A media service wants to unify sign-ins across its different websites. Its plan issues a compact token containing user details after sign-in. Additional websites accept this minimal token without asking for credentials again. Which method is most appropriate here?
A certificate-based model that distributes client certificates to each affiliated website
A ticket system requiring separate key negotiations for each new session
An XML token-based strategy that depends on large assertion documents
An extension of a widely used authorization approach that includes a minimal token carrying user claims
An extension of an existing framework that provides a minimal token carrying user claims matches the described scenario. This approach supports seamless reuse across websites without repeated logins. The other methods involve tickets that require ongoing exchanges, large XML assertions, or multiple re-authentication steps, which do not align with relying on a compact token model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a compact token in the context of authentication?
Open an interactive chat with Bash
How does token-based authentication differ from certificate-based methods?
Open an interactive chat with Bash
Why is a minimal token model better suited for unified sign-ins across websites?