Claims explained

This video from ITFreeTraining will look at claims that are used with Federation Services. Check out http://itfreetraining.com for more of our always free training videos. By the end of the video you will understand what are claims and what protocols are used with claims.

Download the PDF handout http://ITFreeTraining.com/handouts/fe...

Claims
A claim essentially is a statement made by one party about another party. This is provided by an Identity Provider. Services like Facebook are able to create a claim about a user which holds some information about the user. For example, the user can then use their Facebook login to access other sites. Let's consider an example of a shopping center that allows free parking for those people that have travelled a long distance to shop there. In order to get their free parking, all they need to do is show their driver's license which has their address on it. The identity provider in this case would be the institution that issues driver's licenses. The user would be the person wanting free parking. The service would be the shopping center who has made the decision to allow free parking for people outside the area.

Security Token
Claims are generally packaged inside a security token. This allows the details of the claim to be checked to ensure they have not been changed. When working with Federation Services you may hear the term security token and claim used interchangeable. Essentially they are referring to the claim which may be packaged in a security token.

Fictional Example
In this example, a person is given a voucher to a cinema in order to obtain a movie ticket. The movie ticket can then be used to enter a cinema to see a movie. Federation Services often work in a simple way.

Token Example
In some cases you will hear wording to the effect that a server consumes claims. When Federation Services are setup like this, the following generally happens. The Federation Server will issue a claim to the user. The user will then give this claim to another Federation Server. Once this Federation Server is able to verify that claim is valid, the Federation Server will destroy the claim and create a new claim. The new claim is free to change the information in the old claim and add to it. For example, it may add which servers the user is allowed to access. This kind of information is subject to change and thus the original server creating this claim does not know this information when the first claim is created.

Protocols
There are a lot of different protocols that make Federation Services work. Federation Services is also very customizable so even though there are some key protocols to make the system work, depending on how it is configured will determine which protocols will be used. For example, there are a number of different protocols that can be used to create a security token.

WS-Trust
In order for Federation Services to exchange information between different Federation Services there needs to be a common protocol between the systems. The WS-Trust protocol is designed to allow the Federation Services to communicate with each other and exchange information like security tokens. There are a number of different versions of the protocol so it is a matter of making sure that both sides are using the same protocol.
SAML (Security Assertion Markup Language)
SAML is one of the protocols that can be used to create security tokens. It is an open standard for authentication but can be used to create tokens. Once the token is created, it is transported to the other server using WS-Trust. It is possible to use other protocols however this one is the most common. What the server will accept and not accept is referred to as an endpoint.

Description to long for YouTube. Please see the following link for the rest of the description.
http://itfreetraining.com/federation#...

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
"Web Services Description Language" http://en.wikipedia.org/wiki/Web_Serv...
"WS-Trust and WS-Federation"
"WS-Trust" http://en.wikipedia.org/wiki/WS-Trust

1. federation definition, federation for american immigration reform, federation of state medical boards, federation games, federation for children with special needs, federation of organizations, federation of american scientists, federation force, federation brewing, federation bank, federation ranks, federation of american hospitals, federation vs confederation, federation of tax administrators, federation starships, federation of planets, federation coop, federation synonym, federation council, federation square, claims adjuster, claims synonym, http://claims.travelguard.com/myclaim, http://claims.progressive.com, claims adjuster jobs, claims adjuster salary, claims made policy, claims definition, claims adjuster trainee, claims conference, claims management inc, claims specialist, claims representative, claims examiner, claims processor, claims court, claims processing, claims adjuster training, claims adjudication, claims analyst, itfreetraining youtube, itfreetraining active directory, itfreetraining adfs, itfreetraining dns, itfreetraining 70-410, itfreetraining windows server 2016, itfreetraining windows server 2012, itfreetraining vmware, itfreetraining 70-640, itfreetraining powershell, itfreetraining windows 7, itfreetraining windows 10, itfreetraining hyper v, itfreetraining group policy, itfreetraining groups, itfreetraining dfs, itfreetraining sccm, itfreetraining certificate, itfreetraining linux, itfreetraining 70-411

Claims explained
20,924 views views	followers
193 Likes	193 Dislikes
Education	Upload TimePublished on 8 Jul 2014