This topic contains definitions of key terms that are used in customizing Active Directory® Federation Services (AD FS) 2.0.

Term Definition
claim A statement about a subject; for example, a name, identity, key, group, permission, or capability, made by one subject about itself or another subject. Claims are given one or more values and then packaged in security tokens that are issued by a security token service (STS).
claim type The type of statement in the claim being made. Example claim types include FirstName, Role, and PPID. The claim type provides context for the claim value.
claim value The value of the statement in the claim being made. For example, if the claim type is FirstName, a value might be Matt.
claims provider A claims provider is a type of identity provider that provides single sign-on functionality between an organization and other identity providers and relying parties.
identity provider An organization issuing claims in security tokens. For example, a credit-card provider organization might issue a claim in a security token that enables payment if the relying party application requires that information to complete an authorized transaction.
identity provider – security token service (IP-STS) A software component or service that is used by an identity provider that issues claims and packages them in security tokens.
information card A visual representation of an identity with associated metadata that may be selected by a user in response to an authentication request.
managed information card An information card provided by an external identity provider. By using managed cards, identity information is stored with an identity provider.
relying party An application that relies on security tokens and claims issued by an identity provider.
security token An on-the-wire representation of claims that has been cryptographically signed by the issuer of the claims, providing strong proof to any relying party as to the integrity of the claims and the identity of the issuer.
security token service (STS) A Web service that issues claims and packages them in encrypted security tokens (see WS-Security, WS-Trust).
web single sign-on (SSO) A process enabling partnering organizations to exchange user authentication and authorization data. By using Web SSO, users in partner organizations can transition between secure Web domains without having to present credentials at each domain boundary.
Windows® CardSpace™ 2.0 Windows® CardSpace™ 2.0 is Microsoft's implementation of an Information Card selector for Microsoft Windows. See Information Card.
WS-Federation The WS-Federation standard defines mechanisms that are used to enable identity, attribute, authentication, and authorization federation across different trust realms. For more information about WS-Federation, see Understanding WS-Federation at the MSDN Web site.
WS-Federation passive requester profile WS-Federation Passive Requester Profile describes how the cross trust realm identity, authentication, and authorization federation mechanisms defined in WS-Federation can be utilized used by passive requesters such as Web browsers to provide Identity Services. Passive requesters of this profile are limited to the HTTP protocol. For more information about WS-Federation Passive Requester Profile, see the specification at the MSDN Web site.
WS-Security The WS-Security standard consists of a set of protocols designed to help secure Web service communication using SOAP. For more information about WS-Security, see the OASIS site for the WS-Security standard.
WS-Trust A standard that takes advantage of WS-Security to provide Web services with methods to build and verify trust relationships. For more information about WS-Trust, see the OASIS site for the WS-SX standard, which includes WS-Trust.

See Also

Overview [idfx]