Enterprise Access Management (EAM) provides access control management services to Web-based
enterprise systems. Which of the following functions is NOT normally provided by extant EAM
approaches?

A.
Accommodation of a variety of authentication mechanisms

B.
Interoperability among EAM implementations

C.
Role-based access control

D.
Single sign-on

Explanation:
In general, security credentials produced by one EAM solution are not recognized by another
implementation. Thus, reauthentication is required when linking from one Web site to another
related Web site if the sites have different EAM implementations. Answer “Single sign-on” (SSO) is
approached in a number of ways. For example, SSO can be implemented on Web applications in the
same domain residing on different servers by using nonpersistent, encrypted cookies on the client
interface. This is accomplished by providing a cookie to each application that the user wishes to
access. Another solution is to build a secure credential for each user on a reverse proxy that is
situated in front of the Web server. The credential is, then, presented at each instance of a user
attempting to access protected Web applications. For answer b, most EAM solutions accommodate a
variety of authentication technologies, including tokens, ID/passwords and digital certificates.
Similarly, for answer c, EAM solutions support role-based access controls, albeit they may be
implemented in different fashions. Enterprise-level roles should be defined in terms that are
universally accepted across most ecommerce applications.