Which of the following is not a valid type of SAML assertion?

Which of the following is not a valid type of SAML assertion?

Which of the following is not a valid type of SAML assertion?

A.
authentication assertion

B.
authorization decision assertion

C.
audit assertion

D.
attribute assertion

Explanation:
SAML defines the syntax and semantics for creating XML-encoded assertions to
describe authentication, attribute, and authorization (entitlement) information, and for
the protocol messages to carry this information between systems. A brief description
of the three SAML assertions is provided below.
* Authentication Assertion (not A) – Generated by the authority when a subject successfully
authenticates. It includes identity of the issuer and the principal, time of
authentication, and how long it is valid. Many authentication methods are supported,
including: passwords, Kerberos, hardware tokens, certificate-based client
authentication (SSL/TLS), X.509 public key, PGP, XML digital signature, etc.
* Authorization Decision Assertion (not B) – Issued by a policy decision point (PDP)
containing the result of an access control decision. Authentication and attribute
assertions may be provided in order to make authorization decisions. The resulting
authorization assertion is used to claim access to protected resources. It includes the
decision (Permit or Deny), along with the resource URI being accessed, and the action

that the principal is authorized to perform.
* Attribute Assertion (not D)- Generally issued by the authority in response to a request
containing an authentication assertion. It contains a collection of attribute name/value
pairs, in addition to identity and other elements. Attribute assertions can be passed to
the authority when authorization decisions need to be made.
Reference: Oracle Reference Architecture,Security, Release 3.1



Leave a Reply 0

Your email address will not be published. Required fields are marked *