Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. To streamline the order fulfillment process, the system will be integrated with the ones of key business partners. The development is evaluating solutions to address the issue of access control between systems in this supply chain integration initiative. As a security professional, which of the following is the best?
A. Identity as a Service (IDaaS)
B. Federated Identity
C. Single Sign-On (SSO)
D. Kerberos

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Federated Identity.


General Identity Federation Use Case

Source: Security Assertion Markup Language (SAML) V2.0 Technical Overview – Committee Draft 02, 25 March 2008


When online services wish to establish a collaborative application environment
for their mutual users, not only must the systems be able to understand the protocol syntax and semantics involved in the exchange of information; they must also have a common understanding of who the user is that is referred to in the exchange.

Users often have individual local user identities within the security domains of each partner with which they interact. Identity federation provides a means for these partner services to agree on and establish a common, shared name identifier to refer to the user in order to share information about the user across the organizational boundaries.

The user is said to have a federated identity when partners have established such an agreement on how to refer to the user. From an administrative perspective, this type of sharing can help reduce identity management costs as multiple services do not need to independently collect and maintain identity-related data (e.g. passwords, identity attributes). In addition, administrators of these services usually do not have to manually establish and maintain the shared identifiers; rather control for this can reside with the user.

Source: Security Assertion Markup Language (SAML) V2.0 Technical Overview – Committee Draft 02, 25 March 2008

Leave a Reply