[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

This topic contains definitions of key terms that are used in developing Windows® Identity Foundation (WIF) applications.

Term Definition


A statement about a subject; for example, a name, identity, key, group, permission, or capability, made by one subject about itself or another subject.  Claims are given one or more values and then packaged in security tokens that are issued by a security token service (STS).

claim type

The type of statement in the claim being made.  Example claim types include FirstName, Role, and PPID.  The claim type provides context for the claim value.

claim value

The value of the statement in the claim being made.  For example, if the claim type is FirstName, a value might be Matt. 

claims provider

A claims provider is a type of identity provider that provides single sign-on functionality between an organization and other identity providers and relying parties.

identity provider

An organization issuing claims in security tokens.  For example, a credit-card provider organization might issue a claim in a security token that enables payment if the relying party application requires that information to complete an authorized transaction.

identity provider – security token service (IP-STS)

A software component or service that is used by an identity provider that issues claims and packages them in security tokens.

information card

A visual representation of an identity with associated metadata that may be selected by a user in response to an authentication request.

managed information card

An information card provided by an external identity provider. By using managed cards, identity information is stored with an identity provider. See How to: Build a Managed Card Issuance Site.

relying party

An application that relies on security tokens and claims issued by an identity provider.

security token

An on-the-wire representation of claims that has been cryptographically signed by the issuer of the claims, providing strong proof to any relying party as to the integrity of the claims and the identity of the issuer.

security token service (STS)

A Web service that issues claims and packages them in encrypted security tokens (see WS-Security, WS-Trust).

web single sign-on (SSO)

A process enabling partnering organizations to exchange user authentication and authorization data. By using Web SSO, users in partner organizations can transition between secure Web domains without having to present credentials at each domain boundary.

Windows® CardSpace™ 2.0

Windows® CardSpace™ 2.0 is Microsoft's implementation of an Information Card selector for Microsoft Windows. See Information Card.


The WS-Federation standard defines mechanisms that are used to enable identity, attribute, authentication, and authorization federation across different trust realms. For more information about WS-Federation, see Understanding WS-Federation at the MSDN Web site.

WS-Federation passive requester profile

WS-Federation Passive Requester Profile describes how the cross trust realm identity, authentication, and authorization federation mechanisms defined in WS-Federation can be utilized used by passive requesters such as Web browsers to provide Identity Services. Passive requesters of this profile are limited to the HTTP protocol. For more information about WS-Federation Passive Requester Profile, see the specification at the MSDN Web site.


The WS-Security standard consists of a set of protocols designed to help secure Web service communication using SOAP. For more information about WS-Security, see the OASIS site for the WS-Security standard.


A standard that takes advantage of WS-Security to provide Web services with methods to build and verify trust relationships. For more information about WS-Trust, see the OASIS site for the WS-SX standard, which includes WS-Trust.

See Also