Active Directory Federation Services 2.0

This topic contains definitions of key terms that are used in customizing Active Directory® Federation Services (AD FS) 2.0.

claimA statement about a subject; for example, a name, identity, key, group, permission, or capability, made by one subject about itself or another subject. Claims are given one or more values and then packaged in security tokens that are issued by a security token service (STS).
claim typeThe type of statement in the claim being made. Example claim types include FirstName, Role, and PPID. The claim type provides context for the claim value.
claim valueThe value of the statement in the claim being made. For example, if the claim type is FirstName, a value might be Matt.
claims providerA claims provider is a type of identity provider that provides single sign-on functionality between an organization and other identity providers and relying parties.
identity providerAn organization issuing claims in security tokens. For example, a credit-card provider organization might issue a claim in a security token that enables payment if the relying party application requires that information to complete an authorized transaction.
identity provider – security token service (IP-STS)A software component or service that is used by an identity provider that issues claims and packages them in security tokens.
information cardA visual representation of an identity with associated metadata that may be selected by a user in response to an authentication request.
managed information cardAn information card provided by an external identity provider. By using managed cards, identity information is stored with an identity provider.
relying partyAn application that relies on security tokens and claims issued by an identity provider.
security tokenAn on-the-wire representation of claims that has been cryptographically signed by the issuer of the claims, providing strong proof to any relying party as to the integrity of the claims and the identity of the issuer.
security token service (STS)A Web service that issues claims and packages them in encrypted security tokens (see WS-Security, WS-Trust).
web single sign-on (SSO)A process enabling partnering organizations to exchange user authentication and authorization data. By using Web SSO, users in partner organizations can transition between secure Web domains without having to present credentials at each domain boundary.
Windows® CardSpace™ 2.0Windows® CardSpace™ 2.0 is Microsoft's implementation of an Information Card selector for Microsoft Windows. See Information Card.
WS-FederationThe WS-Federation standard defines mechanisms that are used to enable identity, attribute, authentication, and authorization federation across different trust realms. For more information about WS-Federation, see Understanding WS-Federation at the MSDN Web site.
WS-Federation passive requester profileWS-Federation Passive Requester Profile describes how the cross trust realm identity, authentication, and authorization federation mechanisms defined in WS-Federation can be utilized used by passive requesters such as Web browsers to provide Identity Services. Passive requesters of this profile are limited to the HTTP protocol. For more information about WS-Federation Passive Requester Profile, see the specification at the MSDN Web site.
WS-SecurityThe WS-Security standard consists of a set of protocols designed to help secure Web service communication using SOAP. For more information about WS-Security, see the OASIS site for the WS-Security standard.
WS-TrustA standard that takes advantage of WS-Security to provide Web services with methods to build and verify trust relationships. For more information about WS-Trust, see the OASIS site for the WS-SX standard, which includes WS-Trust.

Overview [idfx]