...
Claim Definition : A token gets transmitted as a stream of bytes during transmission over a network (intranet/internet). Further, it contains user-specific information in claim format. Each claim includes the user’s name, age, manager’s name, and group name. For receiver-end verification, the token has a digital signature.
...
How does CBA work ?
...
Establish trudt between the RP and the STS means :
Sharing federation metadata
Using the RP’s public key, the STS encrypts the tokens
The RP uses the STS’s public key to verify tokens from STS
The RP uses its private key to decrypt the token and extract the claims from it