Certified Information Systems Security Professional (CISSP) — Question 425

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

Answer options

• A. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.
• B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.
• C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources.
• D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.

Correct answer: B

Explanation

The correct answer is B because the clothing retailer serves as the identity provider (IdP), confirming the user's identity and sending the necessary credentials to the partner businesses that act as Service Providers. Option A is incorrect as it describes the retailer as User Self Service, which does not align with the IdP role. Options C and D misidentify the retailer's role as Service Provider and Access Control Provider, respectively, which are not applicable in this scenario.