A binary collection of information about a user's identity and security that is created and issued by an authentication system and is used by an authorization system to authorize access to data sources. Examples of a security token's contents include user roles, user IDs, group IDs, and other information that can be used to control access to content.
A secure and data-integrity protected collection of user identity information, including the user's account information, capabilities, rights, privileges, roles, groups, and the identity of the authentication system or application that can authenticate (or has already authenticated) the user's identity. An security token is a transportable block of data that can be used as proof of user identity by any systems or applications that have a trust relationship with the originator of the security token.
