Resources

Articles

FAQ

What is Active Directory?

Active Directory (AD) is a Microsoft directory service provided for Windows domain networks. Active Directory is a centralized and standardized system that automates network management of user data.

What is ADFS?

ADFS is Microsoft’s federation product that provides simplified access and single sign-on for on-premises and cloud-based applications in the organization, across organizations, and on the web.

What are claims?

In federation scenarios, a claim is a statement that a user makes about himself or another subject. The statement can be about a name, identity, key, group, privilege, or capability, for example. Claims are issued by a provider, and they are given one or more values and then packaged in security tokens that are issued by an issuer, commonly known as a security token service (STS).

What is Oauth?

OAuth is an open authorization protocol – or in other words, a set of rules – that allows a third-party website or application to access a user’s data without the user needing to share login credentials.

OAuth enables users to share their data and resources stored on one site with another site under a secure authorization scheme based on a token-based authorization mechanism.

What is OpenID

OpenID has many similarities to SAML but where SAML is limited to corporate use, OpenID is designed for consumer use cases. OpenID acts as an identification card on the internet, allowing users to use an existing account to sign in to multiple websites, without needing to create new passwords. Many larger organizations such as Facebook, Google, Yahoo etc. use OpenID.

What is SAML

Security Assertion Markup Language (SAML) is an open XML standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML enables organizations to connect systems from different domains and establish single sign-on between them, meaning that a user only have to authenticate once to gain access to all the connected systems.

What is a SAML Identity Provider (Security Token Service)?

A SAML Identity Provider authenticates users on the internet using various credentials, such as usernames, passwords and certificates.
The SAML Identity Provider then issues a so called security token containing  information about the roles assigned to the user.

What is a Service Provider (Relying Party)?

A Service Provider (or Relying party) is an application that uses claims. The term relying party arose because the application relies on an issuer to provide information about identity. Based on this information, the Service Provider decides whether to grant or deny a user access.

What is a token?

A (security) token is a file that contains information (claims) about a user’s identity such as the user’s name, email address, manager’s email address, groups, roles, and so on. Essentially a token acts as a digital passport providing users access to the right applications.

What is WIF?

Windows Identity Foundation (WIF) is a Microsoft software framework for building identity aware applications. WIF includes a set of application components for .NET developers that ease the development of claims-based applications.

What is WS Federation?

WS-Federation is a specification in Microsoft’s and IBM’s WS-Security architecture. WS-Federation enables applications and systems to securely exchange identity related information between each other. For instance, it could be information about how a user has been authenticated and what roles and access rights the user have.