4. An exploit at one service often leads to
hacks elsewhere
● Attackers use account recovery mechanism to
gain access to other accounts
● As largest email provider, Gmail hacks are
especially valuable to gain access to other
Internet services
● Compromise results in privacy breach, financial
loss, data loss
How Apple and Amazon
Security Flaws Led to My
Epic Hacking
5. SSO doesn’t close the loop on user safety
Users can’t evict an attacker from a session bootstrapped with SSO
● There is no “password change” feature to kill sessions when using SSO
● How can we “kill passwords on the Internet” if SSO has weaknesses?
Single Sign Out Not Desirable
● Abrupt logouts for RP and IDP
● Lots of chattery state checks which don’t scale for IDP
8. How is information shared with others?
RISC signals are sent only to the
apps the user is using
9. How do we know the user’s apps?
Explicit relationship
via OAuth
Implicit relationship
registered via API
Request RISC for
alice@gmail.com
Contract
Required
For any app For any major app where
users benefit
13. Management API (aka Control Plane)
● https://tools.ietf.org/html/draft-scurtescu-secevent-simple-control-plane
● https://github.com/independentid/Identity-Events/blob/master/draft-hunt-seceven
t-stream-mgmt.txt
● 2 individual drafts
○ simple, focused on RISC use cases
○ SCIM friendly
To do:
● improve draft so it can be easily profiled by both RISC and SCIM
● add secevent discovery document
● authorization header configuration
● receiver event type list configuration
21. Management API Profile
● authorization using access tokens
● client id associated with access token identifies receiver
● Client Credential Grant to be used by receiver to obtain access token
● composite subject in add/remove APIs
○ email_verified and phone_number_verified also needed
○ {
risc_subject: {
email: "bob@example.com ",
},
meta: {
email_verified: true,
}
}
27. Legal Agreement for Implicit Use Case
● Symmetric, obligation light agreement
○ Focuses on privacy requirements around data
● No obligations to send or act on any signals
● Consortium style rather than many bilateral agreements
○ Requires consent from all parties to add parties (EU style)
○ Ability to drop out at any time
● Drafted by Google and getting final approvals for distribution
28. Next Steps
● November: IETF 100 Singapore
● January: Enigma Conference, get abuse teams together
● March: IETF 101 London
● April: official launch at RSA Conference 2018