A small company is developing a new Internet-facing web application. The security requirements are:
1. Users of the web application must be uniquely identified and authenticated.
2. Users of the web application will not be added to the company’s directory services.
3. Passwords must not be stored in the code.
Which of the following meets these requirements?

A.
Use OpenID and allow a third party to authenticate users.

B.
Use TLS with a shared client certificate for all users.

C.
Use SAML with federated directory services.

D.
Use Kerberos and browsers that support SAML.