Overview
The Shared Signals Framework (SSF) is a framework designed to enable the exchange of security-related information, or “signals,” between different entities. OpenID RISC (Risk and Incident Sharing and Collaboration) is a specific implementation that leverages the principles of SSF for sharing security-related events in near real-time between identity providers (IdPs) and relying application parties. This helps organizations improve their response time to potential risks, such as account takeover.
ID.me’s SSF Interface will differ from the existing Events API in the following ways:
- Provides updates in near real-time
- Shifts from a pull-based to a push-based system
- Targets a more defined set of user attribute events
- Built to support an immense volume of messages (hundreds of thousands per minute)
The API will send near real-time user events focused around security-related incidents or activities, such as account compromise or credential changes. These events will enable customers to rapidly respond to potential threats and take immediate action. The API pushes events to the customer through a security event token (SET) delivery using HTTPS. The customer will ingest the events into their repository using a compliant receiver.
Resources
Below are some resources for getting started with the SSF.
Specs
- SET RFC 8417 - Security Event Token (SET) - IETF Datatracker
- SSF OpenID Shared Signals Framework Specification 1.0 - draft 03
- RISC OpenID RISC Profile Specification 1.0 - draft 02
Resources
Shared Signals by Cisco
