Application Security and
Authentication / Authorization Protocols

REST vs SOAP

REST	SOAP
Representational State Transfer	Simple Object Access Protocol
Uses simple HTTP	Uses SOAP envelope and then HTTP or FTP or SMTP to transfer the data
Supports many formats: JSON (JavaScript Object Notation), XML, YAML (Yet Another Multicolumn Layout)	XML only
Encrypts with SSL / HTTPS	Message-level cryptography
Good performance and scaling, uses caching	Slower performance, scaling is complex, caching is not possible
Widely used	Used where REST is not possible, provides WS-* features (Web Service standards: WS-Addressing, WS-Policy, WS-Security, WS-Federation, etc)

Puppet — configuration management system, you define the state of IT infrastructure and Puppet then enforces the correct state
Chef — you automate how you build, deploy, and manage architecture. Chef server stores "recipes". Chef client is installed on each node, periodically polls the Chef server for the latest policy.
Ansible — software provisioning, application deployment, and configuration management

The pre-Contents opening of their Wikipedia pages seem to contain most of what you need to know.

SAML — the most commonly used federation. XML-based framework to communicate user authentication, authorization, and attributes. Authentication tokens are digitally signed XML, moved over TLS.
WS-Federation, federation within the broader WS-Security or WS-* framework.
OpenID Connect — based on OAuth, lower security.
OAuth — widely used for web and mobile access. Users can grant websites or applications access to their information on websites, without giving them the passwords.
Also included in the exam question pool but with less emphasis:
- Shibboleth — heavily used in education settings, based on SAML, open & free
- XACML — eXtensible Access Control Markup Language. It's an Attribute-Based Access Control system. Attributes associated with a user or action or resource are inputs to the access-control decision.