CISSP · Question #679
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
The correct answer is A. Security Assertion Markup Language (SAML). The standard that is used to exchange authorization information between different identity management systems is Security Assertion Markup Language (SAML). SAML is an XML-based standard that defines a framework for exchanging security information, such as authentication, authoriz
Question
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
Options
- ASecurity Assertion Markup Language (SAML)
- BService Oriented Architecture (SOA)
- CExtensible Markup Language (XML)
- DWireless Authentication Protocol (WAP)
How the community answered
(38 responses)- A89% (34)
- B3% (1)
- C5% (2)
- D3% (1)
Explanation
The standard that is used to exchange authorization information between different identity management systems is Security Assertion Markup Language (SAML). SAML is an XML-based standard that defines a framework for exchanging security information, such as authentication, authorization, or attributes, between different parties or domains, such as service providers, identity providers, or users. SAML can be used to enable single sign-on (SSO), which is a process that allows a user to access multiple services or applications with a single authentication, by using assertions, which are statements or claims that contain the security information, such as the identity, role, or privilege of the user, that are issued or validated by the identity provider, and that are consumed or verified by the service provider. SAML can help to simplify, streamline, or secure the identity management process, by providing a standard, interoperable, or flexible way to exchange the security information between different identity management systems. Service Oriented Architecture (SOA), Extensible Markup Language (XML), or Wireless Authentication Protocol (WAP) are not the standards that are used to exchange authorization information between different identity management systems, as they are either more related to the architectural styles, data formats, or communication protocols, that are used to design, represent, or transmit the information, rather than to exchange the security information, between different identity management systems.
Topics
Community Discussion
No community discussion yet for this question.