Since its inception in February 2019, my goal for CAEP (Continuous Access Evaluation Protocol / Profile) has been to ensure it solves real world security challenges. That is why I’m super excited to be coordinating the SSF interoperability event at the Gartner IAM Summit 2024 in Grapevine TX, from Dec 9-11. While this is not the first interoperability event, it is important as we are starting to see more major technology players commit to demonstrating interoperability. Without such broad industry support, a standard isn’t very useful because it cannot be used effectively unless we have interoperable products.
For those who don’t know, CAEP started as an independent effort, but merged with the RISC (Risk Incident Sharing and Coordination) effort in the OpenID Foundation to form the Shared Signals Working Group (SSWG). The common transport mechanism for both CAEP and RISC is now the Shared Signals Framework (SSF). The interoperability event this December aims to show the latest implementations that not only exchange CAEP events using SSF, but also RISC and maybe even SCIM Events.
SGNL is participating with not one, but two implementations:
- The SGNL CAEP Hub - a feature of SGNL which provides versatile actions and policies to manage asynchronous events
- caep.dev - the free service that SGNL operates to help others test their SSF and CAEP implementations
Big thanks to Gartner for the invite to present on behalf of the OpenID SSWG. I am coordinating between the implementations to define the scope and procedures for establishing interoperability. I will also present the results of this interoperability testing during a breakout session at the Gartner IAM Summit.
Attendees of the Gartner IAM Summit can also book time with the participants of the interoperability event to get a first hand look at how each implementation uses SSF to exchange CAEP and other events and address real world security issues.
Gartner has catalyzed support for CAEP and SSF in the industry through their hosting of the first CAEP interoperability event in the Gartner IAM Summit in London in March this year. Check out my post-event summary on the biggest takeaways from that event here.
“Access control in federated identity setups struggles because it can’t exchange risk signals effectively.” said Felix Gaehtgens, Vice President, Analyst IAM at Gartner, “By enabling event-based communication to exchange risk signals in decentralized environments, CAEP brings the risk “yang” to the trust “yin” of federated identity”.
“The only way to do this is through standards, and standards are only as good as their adoption. Join in.” said Erik Wahlström, VP at Gartner - IAM.
“In a March 2024 report, CISA’s Cyber Safety Review Board highlighted the promise of Shared Signals in creating a safer digital landscape for everyone. At the OpenID Foundation, we are committed to progressing the Shared Signals specifications towards a final version,” said Gail Hodges, Executive Director of the OpenID Foundation, “With the participation of so many leading experts at the Gartner Interoperability Event in December, we are confident that there is market demand for these specifications and the momentum to close material gaps in our identity infrastructure.”
“When I read an early draft of the CAEP blog post in 2019 when Atul first conceived the idea, I was blown away by both the simplicity and potential impact to the identity security industry.” said Erik Gustavson, Co-founder and CPO of SGNL, “ It’s amazing to see the momentum with such amazing companies getting behind it."
Looking forward to meeting you there - click here to schedule time with me there!