Claims-based identity seeks to control the digital experience and allocate
digital resources based on claims made by one party about another.
A party can be a person, organization, government, website,
web service, or even a device. The very simplest example of a claim is
something that a party says about itself.
As the authors of this book point out, there is nothing new about
the use of claims. As far back as the early days of mainframe computing,
the operating system asked users for passwords and then passed
each new application a “claim” about who was using it. But this world
was based to some extent on wishful thinking because applications
didn’t question what they were told.
As systems became interconnected and more complicated, we
needed ways to identify parties across multiple computers. One way
to do this was for the parties that used applications on one computer
to authenticate to the applications (and/or operating systems) that
ran on the other computers. This mechanism is still widely used—for
example, when logging on to a great number of Web sites.
However, this approach becomes unmanageable when you have
many co-operating systems (as is the case, for example, in the enterprise).
Therefore, specialized services were invented that would register
and authenticate users, and subsequently provide claims about
them to interested applications. Some well-known examples are
NTLM, Kerberos, Public Key Infrastructure (PKI), and the Security
Assertion Markup Language (SAML).
If systems that use claims have been around for so long, how can
claims-based computing be new or important? The answer is a variant
of the old adage, “All tables have legs, but not all legs have tables.” The
claims-based model embraces and subsumes the capabilities of all the
systems that have existed to date, but it also allows many new things
to be accomplished. This book gives a great sense of the resultant
opportunities.
Download Claims-Based Identity and Access Control, Second Edition eBook at - http://www.microsoft.com/download/en/details.aspx?id=28362&WT.mc_id=rss_alldownloads_all
0 comments:
Post a Comment