Claims-based Authentication: Are strings the essence of claims?

Posted by Rising Star on Stack Overflow See other posts from Stack Overflow or by Rising Star
Published on 2010-06-08T16:49:25Z Indexed on 2010/06/08 16:52 UTC
Read the original article Hit count: 207

I've been programming with claims-based authentication for some time now with Windows Identity Foundation.

It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user.

With the old role-based authentication, I could say that a user is or is not a member of a given group, but with claims-based authentication, I can now have strings of information that describe a user. "This user is female". This user was born on "July 6, 1975". "This user logged in using a USB key".

Is it the essence of claims-based authentication,that I have strings of information about the user given to the application by the framework?

© Stack Overflow or respective owner

Related posts about security

Related posts about WIF