Exam CISSP topic 1 question 8 discussion

Agree with "B" - "Employees are provisioned with user accounts" sounds like the clothing retailer is an IdP. Also from crowdstrike: Identity and access management (IAM) is a framework that allows the IT team to control access to systems, networks and assets based on each user’s identity. IAM consists of two main components: 1. Identity management: Verifies the identity of the user based on existing information in an identity management database. 2. Access management: Uses the requestor’s identity to confirm their access rights to different systems, applications, data, devices and other resources. An IAM tool’s core functions are to: Assign a single digital identity to each user Authenticate the user Authorize appropriate access to relevant resources Monitor and manage identities to align with changes within the organization https://www.crowdstrike.com/cybersecurity-101/identity-access-management-iam/

B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services. The Extended Identity principle is a concept that is used to enable access to resources across partner businesses with different IAM technologies. In this scenario, the clothing retailer acts as an identity provider (IdP), which confirms the identity of the user using industry standards such as SAML, OAuth, or OpenID Connect. The IdP then sends the user's credentials to partner businesses that act as a Service Provider (SP) and allow access to resources. By using a common IAM protocol, such as SAML, OAuth, or OpenID Connect, the partner businesses can trust the clothing retailer's authentication of the user's identity and grant access to the requested resources. This allows the clothing retailer's employees to access resources at partner businesses without having to maintain separate user accounts for each partner business.

B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.

B. Clothing retailer acts as identity provider (IdP), confirms identity, then sends credentials to partner businesses (Service Providers) for access.

Agree with option B. Employees get their access from Clothing retailer (Idp) to access resources at partner businesses (Service provider).

The key here is that the clothing provider is providing resources. " that provide access to resources at partner businesses" A Service Provider is an application or service that users want to access, while an Identity Provider authenticates those users and validates their identities. The SP trusts the IdP to securely handle logins. There for the Retailer "Provides" resources becoming the "Service Provider"

Clothing retailer provide the identity

The SAML 2.0 specification utilizes three entities: the principal, the service provider, and the identity provider