ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization is building a cloud-hosted customer portal that must allow external business partners to reuse their own corporate credentials for seamless single sign-on. Each partner will continue to manage its user directory, and the portal must trust the partners' authentication assertions without storing partner passwords. Which secure architecture pattern best satisfies this requirement?

Implementing a security chain of responsibility across application components
Designing a three-tier defense-in-depth network segmentation model
Federated identity with a token-based single sign-on scheme (e.g., SAML or OpenID Connect)
Applying the Sherwood Applied Business Security Architecture (SABSA) framework

Report Issue

Answer Description

A federated identity pattern establishes trust relationships between distinct security domains so that an identity authenticated in one domain can be accepted in another. Using technologies such as SAML, OAuth, or OpenID Connect, the customer portal relies on identity providers operated by each partner to issue security tokens (assertions). This fulfills the need for single sign-on while letting partners retain control of their user stores and keeping passwords within the originating domain. SABSA is an enterprise security architecture framework, the security chain of responsibility focuses on accountability distribution inside a system, and an N-tier defense-in-depth model segments application layers rather than addressing cross-domain authentication.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.