To me, this talks about a situation where an organization is part of a larger ecosystem of identity providers and relying parties, that may be mediated by brokers.
There are many, complex, scenarios.
For example, one of my jobs is at a university in Utrecht, NL. My identity there is federated to the Eduroam organization, which means that when I arrive at Oslo airport, my phone can use the Eduroam WiFi there since the local Wifi uses that federated identity as well.
This is a real-life scenario that actually works. I am not making this up.
https://eduroam.org/Does that help?
------------------------------
Peter HJ van Eijk
CCSK & CCAK trainer
https://www.clubcloudcomputing.com/------------------------------
Original Message:
Sent: May 23, 2021 04:04:48 AM
From: Chris Jaimon
Subject: Doubt in Security Guidance- Domain 12: Identity, Entitlement and Access Management
Can some please explain, what the last 3 lines on the Security Guidance, Domain 12: Identity, Entitlement and Access Management, Page 135 means ?
More complex architectures can synchronize or federate a portion of an organization'sidentities for an internal directory through an identity broker and then to a cloud-hosted directory,which then serves as an identity provider for other federated connections.
------------------------------
Chris Jaimon
DevSecOps Engineer
CloudCover
------------------------------