Arcitura Education S90.20 Exam - Topic 1 Question 26 Discussion
Service Consumer A sends a request message with a Username token to Service A (1). Service B authenticates the request by verifying the security credentials from the Username token with a shared identity store (2). To process Service Consumer A's request message, Service A must use Services B, C, and D .Each of these three services also requires the Username token (3. 6, 9) in order to authenticate Service Consumer A by using the same shared identity store (4, 7, 10). Upon each successful authentication, each of the three services (B, C, and D) issues a response message back to Service A (5, 8, 11). Upon receiving and processing the data in all three response messages, Service A sends its own response message to Service Consumer A (12). You are asked to redesign this service composition architecture so that it can still carry out the described message exchanges while requiring that Service Consumer A only be authenticated once using the identity store. Which of the following statements describes an accurate solution?
A) A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied, resulting in Service A becoming the authentication broker. The authentication broker authenticates the security credentials received from Service Consumer A against the identity store. After successful authentication, the authentication broker issues a signed SAML token for Service Consumer A .The SAML token is subsequently provided to Services B.C .and D by Service A, on behalf of Service Consumer A .
B) A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin-Authentication pattern. A separate authentication broker utility service is added in between Service Consumer A and Service A .This requires that Service A send its Username token only once to Service B .Service B then acts as a secondary authentication broker and authenticates Service Consumer A and Service A using the identity store. If the authentication is successful,Service B generates a shared secret key to be used as a session key during communication with Services C and D .Because the session key is only known by these services, it can be used authenticates the services to each other.
C) A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin Authentication pattern. Service A is redesigned to use holder-of-key based subject confirmation SAML assertions. This way, Service A only needs to send its Username token once to Service B .Service B then acts as the authentication broker by issuing a SAML token to Service A and then further sends the SAML token to Services C and D on behalf of Service Consumer A and Service A .Service B signs the SAML assertion in order to ensure its authenticity and integrity during message exchanges with Services C and D .
D) The Direct Authentication pattern is applied together with an authentication process that uses digital certificates and digital signatures instead of Username tokens. The digital certificate of Service Consumer A is attached to all subsequent request messages issued by Services A, B, C and D and these request messages are further signed by a private key.
MENU
Stephaine
7 months agoOdelia
7 months agoHeike
8 months agoKenny
8 months agoGalen
8 months agoSlyvia
8 months agoSharee
8 months agoMarleen
8 months agoShalon
8 months agoLeota
8 months ago