A service that was previously using a shared identity store is now given its own dedicated identity store instead. What are the likely impacts (positive or negative) that will result from this change?
A hashing function always returns _____________ for the same input data.
The use of XML-Encryption supports the application of the Service Abstraction principle because the actual message remains hidden from the attacker.
The application of the Brokered Authentication pattern is best suited for a scenario whereby a service consumer does not need to re-authenticate itself with multiple services.
The Data Origin Authentication pattern is applied to services throughout a service inventory. As a result, if malicious service intermediaries change data within messages exchanged by these services, such changes will be detected.
Service A is owned by Organization A. Service A sends a message containing confidential data to Service B, which is owned by Organization B. Service B sends the message to Service C, which is also owned by Organization B. Organization A trusts Organization B, which means there is no requirement to protect messages from intermediaries and after a message is received by Service B (and as long as the message remains within the boundary of Organization B), there is no requirement to keep the message data confidential. Which of the following approaches will fulfill these security requirements with the least amount of performance degradation?
Losing a ______________ does not compromise the identity of the key owner, whereas losing a ___________ does compromise the identity of the key owner.
The X.509 token can be used to express a ______________ security token that provides an X.509 digital certificate.
The services within a domain service inventory provide access to confidential data retrieved from a shared database. These services need to be accessible from outside the domain service inventory. Which of the following design options will preserve the confidentiality of the data when the services are accessed from outside the service inventory?
When using a single sign-on mechanism, security contexts are____________.
Using message-layer security, if a service agent takes possession of a message, it can forward the message to another service.
Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.
Which of the following approaches represents a valid means of utilizing generic security logic?
Security specialists are planning to implement public key cryptography in order to encrypt messages exchanged between Service A and Service B. Which of the following options fulfills this requirement?