CISSP · Question #385
Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?
The correct answer is B. Open Authentication (OAUTH). OAuth is an authorization framework specifically designed to grant third-party applications limited access to APIs without exposing user credentials, making it the standard for API access in Federated Identity Management.
Question
Options
- ASecurity Assertion Markup Language (SAML)
- BOpen Authentication (OAUTH)
- CRemote Authentication Dial-in User service (RADIUS)
- DTerminal Access Control Access Control System Plus (TACACS+)
How the community answered
(61 responses)- A8% (5)
- B87% (53)
- C2% (1)
- D3% (2)
Why each option
OAuth is an authorization framework specifically designed to grant third-party applications limited access to APIs without exposing user credentials, making it the standard for API access in Federated Identity Management.
SAML (Security Assertion Markup Language) is an XML-based standard focused on authentication and SSO for web browser-based federated identity, not specifically designed for API access authorization.
OAuth (Open Authorization) is an open standard authorization framework designed explicitly for delegated API access, allowing applications to obtain limited access tokens to interact with services on behalf of a user. It is the foundational protocol used in Federated Identity Management for API-level authorization, enabling secure token-based access across different identity domains. OAuth 2.0 is widely adopted by major platforms (Google, Microsoft, etc.) specifically to control API access without sharing credentials.
RADIUS is a network access authentication, authorization, and accounting (AAA) protocol primarily used for authenticating dial-in and network device users, not for API access or federated identity management.
TACACS+ is a Cisco-proprietary AAA protocol used for device administration and network access control, not designed for API access or federated identity management scenarios.
Concept tested: OAuth authorization standard for API access in FIM
Source: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Topics
Community Discussion
No community discussion yet for this question.