Review the Role of Claims in the Account Partner Organization

Applies To: Windows Server 2008

An account partner issues tokens containing claims to its users. The claims are built from the account store so that users can access Web-based applications in the resource partner. The following table describes the claim options in the account partner.

Claim option Description

Claim extractions

Claim extractions map a user or group in an account store to an organization claim. The account store can be either Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

Organization claims

Organization claims are used by the federation server—in this case, the account federation server. Claims passing through a federation server are mapped into and out of the organization claim set. These claims are then transformed, or mapped, into outgoing claims. This is the core set of claims that the organization uses for mapping.

Outgoing claim mappings

Outgoing claim mappings map organization claims to outgoing claims. The claim names that you configure here are determined by an agreement with your resource partner on a common namespace.

Outgoing claims

Outgoing claims are included in the security token of a user. They are generated by the account partner, and they are sent to the resource partner. Organization claims on the federation server of the account partner are mapped to outgoing claims that are then sent to the resource federation server.