Handling optional claims with the ADFS Claims Rule Language

It is a perfectly normal scenario for claims to be optional in a token. For example, a SAML assertion may contain the mandatory claims: http://www.contoso.com/claims/givenname http://www.contoso.com/claims/surname and optionally the claim: http://www.contoso.com/claims/dateofbirth The ADFS Claims Rule Language is designed to allow claims from incoming tokens to be used to query data stores for additional claims. At…


U-Prove and why U should care

Privacy and minimal disclosure of information are important aspects of any identity verification system. However, end-users are often unaware of exactly what information is being disclosed to online service providers. The U-Prove protocol has been devised to resolve these problems by putting into the hands of the end-user the control of what information is passed…


Windows Identity Foundation 101’s : WS-Federation Passive Requestor Profile (part 1 of 2)

Background It is becoming more commonplace for the means of authenticating a user to be externalized away from the content provider. In federation parlance the content provider is known as the Relying Party (RP) and is so named because it is reliant upon an external entity for authentication, that entity being known as the Identity…