RSS

All Project Updates

Discussions

Issue Tracker

Releases

Reviews

Source Code

Wiki & Documentation

RSS

View All Comments | Print View | Page Info | Change History (all pages)

Home

What is Claims-Based Identity, and Why Should You Care?

There are many features in a typical secure application, three of the most common being:

Authentication: “Who are you?”
Authorization: “Are you allowed to do this?”
Personalization: “How can I personalize your experience?”

This guide will introduce you to “claims-based” identity, a set of ideas and tools that may make it easier for you to build features like these into your apps in a more flexible way. In this guide, we’ll introduce some concepts that may sound new: claims, federated identity, and much more. But many of the ideas presented here have been floating around for a long time.

The protocols we’ll show in this guide have a similar flavor to Kerberos, one of the most broadly accepted authentication protocols in use today (used in Active Directory for example). WS-Federation, SAML, and other federated identity protocols have been incubating for this entire decade. This is really not so new after all, but it does require a new way of thinking as we move toward a better architecture for identity in applications.

Claims based identity is specially compelling for applications that are deployed to the cloud. This Guide will cover such scenarios.

Claims-based identity isn’t new. It’s been being designed and implemented for almost a decade.

Why do we need a guide now?

Only within the last year have tools been released to make claims-based identity generally available to applications on the Windows platform. With the Windows Identity Framework (WIF), Active Directory Federation Services v2 (ADFS), the identity landscape has opened up quite a bit, and our goal in this guide is to show how you can benefit by understanding these concepts and using these tools.

How is the Guide Organized?

The Guide will contain a few introductory chapters that will cover the basics of Claims based Identity, common terminology, protocols and technologies. This is the "theory" part of the book and we hope it will be useful for those new to the subject. Claims based identity is surprisingly simple and yet very powerful. Then, there will be a number of chapters with "case studies". These are very specific, commonly occurring scenarios where we surface goals, challenges and solutions in concrete contexts. As examples of the kind of scenarios we are considering, take a look at these three blog posts:

WebSSO
Federation
Software as a Service - Part I
Software as a Service - Part II

Check the downloads section for early chapters and samples!

Downloads

Blogs

Dominick Baier:

www.leastprivilege.com News Feed

IDFX to Zermatt to Geneva … to … WIF RTM!

Wednesday, November 18, 2009 | From www.leastprivilege.com

StarterRP v0.95 (for WIF RC)

Wednesday, November 11, 2009 | From www.leastprivilege.com

StarterSTS v0.95 (for WIF RC)

Tuesday, November 10, 2009 | From www.leastprivilege.com

Thinktecture.IdentityModel updated for WIF RC

Sunday, November 08, 2009 | From www.leastprivilege.com

Using Silverlight to Access WIF secured WCF Services

Wednesday, October 28, 2009 | From www.leastprivilege.com

www.leastprivilege.com News Feed

Vittorio Bertocci

Vibro.NET News Feed

[funny] Stolen Identity Video

Thursday, November 19, 2009 | From Vibro.NET

More WIF RTM Extravaganza: Sharepoint 2010 & Claims-Based Identity on the Id Element

Wednesday, November 18, 2009 | From Vibro.NET

Stuart Kwan & yours truly broadcasted LIVE on Channel9 – TOMORROW!

Wednesday, November 18, 2009 | From Vibro.NET

Enjoyed TailSpin demo in today’s PDC09 keynote? Get it now!

Tuesday, November 17, 2009 | From Vibro.NET

Announcing the Identity Developer Training Course on Channel9

Tuesday, November 17, 2009 | From Vibro.NET

Vibro.NET News Feed

Keith Brown:

Security Briefs News Feed

Did FxCop tell you to use System.Uri?

Saturday, October 10, 2009 | From Security Briefs

Beware Uri.ToString

Saturday, October 10, 2009 | From Security Briefs

What goes into claims

Wednesday, October 07, 2009 | From Security Briefs

Using LET in LINQ with extension method syntax

Wednesday, October 07, 2009 | From Security Briefs

Claims based authn and authz guide – live draft

Tuesday, October 06, 2009 | From Security Briefs

Security Briefs News Feed

Eugenio Pace:

Eugenio Pace : Claims News Feed

WIF is RTM

Tuesday, November 17, 2009 | From Eugenio Pace : Claims

Claims based Identity Guide – New release and PDC goodness

Saturday, November 14, 2009 | From Eugenio Pace : Claims

Claims based Identity & Access Control Guide – Updated drafts & samples available

Tuesday, October 20, 2009 | From Eugenio Pace : Claims

RIA Services and Windows Identity Foundation – Claims enabling a RIA application

Friday, October 09, 2009 | From Eugenio Pace : Claims

RIA Services and Windows Identity Foundation – Claims enabling a RIA application

Friday, October 09, 2009 | From Eugenio Pace : Claims

Eugenio Pace : Claims News Feed

Erwin van der Valk

Erwin van der Valk's blog: Practicing patterns News Feed

how to work with animations in Silverlight in the mvvm pattern

Monday, October 12, 2009 | From Erwin van der Valk's blog: Practicing patterns

Announcing the guide for claims based identity and access control

Saturday, October 03, 2009 | From Erwin van der Valk's blog: Practicing patterns

Announcing the guide for claims based identity and access control

Friday, October 02, 2009 | From Erwin van der Valk's blog: Practicing patterns

how to apply a viewmodel to new windows

Friday, September 18, 2009 | From Erwin van der Valk's blog: Practicing patterns

how to build an outlook style application – part 1

Friday, September 18, 2009 | From Erwin van der Valk's blog: Practicing patterns

Erwin van der Valk's blog: Practicing patterns News Feed

Matias Woloski

Matias Woloski's Blog News Feed

Claims based Authentication & Authorization: The Guide

Saturday, August 15, 2009 | From Matias Woloski's Blog

Windows 7 Screencast – Taskbar, OverlayImage, ProgressBar, Thumbnails

Tuesday, August 11, 2009 | From Matias Woloski's Blog

Getting a token from ADFS (ex Geneva Server) using WCF

Saturday, July 18, 2009 | From Matias Woloski's Blog

MVP.Renew()

Thursday, July 16, 2009 | From Matias Woloski's Blog

OpenID – WS-Fed Protocol Transition STS

Tuesday, July 14, 2009 | From Matias Woloski's Blog

Matias Woloski's Blog News Feed

Last edited Oct 22 at 3:50 PM by eugeniop, version 18

Want to leave feedback?
Please use Discussions or Reviews instead.

Downloads

Recommended release:

Drop 4 - PDC Release

Tue Nov 17 2009 at 8:00 AM, Beta Beta: This software is probably stable enough for use

120 downloads

More info

Microsoft Public License (Ms-PL)

This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.

1. Definitions

The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law.

A "contribution" is the original software, or any additions or changes to the software.

A "contributor" is any person that distributes its contribution under this license.

"Licensed patents" are a contributor's patent claims that read directly on its contribution.

2. Grant of Rights

(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.

(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

3. Conditions and Limitations

(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or trademarks.

(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.

(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.

(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

Activity

7 30 All days

Page Views	808
Visits	420
Downloads	212

View Detailed Stats

Claims Based Identity & Access Control Guide

What is Claims-Based Identity, and Why Should You Care?

Why do we need a guide now?

How is the Guide Organized?

Check the downloads section for early chapters and samples!

Blogs

Dominick Baier:

Vittorio Bertocci

Keith Brown:

Eugenio Pace:

Erwin van der Valk

Matias Woloski

Downloads

Activity