private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity)
        {

            List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
            
            if (identities.Count == 0)
                throw new SecurityException("Authorization failed, identity missing from evaluation context.");

            identity = new CustomIdentity(identities[0].Name);
            
            // TODO: check identity against credential store and 
            // determine the appropriate claims to allocate
            
            // NOTE: in this sample, only partner certificates are provided,
            // and at this point have passed authorization, so we will grant
            // all custom claims 
            
            List<Claim> listClaims = new List<Claim>();

            listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty));

            return new DefaultClaimSet(this.m_issuer, listClaims);
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
                
                // get claims from authorized issuer
                ClaimSet issuedClaims = null;
                foreach (ClaimSet cs in evaluationContext.ClaimSets)
                {
                    // If the issuer of the ClaimSet is this STS...
                    if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey")))
                    {
                        issuedClaims = cs;
                    }
                }

                if (issuedClaims == null)
                {
                    throw new SecurityException("Unable to authenticate caller. Invalid claimset provided.");
                }

                CustomIdentity identity = new CustomIdentity("Claims");
                CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims);

                evaluationContext.Properties["Principal"] = newPrincipal;

            return true;

        }