I've been programming with claims-based authentication for some time now with Windows Identity Foundation.
It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user.
With the old role-based authentication, I could say that a user is or is not a member of a given group, but with claims-based authentication, I can now have strings of information that describe a user. "This user is female". This user was born on "July 6, 1975". "This user logged in using a USB key".
Is it the essence of claims-based authentication,that I have strings of information about the user given to the application by the framework?