CCSP Exam - Question 104

Application is the relaying party in the context of federation. The Identity Provider passes the information to the relaying party, which is the application. That's why D is correct

it is the right one

The question talking about which system gives the tokens to be consumed by relying party/application.

Really confusing, as the Authorization is done by the "Relying Party" who is the one that needs to provide the Authrorization. The identity provider, passes the identification+Authentication. I understand your point, and I like the idea of thinking the Application = Relying Party, that way it is easier to point to the Identity Provider as the right answer.

My thought is B, "The relying party is any member of the federation that shares resources based on authenticated identities. Relying parties then handle authorization based on their policies. This allows a relying party to determine their level of trust in third-party IdPs and to map permissions on their own rather than relay on the IdP to provide both authentication and authorization. " From the CCSP Official Study Guide, Third Edition pg 181

I would have said B. The Identity Provider doesnt touch the application. The information comes from the relying party?

A relaying party may authorize a user’s request based on authorization attributes fetched from an IdP. Examples of authorization attributes include permissions/privileges assigned to the user or the user’s role. IdP provides the attributes, and answer is D.

In a federated identity scenario, the Identity Provider (IdP) supplies an assertion or token containing user identity data (often called claims). The application (relying party) then uses this information to make authorization decisions (i.e., what the user is allowed to do).