The Open Group has defined functional objectives in support of a user
single sign-on (SSO) interface. Which of the following is NOT one of
those objectives and would possibly represent a vulnerability?
A.
Provision for user-initiated change of nonuser-configured
authentication information.
B.
Support shall be provided for a subject to establish a default user
profile.
C.
The interface shall be independent of the type of authentication
information handled.
D.
It shall not predefine the timing of secondary sign-on operations.
Explanation:
User configuration of nonuser-configured authentication mechanisms
is not supported by the Open Group SSO interface objectives.
Authentication mechanisms include items such as smart cards and
magnetic badges. Strict controls must be placed to prevent a user
from changing configurations that are set by another authority.
Objective a supports the incorporation of a variety of authentication
schemes and technologies. Answer c states that the interface functional
objectives do not require that all sign-on operations be performed
at the same time as the primary sign on. This prevents the
creation of user sessions with all the available services even though
these services are not needed by the user.
The creation of a default user profile will make the sign-on more efficient and less
time-consuming.
In summary, the scope of the Open Group Single Sign-On Standards
is to define services in support of:
The development of applications to provide a common, single
end-user sign-on interface for an enterprise.
The development of applications for the coordinated management
of multiple user account management information bases
maintained by an enterprise.