2 cissp ® Official Study Guide Eighth Edition

Extensible Access Control Markup Language

Download 19,3 Mb.

Pdf ko'rish

bet	571/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 567 568 569 570 571 572 573 574 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

OpenID Connect

Extensible Access Control Markup Language Extensible Access Control Markup
Language (XACML)
is a standard developed by OASIS and is used to define access control
policies within an XML format. It commonly implements policies as an attribute-based
access control system but can also use role-based access controls. It helps provide assur-
ances to all members in a federation that they are granting the same level of access to
different roles.
OAuth 2.0
OAuth (implying open authentication) is an open standard used for access
delegation. As an example, imagine you have a Twitter account. You then download an app
called Acme that can interact with your Twitter account. When you try to use this feature,
it redirects you to Twitter, and if you’re not already logged on, you’re prompted to log on to

Implementing Identity Management
607
Twitter. Twitter then asks you if you want to authorize the app and tells you what permis-
sions you are granting. If you approve, the Acme app can access your Twitter account. A
primary benefi t is that you never provide your Twitter credentials to the Acme app. Even if
the Acme app suffers a major data breach exposing all their data, it does not expose your
credentials. Many online sites support OAuth 2.0, but not OAuth 1.0. OAuth 2.0 is not
backward compatible with OAuth 1.0. RFC 6749 documents OAuth 2.0.
OpenID
OpenID is also an open standard, but it is maintained by the OpenID Foundation
rather than as an RFC standard. It provides decentralized authentication, allowing users to
log into multiple unrelated websites with one set of credentials maintained by a third-party
service referred to as an OpenID provider. When users go to an OpenID-enabled website
(also known as a Relying Party), they are prompted to provide their OpenID identity as a
uniform resource locator (URL). The two sites exchange data and create a secure channel.
The user is then redirected to the OpenID provider and is prompted to provide the pass-
word. If correct, the user is redirected to the OpenID-enabled site.
OpenID Connect
OpenID Connect is an authentication layer using the OAuth 2.0 frame-
work. Like OpenID, it is maintained by the OpenID Foundation. It builds on the tech-
nologies created with OpenID but uses a JavaScript Object Notation (JSON) Web Token
(JWT), also called an ID token. OpenID Connect uses a Representational State Transfer
(REST)–compliant web service to retrieve the JWT. In addition to providing authentica-
tion, the JWT can also include provide profi le information about the user.
SAML is a popular SSO language on the internet. XACML has become
popular with software-defined networking applications. OAuth and
OpenID Connect are used with many web-based applications to share
authentication information without sharing credentials.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 567 568 569 570 571 572 573 574 ... 881