I'm new to security manner and .NET security manner. I see a lot about the claims, and issuer, etc but I feel confused about the definition.
In easy English, what is claim? And what is an issuer/original issuer in claim?
Claims are pieces of information about a user that have been packaged, signed into security tokens and sent by an issuer or identity provider to relying party applications through a security token service (STS).
ClaimsIdentity(IIdentity) Initializes a new instance of the ClaimsIdentity class using the name and authentication type from the specified IIdentity. ClaimsIdentity(IIdentity, IEnumerable<Claim>) Initializes a new instance of the ClaimsIdentity class using the specified claims and the specified IIdentity.
Sometimes it helps to look up the words in a dictionary. A technical term is selected because it in some way is linked to the original meaning of the word. This is obvious to a native English speakers but not always so obvious to non-native English speakers like myself.
Claim is a demand for or an assertion of a right. You can claim payment for a service or claim a property by inheritance.
Within security, claim is a statement about who you are, what you have the right to or what you are capable of (or the statement could be about a user or another subject).
The verb to issue is to publish or give something out. An issuer is an institution that issues something.
Technically an issuer is a service that you authenticate with and in return it will issue security tokens. These tokens contain claims.
To give an example: If I log into a Windows Active Directory the issuer is the active directory. When I have been authenticated with the active directory a security token is issued and within this token there are claims about my user name and what security groups I belong to.
Sometimes an issuer will issue new claims based on existing claims. E.g., if you log in to a web site using your Google account then the web site can issue claims about your identity. Some of these claims could originate from Google (like your e-mail address) and then the original issuer would be Google and not the web site (which is the issuer of the claim).
There are in depth information about this subject in A Guide to Claims-Based Identity and Access Control (2nd Edition) on MSDN.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With