Getting Started with Security and Claims-Based Identity Model
Last modified: April 20, 2010
Applies to: SharePoint Foundation 2010
This section provides helpful conceptual and practical information related to general security and claims-based identity model for Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010, for both new and veteran programmers.
The claims-based identity model for Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 is built upon Windows Identity Foundation (WIF). Features of claims-based identity include:
Authentication across users of Windows-based systems and systems that are not Windows-based.
Multiple authentication types.
Stronger real-time authentication.
A wider set of principal types.
Delegation of user identity between applications.
When you build claims-aware applications, the user presents an identity to your application as a set of claims. One claim could be the user’s name, another might be an e-mail address. The idea is that an external identity system is configured to give your application all the information that it needs about the user with each request, along with cryptographic assurance that the identity data that your application receives comes from a trusted source. Under this model, single sign-on is much easier to achieve.