This is my recap on the session by Lieven Iliano.
SP2013 still support claims authentication and classic authentication. Claims based is now the default option. Claims based uses an Identity provider that handles the authentication.
Enables users to delegate limited authorisation to their SP data to apps.
Used when apps and SP do not use the same authentication mechanism. Used in office365. These apps are called low trust apps. It provides a method for apps to access ShrePoint on behalf of an end user.
Lieven showed a nice demo of this in Visual studio.
Server to server high trust authentication
Only on prem. When app and SP uses the same authentication mechanism. These apps are called high trust apps
This is something the developer must do. The permissions are in te app manifest file. Both the app and user must have permissions.