Your web application received a token from a subject, Alice@WentzWu.com, issued by a SAML-like ID provider. Which of the following is an assertion that best supports attribute-based access control?
A. Role
B. XACML
C. MaritalStatus=False
D. Alice@WentzWu.com
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. MaritalStatus=False.
An assertion is a statement about an entity or subject, usually expressed in the form of a name-value pair.
“MaritalStatus=False” is an assertion describing an entity with the attribute, MaritalStatus, with the value, False. This assertion can be used for authorization, while either the attribute (MaritalStatus) or value (False) alone is not sufficient.
- The “role” of an entity is an attribute.
- XACML is an XML-based protocol for authorization.
- “Alice@WentzWu.com” is the value of the attribute, UserID or Username.
For example, a SAML assertion may carry statements about a subject as follows:
- The subject is named “Wentz Wu.”
- The subject has an email address of wentzwu@gmail.com.
- The subject is a member of the “engineering” group.
The following are ISO definitions:
- An assertion is the “sentence or proposition in logic which is asserted (or assumed) to be true.” (ISO/TS 21526:2019)
- A claim is an “assertion of identity.” (ISO/IEC 24745:2011)
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您的Web應用程式收到了來自基於類似SAML的ID提供者發給Alice@WentzWu.com這個主體(subject)的令牌。 以下哪個斷言(assertion)最能支持基於屬性的訪問控制(ABAC)?
A. Role
B. XACML
C. MaritalStatus=False
D. Alice@WentzWu.com