How to expire / update ClaimsIdentity claims stored in the SessionToken web interface

I use the excellent Thinktecture.IdentityModel library to perform authentication / authorization in an ASP.NET Web API project that will be used from mobile devices and, possibly, from web clients. I use basic authentication to authenticate mobile clients to access the web api and use the built-in SessionToken generation, which represents the Thinktecture.IdentityModel. However, I have some doubts about how to cancel the applications added to the ClaimsIdentity application collection, which are then (I think) encoded in the SessionToken provided to the client ...

Here is what I still have:

Following the examples in the sample IdentityModel project, I created the following class

public static class  SecurityConfig
{
  public static void ConfigureGlobal(HttpConfiguration globalConfig)
  {
      globalConfig.MessageHandlers.Add(new AuthenticationHandler(CreateConfiguration()));
  }

  public static AuthenticationConfiguration CreateConfiguration()
  {
      var authentication = new AuthenticationConfiguration()
          {
              ClaimsAuthenticationManager = new MyClaimsTransformer(),
              RequireSsl = false, //TODO:TESTING only
              EnableSessionToken = true,
              SessionToken = new SessionTokenConfiguration()
              {
                  EndpointAddress = "/Authenticate"
              }
          };
       authentication.AddBasicAuthentication(Membership.ValidateUser);

      return authentication;
   }
}

Global.asax

SecurityConfig.ConfigureGlobal(GlobalConfiguration.Configuration);

- http://myhost/api/Authenticate

Memberhip.ValidatUser /, , MyClaimsTransformer.

public class ClaimsTransformer : ClaimsAuthenticationManager
{
   public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
   {
     if (!incomingPrincipal.Identity.IsAuthenticated)
     {
        return base.Authenticate(resourceName, incomingPrincipal);
     }
     return incomingPrincipal;
   }
}

, .

.

, , ClaimsTransformer, , - .

var nameClaim = incomingPrincipal.Claims.First(c => c.Type == ClaimTypes.Name);

//Using value in nameClaim lookup roles or permissions for this user.
var someListofRoles = SomeMethodToGetRoles(nameClaim.Value);

//Add user roles to the Claims collection of the ClaimsPrincipal.
foreach(var role in someListOfRoles)
{
   incomingPrincipal.Identities.First().AddClaim(new Claim("Role", role.Name));
}

, , , / AuthorizeAttribute.

, , , , , / , , -, , - .

SessionToken? , , / , SessionToken ?

, SessionToken, .. " " , ?