For any form or workflow logic around user filtering and person or group value matching you will eventually run into working with the SharePoint claim. The actual value of the user within SharePoint. So as I respond to those posts I came across two blogs that explain what the formatting actually means for the claims and why i:0#.w|domainuser is used. I hadn't seen these before and I thought it to be helpful to post the explanation here to help others.
SharePoint 2013 and SharePoint 2010 display identity claims with the following encoding format:
<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer (optional)>|<ClaimValue>
Where:
- <IdentityClaim> indicates the type of claim and is the following:
- “i” for an identity claim
- “c” for any other claim
- <ClaimType> indicates the format for the claim value and is the following:
- “#” for a user logon name
- “.” for an anonymous user
- “5” for an email address
- “!” for an identity provider
- “+” for a Group security identifier (SID)
- “-“ for a role
- “%” for a farm ID
- “?” for a name identifier
- "" for a private personal identifier (PPID)
- "e" for a user principal name (UPN)
- <ClaimValueType> indicates the type of formatting for the claim value and is the following:
- “.” for a string
- “+” for an RFC 822-formatted name
- <AuthMode> indicates the type of authentication used to obtain the identity claim and is the following:
- “w” for Windows claims (no original issuer)
- “s” for the local SharePoint security token service (STS) (no original issuer)
- “t” for a trusted issuer
- “m” for a membership issuer
- “r” for a role provider issuer
- “f” for forms-based authentication
- “c” for a claim provider
- <OriginalIssuer> indicates the original issuer of the claim.
- <ClaimValueType> indicates the value of the claim in the <ClaimType> format.