Trend Report: The impact of claims-based approaches

Report Details

The term of “claims-based identity” and the idea overall of using the term “claim” in Identity and Access Management (IAM) has been introduced by Microsoft some two years ago but the concepts can be used in any environments and technologies can (and sometimes are) provided by other vendors as well.

A claim is a piece of information about a user provided by an identity provider which can be challenged by the relying party which receives that claim. Claims can represent pretty much anything about a user. The name, the age, the role within in a corporation, the purchase limit of that user in a specific business context or whatever else. There are as many options as use cases. Based on that concept, identities and identity-related information (including important elements of business policies) can be separated from application code.

Given that, the concept of claims is a core element of any approach towards an application security infrastructure (ASI) and, in general, the externalization of identity, access control and overall security from application code.

We strongly recommend to add the concept of claims as a standard element to any concept in the area of application security infrastructures, IAM, GRC, and especially application architecture. Regardless of the vendor who provides the technical elements, the approach of separating identities from applications appears to be valid and to be a significant break-through for application security.
You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
May 02, 2009

Trend Report: The impact of claims-based approaches

The term of “claims-based identity” and the idea overall of using the term “claim” in Identity and Access Management (IAM) has been introduced by Microsoft some two years ago but the concepts can be used in any environments and technologies can (and sometimes are)…

€125.00
excl. VAT
Get Access
Mastercard Visa PayPal INVOICE

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

Future-Proofing Your Cybersecurity Strategy

It’s May 25 today, and the world hasn’t ended. Looking back at the last several weeks before the GDPR deadline, I have an oddly familiar feeling. It seems that many companies have treated it as another “Year 2000 disaster” - a largely imaginary but highly publicized issue [...]

Latest Insights

Hot Topics

Spotlight

Compliance, Risk & Security Learn more

Compliance, Risk & Security

Whether public, private or hybrid clouds, whether SaaS, IaaS or PaaS: All these cloud computing approaches are differing in particular with respect to the question, whether the processing sites/parties can be determined or not, and whether the user has influence on the geographical, qualitative and infrastructural conditions of the services provided. Therefore, it is difficult to meet all compliance requirements, particularly within the fields of data protection and data security. The decisive factors are transparency, controllability and influenceability of the service provider and his [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00