CompTIA CASP+ Practice Test

What is correct about the trust relationship between organizations using web-based services in SPML?

• A. The trust relationship uses OAuth in the message body.
• B. The trust relationship uses SAML in the SOAP header.
• C. The trust relationship requires a third-party verifier.
• D. The trust relationship cannot utilize federated identity.

The correct answer is: The trust relationship uses SAML in the SOAP header.

The correct assertion regarding the trust relationship between organizations using web-based services in SPML (Service Provisioning Markup Language) is that it utilizes SAML (Security Assertion Markup Language) in the SOAP (Simple Object Access Protocol) header. SAML is a well-established standard for exchanging authentication and authorization data between parties, particularly in federated identity environments. When organizations interact through web-based services, SAML is often employed to facilitate secure claims about user identities and their entitlements. By embedding SAML assertions in the SOAP header, systems can communicate identity information and authorization decisions securely and digitally, ensuring that the assertion is trusted based on the party making the claim. Using SAML in this context helps establish a robust trust framework as organizations exchange provisioning data while relying on assertions that validate the identity of users and services involved. The other options are incorrect: OAuth, though widely used for authorization, is not typically the mechanism employed for trust relationships in SPML. A third-party verifier may sometimes be involved in establishing trust but is not a requirement for all trust relationships in SPML. Finally, federated identity is a key concept in SPML, allowing different organizations to trust user identities across domains, making the assertion about its utilization incorrect.