What are Claims

written on September 21, 2010

The security tokens generated by
STS contain various attributes based on which a grant/deny access is provided or based on which user experience is customized. These attributes are called as Claims.

A claim can be a user name, user’s email, it can even be permissions such as canWrite, canRead etc or it can be roles or groups to which the user belongs. When an
STS generates a token, it embeds the claims within it; therefore, once a token has been issued the values of these claims cannot be tampered with.

If our application trusts the
STS that issued this token, it uses the claims issues by the token to describe the user, thus eliminating the need to look up user attributes to provide authorization and customization.