Sep 14, 2009

WIF (aka Geneva) Glossary

Federated claims-based security as implemented in Microsoft Windows Identity Foundation brings a set of terms that are important to understand. Because I did not find a glossary “out there” I put together a list of terms annotated with a definition (copied from other sources like K. Brown or written myself).

[Sorry: partly in German]




a bit of identity information such as name, email address, age, membership in the Sales role, and so on


A security token is a serialized set of claims that is digitally signed by the issuing authority


builds, signs, and issues security tokens according to the interoperable protocols


an application that relies on claims


the .NET Access Control Service features a Resource-STS: that R-STS can be configured for accepting tokens from specific IP-STSs, and perform various claim transformation including emitting authorization claims


Identity provider STS, like Live ID/passport, ADFS, Sun Metro, CA SiteMinder, IBM, Oracle


Issuing authority like Domain Controller, Certificate Authority, Ausweisb├╝ro der Gemeinde/Kanton


Claims transformation rule (input -> output)


“verb├╝nden”, trust, establish base for SSO

Claims transformation

Values of input claims are transferred to output claim values (copied, constants, from claim type to other claim type). Mapping.


Container for rules and token settings (like token renewal, etc.).

Claim type

A URN string describing the meaning of a claim. There are standard claim types; you can add your own.

Action claim

Claim representing an ACS right (e.g. servicebus send/listen/etc.)


Modul/Handler used by an RP to implement special authorization. Also possible to do other claims transformation/mapping.


Azure .NET Services component for Identity und Access Control

Service Bus

Transparent, routed WCF web service through the cloud, providing quality of services.


No comments:

Post a Comment