http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

The assumption that users will log in by entering a user name and password that they have registered in your own application is no longer valid. The web has become more social. Users are interacting with each other in real time through social channels such as facebook, twitter, and other social web sites. Developers want users to be able to log in with their social identities so that they can have a rich experience on their web sites. A modern membership system must enable redirection-based log-ins to authentication providers such as Face book, Twitter, and others.

Claims-based Identity: the user's identity is represented as a set of claims.

Security token service: the user's claims are often better handled by a third party than by any indifidual application. The third party is called the security token service.