Zero Trust: as the name implies, is the strategy by which organizations trust nothing implicitly and verify everything continuously. This industry north star is driving different architectures, frameworks, and solutions to reduce an organization’s risk and improve their security posture. Beyond the need to enforce strong authentication and authorization to establish trust of an endpoint, how can we verify continuously? Often, the zero-trust approach today uses strong authentication and tools that evaluate the security of the user and device at the point of access, but what happens when the security posture of the user and device change after its initial access request is granted?

With many vendors offering impressive security capabilities in cybersecurity, there is a wealth of information that can be shared. Unfortunately, this information is fragmented and lacks standardization and thus interoperability. Getting all these best-in-class vendors to talk to each other is an expensive and time-consuming task, leaving organizations with disparate signal silos and a serious lack of visibility and control across their environment.

This is the problem the OpenID Foundation’s Shared Signals Framework (SSF) working group is poised to address. For the unfamiliar, the OpenID Foundation is a non-profit organization that promotes open, interoperable standards with OpenID at its core, most notably the standardization of a simple identity layer on top of Oauth 2.0: OpenID Connect. The Shared Signals Framework (SSF) working group lives within the OpenID Foundation and is comprised of industry leaders and innovators working to promote more open communication between systems. Shared Signals Framework (SSF) standards like CAEP and RISC have the goal of enabling federated systems with well-defined mechanisms for sharing security events, state changes and other signals. This communication in turn simplifies interoperability and allows organizations to get closer to the Zero Trust ideal of continuously evaluating and enforcing security.

In its first ratified standard, the Shared Signals Framework (SSF) working group created an open standard through which multiple services can communicate by publishing or subscribing to relevant event streams. The standard drastically simplifies communication between applications with security context.  For example, a cloud application might subscribe to events from an endpoint detection and response solution to quickly remove access from infected systems. Alternatively, an IAM solution might publish a change of user context used by a SIEM tool to start an investigation.  An example shown below demonstrates how a device or an application performs an HTTPS service request in step 1 that can trigger an update to a change in state to a policy server in step 2.  Further, a policy service can determine whether that change in state needs to be broadcasted to other subscribers (step 3).  A subscriber to that event can process the information and determine if a remediation response (step 4) is needed.

By communicating across an open and interoperable standard, we can move to a world where risk is assessed and addressed in real time. Risk assessment need not be done after static intervals of time but can move at the speed of contextual changes.

Therefore, we are excited to share that Cisco has joined the OpenID Foundation as a sustaining member, with the goal of contributing to the Shared Signals and Events ecosystem.

“Given Cisco’s pivotal role in building networked systems that underpin the internet today, we are honored to have Cisco join the Board at this critical inflection point in identity standards development,” said Gail Hodges, Executive Director of the OpenID Foundation. “Cisco is a long-standing contributor to global standards, and we look forward to collaborating to meet this moment by crafting the path and scaling an approach that will serve society.” 

As a first step in our contribution to the open Shared Signals Framework (SSF) ecosystem, we’ve published an open-source technical reference setting up the initial communication foundations. We hope that providing this reference will make it easier for developers and vendors alike to adopt more seamless communication mechanisms, with the eventual goal of enabling more robust and dynamic implementations of Zero Trust. 

In the same way that we believed the WebAuthn standard would underly the passwordless authentication revolution, we believe Shared Signals and Events will enable a sea change in security – moving from opaque and siloed environments to those empowered by openly shared signals.

At Cisco, we see a path forward where we can simplify the administration and collection of risk signals around access while simultaneously removing security friction to make security easy for everyone. It’s a future with far fewer unnecessary, rote re-authentications or authorizations and far more precise reactions to increased risk.  While it won’t be tomorrow, we believe that the OpenID Foundation and groups like the Shared Signals Working Group are on the right track to enabling a more secure future. We are excited to share in the journey and contribute to this compelling new approach to security.

To learn more, please visit SharedSignals.guide


Nancy Cam-Winget

Cisco Fellow

Office of the CTO – Security Business Group