Cross-Certification is best described as which concept?

• A. Utilizes a web of trust between organizations where they certify one another inside the federation.
• B. A two-way relationship automatically created between parent and child domains within MS Active Directory.
• C. Allows organizations to place their trust in a single third-party.
• D. An open-source option for SSO capabilities that utilized SAML.

Answer: (A)

Cross-certification describes establishing mutual trust among multiple organizations by certifying each other’s certification authorities within a federation. This creates a web of trust that allows certificates issued by one organization to be trusted by others, enabling interoperable authentication and access across domains without relying on a single central authority.

This fits best because it emphasizes the reciprocal, multi-party trust model across organizations in a federation. It isn’t about a Windows AD domain trust, which is specific to directory trusts; it isn’t about trusting a single third party, which would be a centralized trust model; and it isn’t about SSO using an open-source SAML-based solution, which is a protocol for exchanging authentication assertions rather than a trust framework between PKIs.