SharePoint Claims Based Authentication – The Basics of Identity Frameworks

There are abundant, diverse types of SharePoint software being produced incessantly. When we employ it, we habitually take for granted what has gone into the development of it. One of the principal decisions is what type of identity will be utilized as there are numerous that the SharePoint technology of today can offer. It can take time to establish which one is best for a known type of software requirement.

Some of the things that have to be taken into consideration include who will be using the materials, how they will be used, and more. As a result of the multiple uses of some SharePoint software it may be compulsory for one that one identity to be used, allowing plenty of options for how it will be applied.

While it is the SharePoint user that will resolve what accessed based on behavior in SharePoint, there is also a great deal going on behind the scenes. SharePoint may need to be able to gain user information from various resources, not solely a known, compliant directory. It is with such problems in mind that the scheme was fashioned to develop an identity that is able to work regardless of what a person or a business needs, transversing multiple types of barriers allowing SharePoint and related applications to be able to have requisite identity information in a proper, consumable format. The issue of tracking it down would be eliminated from the equation. This is where claims-based identity comes into the picture. It offers a practicable solution so that identity information can be gathered from both inside and outside of that entity. It additionally allows it to be harvested from the cloud.

Through a claims based approach everything is simplified from the developers point of view. That consecutively means it is going to be less expensive for a particular SharePoint application to be constructed, while impacting maintenance costs by moderating costs relating to the upkeep of these programs. Owing to these facts, many SharePoint developers are earnestly looking at exploiting the value of claims based integration.

As you read this material you will start to appreciate the fundamentals of claims-based identity by explaining the technology being exercised by Microsoft to create this concept, known as the Geneva stack. Some of the things that need to be explored include the Geneva Server, Windows CardSpace Geneva, and the Geneva Framework. They all optionally work together to make claims-based identity work in reality as it does in premise. Right now these programs are in testing modes, keep in mind that some aspects of what you read here could change before they final release is done.

Next Section >> Working With Identity in Applications


Understanding Claims-Based Authentication (CBA) Series

I wrote these posts ad-hoc because I have recieved this question more than anything else lately, likely due to the paradigm shift from legacy authentication technniques in SharePoint 2010. I tried to keep the language in localizable terminology in order to support the mult-lingual functions provided on the site as well. I broke it up into seperate posts as well to provide some level of categorization, some are big, some are small.

I know they might not be perfect, but it’s a beta-ish technology and writing 16 posts takes a fair amount of time. Along those lines, there might be some terminology interchanging going on because I was using the Geneva stack when I had started this. Just keep in mind that the following legend coordindates the Microsoft code names:

Active Directory Federation Services (ADFS) = Geneva Server

Windows Identity Foundation = Geneva Framework

Windows CardSpace = Windows CardSpace  :)

  1. The Basics of the Identity Foundation
  2. Working With Identity in Applications
  3. Claims Based Identity
  4. Claims Creation
  5. How are Claims Used?
  6. What does ADFS v2 And Windows Identity Foundation do?
  7. The Relationship Between Claims Based Identity, Windows Identity Foundation, ADFS v2
  8. Claim Usage Within The Enterprise
  9. Claims Usage Between Enterprises
  10. Claims Usage On The Cloud (Internet)
  11. Delegating Claims
  12. Geneva Server – ADFS v2
  13. CardSpace
  14. Self Issued Identity Providers
  15. Geneva Framework – Windows Identity Foundation
  16. Conclusion On Claims Authentication