RSS

All Project Updates

Discussions

Issue Tracker

Releases

Reviews

Source Code

Wiki & Documentation

RSS

View All Comments | Print View | Page Info | Change History (all pages)

Home

What is Claims-Based Identity, and Why Should You Care?

There are many features in a typical secure application, three of the most common being:

Authentication: “Who are you?”
Authorization: “Are you allowed to do this?”
Personalization: “How can I personalize your experience?”

This guide will introduce you to “claims-based” identity, a set of ideas and tools that may make it easier for you to build features like these into your apps in a more flexible way. In this guide, we’ll introduce some concepts that may sound new: claims, federated identity, and much more. But many of the ideas presented here have been floating around for a long time.

The protocols we’ll show in this guide have a similar flavor to Kerberos, one of the most broadly accepted authentication protocols in use today (used in Active Directory for example). WS-Federation, SAML, and other federated identity protocols have been incubating for this entire decade. This is really not so new after all, but it does require a new way of thinking as we move toward a better architecture for identity in applications.

Claims based identity is specially compelling for applications that are deployed to the cloud. This Guide covers such scenarios.

Claims-based identity isn’t new. It’s been being designed and implemented for almost a decade.

Just Released! - Book content on MSDN.

Why do we need a guide now?

Only within the last year have tools been released to make claims-based identity generally available to applications on the Windows platform. With the Windows Identity Framework (WIF), Active Directory Federation Services v2 (ADFS), the identity landscape has opened up quite a bit, and our goal in this guide is to show how you can benefit by understanding these concepts and using these tools.

How is the Guide Organized?

The Guide will contain a few introductory chapters that will cover the basics of Claims based Identity, common terminology, protocols and technologies. This is the "theory" part of the book and we hope it will be useful for those new to the subject. Claims based identity is surprisingly simple and yet very powerful. Then, there will be a number of chapters with "case studies". These are very specific, commonly occurring scenarios where we surface goals, challenges and solutions in concrete contexts. As examples of the kind of scenarios we are considering, take a look at these three blog posts:

WebSSO
Federation
Software as a Service - Part I
Software as a Service - Part II

Check the downloads section for early chapters and samples!

Downloads

Blogs

Dominick Baier:

www.leastprivilege.com News Feed

Integrating Simple Web Tokens (SWT) with WCF REST Services using WIF

Monday, February 08, 2010 | From www.leastprivilege.com

Using SAML as a Client Credential Type in WCF (updated to WIF RTM)

Friday, February 05, 2010 | From www.leastprivilege.com

StarterSTS V1.0 Beta 1

Wednesday, February 03, 2010 | From www.leastprivilege.com

Testing Security Code with Moles

Monday, February 01, 2010 | From www.leastprivilege.com

A Guide to Claims-Based Identity and Access Control

Monday, February 01, 2010 | From www.leastprivilege.com

www.leastprivilege.com News Feed

Vittorio Bertocci

Vibro.NET News Feed

ADFS 2.0 RC is Here!

Friday, December 18, 2009 | From Vibro.NET

Deep linking your way out of home ream discovery

Thursday, December 03, 2009 | From Vibro.NET

Good Claims, Bad Claims 1: an Example

Tuesday, December 01, 2009 | From Vibro.NET

Windows Identity Foundation Overview Session recording: drawing-on-slides presentation technique

Tuesday, November 24, 2009 | From Vibro.NET

Update on Windows Azure + Windows Identity Foundation

Tuesday, November 24, 2009 | From Vibro.NET

Vibro.NET News Feed

Keith Brown:

Security Briefs News Feed

Did FxCop tell you to use System.Uri?

Saturday, October 10, 2009 | From Security Briefs

Beware Uri.ToString

Saturday, October 10, 2009 | From Security Briefs

What goes into claims

Wednesday, October 07, 2009 | From Security Briefs

Using LET in LINQ with extension method syntax

Wednesday, October 07, 2009 | From Security Briefs

Claims based authn and authz guide – live draft

Tuesday, October 06, 2009 | From Security Briefs

Security Briefs News Feed

Eugenio Pace:

Eugenio Pace : Claims News Feed

Just Released – Claims-Identity Guide online

Friday, January 29, 2010 | From Eugenio Pace : Claims

ADFS / WIF on Amazon EC2

Wednesday, January 13, 2010 | From Eugenio Pace : Claims

Updated code samples & chapters for Claims Identity Guide – Release Candidate

Monday, December 21, 2009 | From Eugenio Pace : Claims

RIA Services and WIF – Part II

Wednesday, November 25, 2009 | From Eugenio Pace : Claims

Updated RIA and WIF samples – Part I

Sunday, November 22, 2009 | From Eugenio Pace : Claims

Eugenio Pace : Claims News Feed

Erwin van der Valk

Erwin van der Valk's blog: Practicing patterns News Feed

Goodbye…

Monday, December 28, 2009 | From Erwin van der Valk's blog: Practicing patterns

how to work with animations in Silverlight in the mvvm pattern

Monday, October 12, 2009 | From Erwin van der Valk's blog: Practicing patterns

Announcing the guide for claims based identity and access control

Saturday, October 03, 2009 | From Erwin van der Valk's blog: Practicing patterns

Announcing the guide for claims based identity and access control

Friday, October 02, 2009 | From Erwin van der Valk's blog: Practicing patterns

how to apply a viewmodel to new windows

Friday, September 18, 2009 | From Erwin van der Valk's blog: Practicing patterns

Erwin van der Valk's blog: Practicing patterns News Feed

Matias Woloski

Matias Woloski's Blog News Feed

PDC09 and the last 3 months…

Wednesday, December 09, 2009 | From Matias Woloski's Blog

Claims based Authentication & Authorization: The Guide

Saturday, August 15, 2009 | From Matias Woloski's Blog

Windows 7 Screencast – Taskbar, OverlayImage, ProgressBar, Thumbnails

Tuesday, August 11, 2009 | From Matias Woloski's Blog

Getting a token from ADFS (ex Geneva Server) using WCF

Saturday, July 18, 2009 | From Matias Woloski's Blog

MVP.Renew()

Thursday, July 16, 2009 | From Matias Woloski's Blog

Matias Woloski's Blog News Feed

Last edited Jan 29 at 6:50 PM by eugeniop, version 19

Want to leave feedback?
Please use Discussions or Reviews instead.

Downloads

Recommended release:

Drop 5 - Release Candidate

Sat Dec 19 2009 at 8:00 AM, Stable Stable: This software is believed to be ready for use

1123 downloads

More info

Microsoft Public License (Ms-PL)

This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.

1. Definitions

The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law.

A "contribution" is the original software, or any additions or changes to the software.

A "contributor" is any person that distributes its contribution under this license.

"Licensed patents" are a contributor's patent claims that read directly on its contribution.

2. Grant of Rights

(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.

(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

3. Conditions and Limitations

(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or trademarks.

(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.

(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.

(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

Activity

7 30 All days

Page Views	733
Visits	387
Downloads	157

View Detailed Stats

Claims Based Identity & Access Control Guide

What is Claims-Based Identity, and Why Should You Care?

Just Released! - Book content on MSDN.

Why do we need a guide now?

How is the Guide Organized?

Check the downloads section for early chapters and samples!

Blogs

Dominick Baier:

Vittorio Bertocci

Keith Brown:

Eugenio Pace:

Erwin van der Valk

Matias Woloski

Downloads

Activity