Certified Information Systems Security Professional (CISSP) — Question 321

A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?

Answer options

• A. Proxied federation
• B. Dynamic registration
• C. Federation authorities
• D. Static registration

Correct answer: A

Explanation

The correct answer is A, Proxied federation, as it allows for secure sharing while masking the identities of IdPs and RPs, thus protecting subscriber information. Options B and D, Dynamic registration and Static registration, do not provide the necessary privacy features for external collaborations. Option C, Federation authorities, also does not effectively blind IdPs and RPs as required in this scenario.