I’ve been working with identity management and Azure’s Access Control Service for some time now, but I was recently reminded of how overwhelming it can be for a developer who has never dealt with identity management in the past. One of the main reasons for this has to do with all of the terminology associated with identity management that many developers are not familiar with. I thought I’d use this post to give you a run down of the terms associated with identity management, so here you go:

  • Relying Party (RP) – your application.
  • Subject – a user of your application.
  • Identity Provider (IP or IdP) – the service your application uses to authenticate a user (subject).
  • Claim – a statement made by the identity provider (IdP) about the user (subject). This is typically a name value pair (i.e. name and value of the claim). Examples of claims are:
    • The subject claims to have a first name of Adam
    • The subject claims to have a last name of Grocholski
    • The subject claims to have a job title of Technical Evangelist
  • Token – a collection claims. There are two types of tokens to be concerned with when use Windows Azure ACS:
    • Security Application Markup Language token (SAML) – specifies an XML format for tokens.
    • Simple Web Token (SWT) – tokens are expressed as form-encoded key/value pairs signed with a cryptographic key
  • Protocol – method of dealing with the issuing, renewing, and validating of security tokens. In identity there are three primary protocols
    • SAML-P – I’m not going to discuss this here as it’s currently not supported by ACS. (If you’re interested, you can read up on it here: http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language#SAML_protocols)
    • WS-Federation – a subset of SAML-P used primarily by web sites.
    • WS-Trust – used for SOAP web services.

Hope it helps!

ag