Exam CAS-004 topic 1 question 548 discussion

o SAML (Security Assertion Markup Language): This is a widely used standard for single sign-on (SSO), allowing users to authenticate once with a third-party provider (like Google or LinkedIn) and access multiple applications with the same credentials. It supports long-term access tokens, fulfilling the six-month requirement. o JWT (JSON Web Token): This is a standard for securely transmitting information between two parties. It can be used to store authentication data and refresh tokens, enabling long-term sessions. JWT is stateless, meaning the server doesn't need to maintain session information on its side, further aligning with the requirements. OAuth uses JWT format for claims data.

A. SAML (Security Assertion Markup Language) SAML is a widely adopted, XML-based open standard for exchanging authentication and authorization data between parties, specifically between an Identity Provider (IdP) and a Service Provider (SP). SAML is a widely adopted, XML-based open standard for exchanging authentication and authorization data between parties, specifically between an Identity Provider (IdP) and a Service Provider (SP). C: JWT (JSON Web Token) JSON Web Token (JWT) is a proposed Internet standard that uses signed tokens to communicate with previously established authentication information in an SSO environment. For example, a server could generate a token that has the claim “logged in as tmcmillan” and provide that to a client. The client could then use that token to prove that it is logged in as tmcmillan. JWTs can include expiration claims and can be designed to maintain sessions for extended periods, such as six months.