The OpenID Foundation (OIDF) has announced that it has approved three Final Specifications, creating the first global standards for real-time security event sharing across digital identity systems.
The Final Specifications approved by the OpenID Foundation include OpenID Shared Signals Framework 1.0, OpenID Continuous Access Evaluation Profile (CAEP) 1.0, and OpenID Risk Information Sharing and Coordination (RISC) 1.0.
How will the specifications support security?
The OpenID Foundation’s specifications focus on solving the gap that increases vulnerability for organisations during the extended periods between user logins. Systems using federated identity could not receive security updates after the initial login, while sessions often last days or weeks, during which user locations, device compliance, or organisational access may change substantially. Companies were required to choose between disrupting the user experience through constant re-authentication or accepting security risks from outdated login information.
With these new standards, the OpenID Foundation intends to create an ecosystem where security systems can instantly provide threats across organisational boundaries. Enterprise device management systems can offer notifications and connected services when a user’s device is non-compliant or compromised, while cybersecurity threat detection platforms can share intelligence about any suspicious activity in real-time. Additionally, identity providers can send alerts immediately about credential compromises or account takeovers, and applications can report anomalous user behaviour patterns to the whole security ecosystem.
Furthermore, the approval creates the specifications as the definitive global standard for constant identity security, offering the foundation for safeguarding users worldwide. The designation as Final Specifications delivers important intellectual property protections and guarantees these standards will not undergo any revisions. Considering this stability, organisations benefit from the ability to confidently invest in large-scale implementations without risk of standard deprecation.
What does each specification entail?
- OpenID Shared Signals Framework 1.0, which enables secure, real-time provision of security events between any connected systems;
- OpenID Continuous Access Evaluation Profile (CAEP) 1.0, which defines how systems communicate session modifications to maintain security;
- OpenID Risk Information Sharing and Coordination (RISC) 1.0, which creates standards for sharing account security changes between services.
