Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity’s specific information while providing data that authorizes them for appropriate and relevant interactions.
Claims-based identity is one type of identity access management (IAM) system, a framework for business processes that facilitates the management of electronic identities. The framework includes the technology needed to support identity management.
A claim is any piece of data about a user. Users, in this context, include applications and devices as well as end users. Specific claims might include names, locations, privilege levels, group associations, device types and preferences (among many other possibilities). The unique set of claims for a user of a specific application is presented as that user’s identity. Sets of claims are securely contained as one or more tokens that are then provided to applications through an issuing authority known as a Security Token Service (STS).
Claims-based identity provides user information automatically so that an application doesn’t have to request it of the user and the user doesn't have to provide that data separately for different applications. Claims are transmitted using a standard method such as the Security Assertion Markup Language (SAML), so that they will have the same format across a multitude of authentication sources and applications.