Which one of the following statements best describes authentication as a service?
A.
Authentication is a service offered by the local computing platform to the application it is
hosting. The application uses this service to authenticate users with a local LDAP.
B.
Authentication is a service offered by the enterprise security framework. Applications access it
directly, bypassing local platform security. The authentication service provides a level of
abstraction between applications and the various instances of infrastructure (LDAPs, databases)
that can be used to verify credentials.
C.
Authentication is a service offered by both the local computing platform and the enterprise
security framework. The local platform can be configured to direct requests to local LDAPs or
common enterprise services, depending on the operating environment (dev/test/production).
Meanwhile, the enterprise security framework services can virtualize several shared credential
stores into a single shared service.
D.
Authentication is not a valid example of a security service.
Explanation:
ORA Security is one of the series of documents that comprise Oracle Reference
Architecture. ORA Security describes important aspects of the enterprise security layer
including identity, role, and entitlement management, authentication, authorization,
and auditing (AAA), and transport, message, and data security.
A desktop SSO solution is one that lives on the user’s personal computer and handles
authentication challenges on behalf of the user. The user logs into his desktop
environment, which in turn works on his behalf to authenticate to the applications he
accesses. The user is no longer prompted for credentials – they are provided
automatically by a process running on the desktop.
Reference: Oracle Reference Architecture,Security, Release 3.1