JSON Web Token (JWT) is best described as which?

• A. Provides authorization and specifies what access rights and privileges a user will have on a given system.
• B. An attestation model built upon XML for SOAP-based web services.
• C. A open-source option for SSO capabilities that utilized SAML.
• D. A proprietary protocol that only works on Cisco-based devices.

Answer: (A)

A JSON Web Token is a compact, URL-safe token that carries claims about an identity and the permissions that identity has. This makes it ideal for authorization: after authentication, a system issues a token that specifies who you are and what access rights you possess, and you present that token with subsequent requests to prove your privileges. The recipient can verify the token’s integrity via its signature and enforce access based on the embedded claims and expiration time. It’s widely used in API security and modern single sign-on flows, but it’s not tied to any particular vendor, nor is it tied to XML-based SAML or Cisco-only protocols.