Claims Taxonomy
*Identifier claims – entity tags, unique within
a given namespace
*Attribute claims – properties of an entity
(e.g. name/value tuples)
*Descriptor Claims – Characteristic, e.g. “Age/30”
*Relationship Claims – Membership, e.g. “Dept/Finance”
*Capability Claims – Entitlement, e.g. “Entitlement/high$POapprover”
*Static claims, e.g., “DOB/May-21-1979”
*Computed claims, e.g., “AgeCategory/over-21”
*Credential = Identifier Claim(s) + Authenticator
*(username + password; X.509 + proof-of-possession; username + OTP tokencode)