You are designing an enterprise-level Windows Communication Foundation (WCF) application. User accounts
will migrate from the existing system. The new system must be able to scale to accommodate the increasing
load.
You need to ensure that the application can handle large-scale role changes.
What should you use for authorization? (Each correct answer presents a complete solution. Choose all that
apply.)
A.
Resource-based trusted subsystem model
B.
Identity-based approach
C.
Role-based approach
D.
Resource-based impersonation/delegation model
Explanation:
Advanced Maturity: Authorization as a Service
In the advanced level of maturity for authorization, role storage and management is consolidated and
authorization itself is a service available to any solution that is service-enabled.* The Trusted Subsystems Model
Once authorization is available as an autonomous service, the need for impersonation is eliminated. Instead of
assuming the identity of the user, the application uses its own credentials to access services and resources, but
it captures the user’s identity and passes it as a parameter (or token) to be used for authorization when a
request is made. This model is referred to as the trusted subsystem model, because the application acts as a
trusted subsystem within the security domain.
A and C is the correct answer. Please refer the explanation.
https://msdn.microsoft.com/en-us/library/ff647503.aspx
On this page it’s said that:
“In enterprise-level applications where scalability is essential, a role-based or identity-based approach for authorization is the best choice. For small-scale intranet applications that serve per-user content from resources (such as files) that can be secured with Windows ACLs, a resource-based approach may be appropriate.”
This is similar to Question 53:
You are designing an enterprise-level Windows Communication Foundation (WCF) application. User accounts
will migrate from the existing system. The new system must be able to scale to accommodate the increasing
load.
The new servers are experiencing significant stress under load of large-scale role changes.
You need to ensure that the application can handle the stress.
Which authorizations should you redesign? (Each correct answer presents a complete solution. Choose all that
apply.)
Answers to above: Role Based Approach
Resource Based trusted subsystem model
In enterprise-level applications where scalability is essential, a role-based or identity-based approach for authorization is the best choice.
For small-scale intranet applications that serve per-user content from resources (such as files) that can be secured with Windows ACLs, a resource-based approach may be appropriate.
Since this is enterprise level, the answers are:
role-based or identity-based approach (B & C)