Claims Taxonomy
Identifier claims – entity tags, unique within
a given namespace
Attribute claims – properties of an entity
(e.g. name/value tuples)
Descriptor Claims – Characteristic, e.g. “Age/30”
Relationship Claims – Membership, e.g. “Dept/Finance”
Capability Claims – Entitlement, e.g.
“Entitlement/high$POapprover”
Static claims, e.g., “DOB/May-21-1979”
Computed claims, e.g., “AgeCategory/over-21”
Credential = Identifier Claim(s) + Authenticator
(username + password; X.509 + proof-of-possession; username +
OTP tokencode)