Enterprise Access Management (EAM) provides access control
management services to Web-based enterprise systems. Which of the
following functions is NOT normally provided by extant EAM
approaches?

A.
Accommodation of a variety of authentication mechanisms

B.
Interoperability among EAM implementations

C.
Role-based access control

D.
Single sign-on

Explanation:
In general, security credentials produced by one EAM solution are
not recognized by another implementation. Thus, reauthentication is
required when linking from one Web site to another related Web site
if the sites have different EAM implementations.
Answer “Single sign-on” (SSO) is approached in a number of ways. For example,
SSO can be implemented on Web applications in the same domain
residing on different servers by using nonpersistent, encrypted
cookies on the client interface. This is accomplished by providing a
cookie to each application that the user wishes to access. Another
solution is to build a secure credential for each user on a reverse
proxy that is situated in front of the Web server. The credential is,
then, presented at each instance of a user attempting to access
protected Web applications. For answer b, most EAM solutions
accommodate a variety of authentication technologies, including
tokens, ID/passwords and digital certificates. Similarly, for answer
c, EAM solutions support role-based access controls, albeit they may
be implemented in different fashions. Enterprise-level roles should
be defined in terms that are universally accepted across most ecommerce
applications.