An organization is improving its web services to enable better customer engagement and self-service.
The organization has a native mobile application and a rewards portal provided by a third party.
The business wants to provide customers with the ability to log in once and have SSO between each of the applications.
The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail.
Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.AF.
The organization wants to enable single sign-on (SSO) between multiple applications while maintaining the integrity of customer identity to maintain consistent audit trails in back-end systems. This requirement can be met by using two types of authentication and authorization mechanisms: SAML and OpenID Connect.
SAML (Security Assertion Markup Language) is a protocol used for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). With SAML, the user logs in once with the identity provider, which then sends an assertion to the service provider, enabling SSO between applications. SAML allows for the propagation of identity information across domains, making it ideal for applications provided by third parties. SAML also provides a way to ensure that the identity information is protected from tampering or interception during transmission.
OpenID Connect is a newer authentication and authorization protocol that builds on top of the OAuth 2.0 framework. It provides an ID token that contains user identity information, which can be used for SSO between applications. OpenID Connect allows for the propagation of identity information in a standardized manner, making it easier to integrate different applications. OpenID Connect also provides mechanisms for securing the transmission of identity information.
Social login is an authentication mechanism that allows users to log in to an application using their social media accounts, such as Facebook or Twitter. While this may provide a convenient way for users to log in, it does not meet the requirements of maintaining the integrity of the identity for back-end auditing.
XACML (Extensible Access Control Markup Language), SPML (Service Provisioning Markup Language), and OAuth (Open Authorization) are not authentication mechanisms but authorization mechanisms. XACML is a policy-based access control language, SPML is a protocol for managing user accounts across multiple systems, and OAuth is a framework for granting access to resources to third-party applications. While these mechanisms may be useful in managing access to resources, they do not meet the requirements of SSO and maintaining identity integrity.
In conclusion, the BEST authentication and authorization types that meet the organization's requirements are SAML and OpenID Connect.