Federated claims-based security as implemented in Microsoft Windows Identity Foundation brings a set of terms that are important to understand. Because I did not find a glossary “out there” I put together a list of terms annotated with a definition (copied from other sources like K. Brown or written myself).
[Sorry: partly in German]
Term | Description |
Claim | a bit of identity information such as name, email address, age, membership in the Sales role, and so on |
Token | A security token is a serialized set of claims that is digitally signed by the issuing authority |
STS | builds, signs, and issues security tokens according to the interoperable protocols |
RP | an application that relies on claims |
R-STS | the .NET Access Control Service features a Resource-STS: that R-STS can be configured for accepting tokens from specific IP-STSs, and perform various claim transformation including emitting authorization claims |
IP-STS | Identity provider STS, like Live ID/passport, ADFS, Sun Metro, CA SiteMinder, IBM, Oracle |
Issuer | Issuing authority like Domain Controller, Certificate Authority, Ausweisbüro der Gemeinde/Kanton |
Rule | Claims transformation rule (input -> output) |
Federate | “verbünden”, trust, establish base for SSO |
Claims transformation | Values of input claims are transferred to output claim values (copied, constants, from claim type to other claim type). Mapping. |
Scope | Container for rules and token settings (like token renewal, etc.). |
Claim type | A URN string describing the meaning of a claim. There are standard claim types; you can add your own. |
Action claim | Claim representing an ACS right (e.g. servicebus send/listen/etc.) |
ClaimsAuthorizationManager | Modul/Handler used by an RP to implement special authorization. Also possible to do other claims transformation/mapping. |
ACS | Azure .NET Services component for Identity und Access Control |
Service Bus | Transparent, routed WCF web service through the cloud, providing quality of services. |
No comments:
Post a Comment