Term Definition

Active Directory Federation Services (AD FS)

A component of Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 that supports identity federation and Web single sign-on (SSO) for Web browser–based applications.

Attribute store

A database that stores identities and their associated attributes. For this document, Active Directory Domain Services (AD DS) is the attribute store.


A statement that one subject makes about itself or another subject. For example, the statement can be about a name, identity, key, group, privilege, or capability. Claims have a security token service that issues them (such as AD FS), and they are given one or more values.

Claim rule

A rule that is written in the claim rule language in AD FS 2.0 that defines how to generate, transform, pass through, or filter claims.

Claims-aware application

A relying party software application that uses claims to manage identity and access for users. In this document, Microsoft Dynamics CRM is the claims-aware application.

Claims provider

A Federation Service that issues claims for a particular transaction. In Microsoft Dynamics CRM Server 2011claims-based authentication, AD FS 2.0 issues claims to its users for the relying party - the Microsoft Dynamics CRM server.

Federation server

A computer running Windows Server 2008 or Windows Server 2008 R2 that has been configured using the AD FS 2.0 Federation Server Configuration Wizard to act in the federation server role. A federation server issues tokens and serves as part of a Federation Service.

Federation Service

A logical instance of a security token service such as AD FS 2.0.

Identity provider

A Web service that handles requests for trusted identity claims and issues SAML tokens. An identity provider uses a database called an attribute store to store and manage identities and their associated attributes. For this document, AD FS 2.0 is the identity provider and Active Directory Domain Services (AD DS) is the attribute store.

Relying party

An application that consumes claims to make authentication and authorization decisions. For example, the Microsoft Dynamics CRM server receives claims that determine whether users in a partner organization can access your Microsoft Dynamics CRM data.

Relying party trust

A trust object, in the AD FS 2.0 snap-in, that is created to maintain the relationship with a Federation Service or with an application that consumes claims from this Federation Service.

Send comments about this article to Microsoft.

© 2012 Microsoft Corporation. All rights reserved.