A security analyst is working on a project team responsible for the integration of an enterprise SSO solution.
The SSO solution requires the use of an open standard for the exchange of authentication and authorization
across numerous web based applications. Which of the following solutions is most appropriate for the analyst to
recommend in this scenario?