3.1.1.11.1.6 Claims Transformation
Claims need to be examined, filtered, possibly modified, and reissued when traversing trusts. This process is known as claims transformation. Claims transformation is invoked only on certain types of trusts. Refer to [MS-PAC] section 4.1.2.2 for details about when claims transformation is invoked.
Claims transformation uses the trust name and the direction of the traversal of the trust to look up the corresponding msDS-ClaimsTransformationPolicyType object and obtain claims transformation rules from it.
The claims to be transformed and the transformation rules are passed to the Claims Transformation Algorithm [MS-CTA].
The output of the Claims Transformation Algorithm is further processed using the Claims Dictionary to produce claims that are relevant to the new forest in which they are used.
Refer to the TransformClaimsOnTrustTraversal claims procedure (section 3.1.1.11.2.11) for a normative description of claims transformation.