1.3.2 SAML 1.1 Assertion Extension

The Microsoft Web Browser Federated Sign-On Protocol described in [MS-MWBF] does not specify a method for including SIDs in a security token. For applications requiring SIDs, claims are not sufficient for authorization.

The SAML 1.1 Assertion Extension provides a method for including SIDs in a SAML assertion. How an identity provider/security token service (IP/STS) obtains the security identifiers and how a relying party interprets them is implementation-specific.