question

Recently I read this article:

http://aws.amazon.com/articles/SDKs/Android/4611615499399490

Now my question is...

Can the Amazon STS (Security Token Service) used as a Token Vending Machine to manage user sessions for a clients of a Web Server (As opposed to Clients of AWS Services)?

Assume I have a Web Application. And this Web Application has Registered Users who are Authenticated with Login Credentials. Now I wish to issue a Session Token to these Users who are Authenticated.

1. User -> Web App -> User Login Page
2. User gives Credentials -> Web App -> Issues a Session Token (with expiry policy)
3. User the Session token -> Web App Resources (Non-AWS Resources proxy-ed by the Web App) 

Can I use the Amazons Simple Token Service independently for the above Usecase? Or is Amazon STS only available for access to Amazon Services only?

The reason I wish to use Amazon STS is because they are :

- I don't have to worry about Session Token management
- Proven and Scalable

Please help. I am a little confused about this.

Answer 1

STS will provide temporary credentials (access key, secret key and token) for AWS Services only and should not be used for application authentication (or session management). But you could store those credentials in your session for AWS API access from your app.