This document discusses identity federation and claims-based authentication. It explains that identity federation allows decoupling authentication from applications/services and enables single sign-on. Claims contain information about a subject issued by an identity provider. Security token services issue and sign tokens containing claims. Common token types are SAML, JWT, and SWT. Claims-based identity provides applications with any user information needed from the identity provider via claims in tokens.