Which authorization framework is commonly used in modern web applications to…
2023
Which authorization framework is commonly used in modern web applications to enable token-based access and is often integrated into Single Sign-On (SSO) systems?
- A.
Secure Sockets Layer
- B.
Kerberos
- C.
OAuth 2.0
- D.
Lightweight Directory Access Protocol
- E.
Transport Layer Security
Attempted by 31 students.
Show answer & explanation
Correct answer: C
Concept
An authorization framework defines how a client application is granted limited, delegated access to a protected resource on behalf of a user, typically by issuing and validating access tokens rather than sharing the user's credentials. This token-based delegation is exactly what modern web and mobile single sign-on (SSO) flows rely on, where one identity provider issues tokens that many applications trust.
Applying it here
The framework whose entire purpose is delegated, token-based authorization for web and mobile applications is OAuth 2.0. Defined in RFC 6749 as 'The OAuth 2.0 Authorization Framework', it issues access tokens through flows such as the authorization code grant, and it is the foundation on which the OpenID Connect identity layer and most enterprise SSO sign-in flows are built.
Contrast with the other choices
Secure Sockets Layer and Transport Layer Security are transport-encryption protocols that secure data in transit; they protect the channel but do not authorize delegated access or issue access tokens.
Kerberos is a network authentication protocol that uses tickets within a trusted domain (common in Windows networks); it authenticates identities but is not the token-based authorization framework built for modern web/mobile SSO.
Lightweight Directory Access Protocol is a protocol for querying and managing a directory of users and resources; it stores identity data but does not perform delegated, token-based authorization.
Therefore OAuth 2.0 is the correct authorization framework for token-based access in SSO systems.