Exam CISSP topic 1 question 97 discussion

A A proxied federation model can provide several benefits. Federation proxies can simplify technical integration between the RP and IdP by providing a common interface for integration. Additionally, to the extent a proxy effectively blinds the RP and IdP from each other, it can provide some business confidentiality for organizations that want to guard their subscriber lists from each other. https://pages.nist.gov/800-63-3/sp800-63c.html#federation

Proxied federation: In this model, an intermediary, known as a federation proxy, acts as a go-between between the IdP and RP. This hides the identity information of the subscribers from both parties, protecting their privacy. Dynamic registration: This model allows users to register with a federation without having to provide their credentials to individual RPs. However, it does not necessarily hide the subscriber lists from the IdP and RP. Federation authorities: These are entities that manage and maintain a federation of identity providers and relying parties. While they can provide security and management services, they do not necessarily protect the privacy of subscriber lists. Static registration: This model requires users to register with each RP individually, which can be cumbersome and does not protect the privacy of subscriber lists.

I don't get it. So in using direct federation (without proxy), RP and IdP can access the subscriber list from the server? Is this true, or is it just a badly worded question?

Answer A) Proxied Federation https://pages.nist.gov/800-63-4/sp800-63c/federation/#:~:text=A%20proxied%20federation%20model,lists%20from%20each%20other.

A is the wAy

A. Proxied federation. Proxied federation is a type of federated identity management that allows organizations to share access to resources without revealing the identities of other organizations. In proxied federation, a central identity provider (IdP) acts as a proxy for the other organizations. This means that when an organization wants to access the resources of another organization, it authenticates with the central IdP. The central IdP then authenticates with the other organization on behalf of the first organization. This way, the other organization does not know the identity of the first organization.

A. Proxied federation. Proxied federation is an identity model that allows the sharing of identity information between different parties while maintaining privacy and confidentiality. In this model, a proxy service acts as an intermediary between the IdPs and RPs, ensuring that sensitive subscriber lists are not disclosed to other parties. With proxied federation, the proxy service handles the authentication and authorization process, acting as a trusted intermediary. It allows the cloud storage provider to verify the identities of external business partners without revealing sensitive information about other subscribers or relying parties. This ensures privacy and confidentiality while enabling shared access to the sensitive data.

In a proxied federation, communication between the IdP and the RP is intermediated in a way that prevents direct communication between the two parties. There are multiple methods to achieve this effect. Common configurations include: A third party that acts as a federation proxy (or broker) • A network of nodes that distributes the communications Where proxies are used, they function as an IdP on one side and an RP on the other. Therefore, all normative requirements that apply to IdPs and RPs SHALL apply to proxies in their respective roles. A proxied federation model can provide several benefits. Federation proxies can simplify technical integration between the RP and IdP by providing a common interface for integration. Additionally, to the extent a proxy effectively blinds the RP and IdP from each other, it can provide some business confidentiality for organizations that want to guard their subscriber lists from each other. Proxies can also mitigate some of the privacy risks -- pg12 -- https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-63c.pdf

A. Proxied federation Proxied federation is a method of identity management that allows identity providers (IdPs) and relying parties (RPs) to communicate through a third-party service, known as a proxy. This allows the IdP and RP to remain anonymous to each other, and it helps to protect the privacy of subscriber lists. Dynamic registration is a method of identity management that allows new IdPs and RPs to register with the system automatically. While this can be useful for managing a large number of partners, it does not provide the same level of protection for subscriber lists as proxied federation. Federation authorities and static registration are not related to the question of protecting subscriber lists. Federation authorities are a way of managing and coordinating multiple federations, and static registration is a method of identity management that involves manually registering new IdPs and RPs with the system.

Vote for A.

Cww1 stated, its says verbatim in the NIST doc. Its A