diff --git a/DigitalData.Core.Security/Config/ClaimDescriptor.cs b/DigitalData.Core.Security/Config/ClaimDescriptor.cs
new file mode 100644
index 0000000..f82a36e
--- /dev/null
+++ b/DigitalData.Core.Security/Config/ClaimDescriptor.cs
@@ -0,0 +1,11 @@
+using System.Security.Claims;
+
+namespace DigitalData.Core.Security.Config
+{
+    public class ClaimDescriptor<TPrincipal>
+    {
+        public Func<TPrincipal, IDictionary<string, object>>? CreateClaims { get; init; }
+
+        public Func<TPrincipal, ClaimsIdentity>? CreateSubject { get; init; }
+    }
+}
\ No newline at end of file
diff --git a/DigitalData.Core.Security/DIExtensions.cs b/DigitalData.Core.Security/DIExtensions.cs
index 27cb935..b7816fb 100644
--- a/DigitalData.Core.Security/DIExtensions.cs
+++ b/DigitalData.Core.Security/DIExtensions.cs
@@ -4,6 +4,7 @@ using DigitalData.Core.Security.Cryptographer;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using System.Security.Claims;
 
 namespace DigitalData.Core.Security
 {
@@ -123,5 +124,18 @@ namespace DigitalData.Core.Security
                 ? services.AddParamsConfigureOptions<TRSAFactoryParams>().AddSingleton<IRSAFactory, RSAFactory<TRSAFactoryParams>>()
                 : services.AddParamsConfigureOptions<TRSAFactoryParams>().AddSingleton<IRSAFactory<TRSAFactoryParams>, RSAFactory<TRSAFactoryParams>>();
         }
+
+        private static IServiceCollection AddClaimDescriptor<TPrincipal>(this IServiceCollection services,
+            Func<TPrincipal, IDictionary<string, object>>? claimsMapper = null,
+            Func<TPrincipal, ClaimsIdentity>? subjectMapper = null)
+        {
+            var descriptor = new ClaimDescriptor<TPrincipal>
+            {
+                CreateClaims = claimsMapper,
+                CreateSubject = subjectMapper
+            };
+
+            return services.AddSingleton(sp => Options.Create(descriptor));
+        }
     }
 }
\ No newline at end of file