Which standard enables the exchange of authentication assertions in web single sign-on scenarios?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which standard enables the exchange of authentication assertions in web single sign-on scenarios?

Explanation:
In web single sign-on, the essential need is a trusted, standardized way to carry proof of a user’s authentication from the identity provider to the service provider. SAML defines the format and mechanism for that authentication assertion, typically packaged as an XML document that is signed to ensure integrity and can be exchanged over the user’s browser between the identity provider and the service provider. The assertion conveys who the user is (the subject) and any attributes or conditions the service requires, allowing the service to grant access without the user re-entering credentials. The other options don’t fit this role: OAuth 2.0 handles delegated authorization rather than transmitting authentication assertions, and REST or SOAP describe messaging styles or protocols rather than providing a standardized assertion for SSO.

In web single sign-on, the essential need is a trusted, standardized way to carry proof of a user’s authentication from the identity provider to the service provider. SAML defines the format and mechanism for that authentication assertion, typically packaged as an XML document that is signed to ensure integrity and can be exchanged over the user’s browser between the identity provider and the service provider. The assertion conveys who the user is (the subject) and any attributes or conditions the service requires, allowing the service to grant access without the user re-entering credentials. The other options don’t fit this role: OAuth 2.0 handles delegated authorization rather than transmitting authentication assertions, and REST or SOAP describe messaging styles or protocols rather than providing a standardized assertion for SSO.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy