Shared Signals Working Group - Specifications
The Shared Signals working group is providing data sharing schemas, privacy recommendations and protocols to share security event information to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers and enable users and providers to coordinate to securely restore accounts following a compromise.
Shared Signals Working Group
OVERVIEW
Shared Signals Working Group
CHARTER
Shared Signals Working Group
SPECIFICATIONS
Shared Signals Working Group
REPOSITORY
The working group has been developing the following specifications:
Implementer's Drafts
- OpenID Shared Signals and Events Framework Specification 1.0 – This Shared Signals and Events (SSE) Framework enables sharing of signals and events between cooperating peers. It enables multiple applications such as Risk Incident Sharing and Coordination (RISC) and the Continuous Access Evaluation Profile (CAEP)
- OpenID Continuous Access Evaluation Profile 1.0 – Defines the Continuous Access Evaluation Profile (CAEP) of the Shared Signals Framework. It specifies a set of event types conforming to the Shared Signals Framework. These event types are intended to be used between cooperating Transmitters and Receivers such that Transmitters may send continuous updates using which Receivers can attenuate access to shared human or robotic users, devices, sessions and applications.
- OpenID RISC Profile Specification 1.0 – Defines the Risk Incident Sharing and Coordination (RISC) Event Types based on the Shared Signals Framework. Event Types are introduced and defined in Security Event Token (SET).
– Most recent Implementer’s Draft - CAEP Interoperability Profile
Working Group Drafts
- Latest draft of the OpenID Shared Signals Framework (HTML, TXT)
- Latest draft of the OpenID Continuous Access Evaluation Profile (HTML, TXT)
- Latest draft of the Risk Information Sharing and Coordination Profile (HTML, TXT)
- Latest draft of the CAEP Interoperability Profile (HTML, TXT)