Certified Information Systems Security Professional (CISSP) — Question 202

Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST method to use to protect them?

Answer options

• A. Pass data in a bearer assertion, only signed by the identity provider.
• B. Tokens and assertion should use base64 encoding to assure confidentiality.
• C. Use a challenge and response mechanism such as Challenge Handshake Authentication Protocol (CHAP).
• D. The access token or assertion should be encrypted to ensure privacy.

Correct answer: D

Explanation

The correct answer is D because encrypting the access token or assertion provides a strong layer of security, ensuring that sensitive information remains private during transmission. Options A and B do not adequately protect the data against interception, while C, although secure, does not specifically address the protection of tokens and assertions in the context of federated identity management.