HOTSPOT
Resources must authenticate to an identity provider.
You need to configure the Azure Access Control service.
What should you recommend? To answer, select the appropriate responses for each requirement in the
answer area.
Hot Area:

Answer:

Explanation:
Box 1:
* Token – A user gains access to an RP application by presenting a valid token that was issued by an authority
that the RP application trusts.
* Identity Provider (IP) – An authority that authenticates user identities and issues security tokens, such as
Microsoft account (Windows Live ID), Facebook, Google, Twitter, and Active Directory. When Azure Access
Control (ACS) is configured to trust an IP, it accepts and validates the tokens that the IP issues. Because ACS
can trust multiple IPs at the same time, when your application trusts ACS, you can your application can offer
users the option to be authenticated by any of the IPs that ACS trusts on your behalf.
How to Authenticate Web Users with Azure Active Directory Access Control
http://azure.microsoft.com/en-gb/documentation/articles/active-directory-dotnet-how-to-use-access-control/
Box 2: WS-Trust is a web service (WS-*) specification and Organization for the Advancement of Structured
Information Standards (OASIS) standard that deals with the issuing, renewing, and validating of security tokens,
as well as with providing ways to establish, assess the presence of, and broker trust relationships between
participants in a secure message exchange. Azure Access Control (ACS) supports WS-Trust 1.3.
Incorrect:
ACS does not support Kerberos.
Protocols Supported in ACS
https://msdn.microsoft.com/en-us/library/azure/gg185948.aspx