We hare currently looking into claim based authentication, and testing a custom STS using WIF.
We have been discussing how to store claims in a database. In many simple examples, the claims are stored as simple attributes in a single table (UserProfile for example) having a FK to a User. The claims are then generated, and the claim type is a URL plus column name (for example http://.../claims/email) and the value is of course the value from the database.
But I need more complex examples. Can you share some of your ways of storing claims in the database? I was thinking of something like a table containing all claim types, and a table containing the values for each user (with a FK to the User). But we really need some inspiration here. So anything you can share will be much appreciated. But again, this is a very "flat" structure...
Update
I tried to make a simple model: http://imageshack.us/photo/my-images/690/suggestionn.png/
Sorry, cant post images yet.
I think this is good for simple claims. But what if I have what I call "nested claims". Lets say that a claim type describes that the user has a claim describing his rights to the resource "Personnel" of the claim type "Documents". That can be described using that model, but what if we want to further describe that claim. Say the use has access level 5 to the resource "Personnel". I can't see how that is possible. Any ideas?