OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Event Recording

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.

Presentation deck

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.