Chapter 4. SharePoint 2010 Security Under the Hood — Claims-Based Authentication
By Adam Buenz
For organizations that require more complex SharePoint security architectures, working with multiple identities from various sources can be an extremely difficult task. While determining where assorted identity information exists may be a one-dimensional assessment, deciding which identity technology to use to traverse technology and organizational boundaries can be a challenging decision. However, before assessing and implementing an identity technology, you must understand specifically what an identity is.
An identity can be an arduous concept to define. In the context of the physical world, it can take on many forms, and attempts to define it can quickly transform into a metaphysical discussion. In the digital world, an identity is more easily defined, but can also take on multiple structures.
Because of its indistinctness, an identity can be any number of things, including persons, computers, applications, or other various assets. As such, a digital identity can simply be described as an object that has distinguishable properties differentiating it from other objects. However, it is more common that an identity is associated directly with a specific user, and differentiated by common characteristics such as username, job role, and age.
For enterprise applications such as SharePoint 2010 that can commonly be accessed and authenticated through several diverse means, numerous diverse identity ...