CLAIMS VS ROLES

Roles-based authorization :

- Identify a user.
- Get user roles.
- Compare user roles to roles that are authorized to access a resource.

Claims-based authorization :

- Assign a claim to user.
- User present a claim for authorization rather than username and password.

A role is a specific kind of claims :

Based on my identity (username/password), i'm in this role, because i'm a member of this role, i have access to this resource.