nerdexam
(ISC)2

CISSP · Question #679

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

The correct answer is A. Security Assertion Markup Language (SAML). The standard that is used to exchange authorization information between different identity management systems is Security Assertion Markup Language (SAML). SAML is an XML-based standard that defines a framework for exchanging security information, such as authentication, authoriz

Submitted by the_admin· Mar 5, 2026Identity and Access Management (IAM)

Question

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Options

  • ASecurity Assertion Markup Language (SAML)
  • BService Oriented Architecture (SOA)
  • CExtensible Markup Language (XML)
  • DWireless Authentication Protocol (WAP)

How the community answered

(38 responses)
  • A
    89% (34)
  • B
    3% (1)
  • C
    5% (2)
  • D
    3% (1)

Explanation

The standard that is used to exchange authorization information between different identity management systems is Security Assertion Markup Language (SAML). SAML is an XML-based standard that defines a framework for exchanging security information, such as authentication, authorization, or attributes, between different parties or domains, such as service providers, identity providers, or users. SAML can be used to enable single sign-on (SSO), which is a process that allows a user to access multiple services or applications with a single authentication, by using assertions, which are statements or claims that contain the security information, such as the identity, role, or privilege of the user, that are issued or validated by the identity provider, and that are consumed or verified by the service provider. SAML can help to simplify, streamline, or secure the identity management process, by providing a standard, interoperable, or flexible way to exchange the security information between different identity management systems. Service Oriented Architecture (SOA), Extensible Markup Language (XML), or Wireless Authentication Protocol (WAP) are not the standards that are used to exchange authorization information between different identity management systems, as they are either more related to the architectural styles, data formats, or communication protocols, that are used to design, represent, or transmit the information, rather than to exchange the security information, between different identity management systems.

Topics

#SAML#identity federation#SSO#authorization protocols

Community Discussion

No community discussion yet for this question.

Full CISSP Practice