CISO Best Practices for Enterprise Enablement
Facebook Twitter LinkedIn

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Combined Session
Wednesday, May 11, 2022 15:50—16:10
Location: A03-04

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Tim Cappalli
Tim Cappalli
Tim Cappalli is a member of the Identity Standards Team in Microsoft's Identity Division. Tim is currently working on identity coexistence with privacy-related changes in browsers and operating...
Atul Tulshibagwale
Atul Tulshibagwale
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation,...


On-Demand Access
Re-live EIC 2022
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address