Your web application received a token from a subject, Alice@WentzWu.com, issued by a SAML-like ID provider. Which of the following is an assertion that best supports attribute-based access control?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. MaritalStatus=False.
An assertion is a statement about an entity or subject, usually expressed in the form of a name-value pair.
“MaritalStatus=False” is an assertion describing an entity with the attribute, MaritalStatus, with the value, False. This assertion can be used for authorization, while either the attribute (MaritalStatus) or value (False) alone is not sufficient.
- The “role” of an entity is an attribute.
- XACML is an XML-based protocol for authorization.
- “Alice@WentzWu.com” is the value of the attribute, UserID or Username.
For example, a SAML assertion may carry statements about a subject as follows:
- The subject is named “Wentz Wu.”
- The subject has an email address of firstname.lastname@example.org.
- The subject is a member of the “engineering” group.
The following are ISO definitions:
- An assertion is the “sentence or proposition in logic which is asserted (or assumed) to be true.” (ISO/TS 21526:2019)
- A claim is an “assertion of identity.” (ISO/IEC 24745:2011)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.