CISSP Question #1535: Real Exam Question with Answer & Explanation

Question

Hotspot Question Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below. Answer:

Options

• __typehotspot
• variantdropdown

Explanation

The correct answer is WS-Federation, as it is the Web Services Security (WS-Security) specification designed to enable a single authenticated identity across multiple, dissimilar security environments.

Approach. The question asks for the WS-Security specification that maintains a single authenticated identity across multiple dissimilar environments. This concept is known as federated identity. WS-Federation is precisely the specification designed for this purpose. It enables the establishment of trust relationships between different security realms (e.g., identity providers and service providers) to allow users authenticated in one realm to access resources in another without re-authentication. Therefore, the correct interaction is to click on the 'WS-Federation' box.

Common mistakes.

• common_mistake. Selecting any other option would be incorrect because they address different aspects of web services security:
• WS-Secure Conversation focuses on establishing secure, stateful sessions for message exchanges, primarily for performance and context, not cross-domain identity federation.
• WS-Authorization defines how access control decisions are made for web service operations, dealing with 'what' a user can do, not 'who' they are across domains.
• WS-Policy provides a general framework for describing the capabilities and requirements of a web service, including security policies, but it doesn't implement the federation itself.
• WS-Trust is a foundational specification for issuing, renewing, and validating security tokens (like SAML tokens) that are crucial for federated identity. While closely related, WS-Trust specifies the mechanisms for token exchange, whereas WS-Federation builds upon this to define the overall protocol and patterns for federated identity management across different organizations or security realms. The question specifically asks about maintaining identity across environments, which is the higher-level goal addressed by Federation, using Trust for underlying token mechanisms.
• WS-Privacy deals with privacy requirements and policies for exchanging personal data via web services, unrelated to identity federation across domains.

Concept tested. Web Services Security (WS-Security) specifications, specifically the understanding of federated identity management and the role of WS-Federation in achieving single sign-on and identity propagation across disparate security realms.

Reference. null

No community discussion yet for this question.