Chapter 5
Providing the Appropriate Authentication and Authorization Controls
This chapter covers the following topics:
Credential Management: This section covers password repository applications, end-user password storage, on-premises vs. cloud repositories, hardware key management, and privileged access management.
Password Policies: Topics covered include complexity, length, character classes, history, maximum/minimum age, auditing, and reversible encryption.
Federation: This section covers transitive trust, OpenID, Security Assertion Markup Language (SAML), and Shibboleth.
Access Control: Topics covered include mandatory access control (MAC), discretionary access control (DAC), role-based access control, rule-based access control, and attribute-based ...
Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.