You are designing an enterprise-level Windows Communication Foundation (WCF) application. User accounts will migrate from the existing system. The new system must be able to scale to accommodate the increasing load. The new servers are experiencing significant stress under load of large-scale role changes. You need to ensure that the application can handle the stress. Which authorizations should you redesign? (Each correct answer presents a complete solution. Choose all that apply.)
A. Role-based approach
B. Identity-based approach
C. Resource-based trusted subsystem model
D. Resource-based impersonation/delegation model
Answer:
AC
Explanation
The Trusted Subsystems Model -
Once authorization is available as an autonomous service, the need for impersonation is eliminated. Instead of assuming the identity of the user, the application uses its own credentials to access services and resources, but it captures the user’s identity and passes it as a parameter (or token) to be used for authorization when a request is made. This model is referred to as the trusted subsystem model, because the application acts as a trusted subsystem within the security domain.