• • Industry wide adoption of standardized security event sharing now possible.
  • Three specifications to enable instant security coordination across all connected systems worldwide.
  • This crucial development will make Zero Trust architectures achievable at global scale.

San Ramon, CA, 16 September 2025 – The OpenID Foundation (OIDF), a global leader in open identity standards, has approved three Final Specifications, establishing the first global standards for real-time security event sharing across digital identity systems. 

The approved Final Specifications are:

• OpenID Shared Signals Framework 1.0 - Enables secure, real-time delivery of security events between any connected systems
• OpenID Continuous Access Evaluation Profile (CAEP) 1.0 - Defines how systems communicate session changes to maintain continuous security
• OpenID Risk Information Sharing and Coordination (RISC) 1.0 - Establishes standards for sharing account security changes between services

Why the specifications matter 

These specifications solve a critical gap that has left organizations vulnerable during the extended periods between user logins. Systems relying on federated identity had no way to receive security updates after initial login. Sessions often last days or weeks, during which user locations, device compliance, or organizational access may change dramatically. Organizations were forced to choose between disrupting users with constant re-authentication requests or accepting substantial security risks from outdated login information.

These standards create an ecosystem where security systems can instantly communicate threats across organizational boundaries. Enterprise device management systems can notify all connected services when a user's device becomes non-compliant or compromised, while cybersecurity threat detection platforms can share intelligence about suspicious activities in real-time. Identity providers can immediately broadcast alerts about credential compromises or account takeovers, and applications can report anomalous user behaviour patterns to the broader security ecosystem. 

SGNL's CTO Atul Tulshibagwale and co-chair of the OpenID Foundation’s Shared Signals Working Group, led the development effort. He said: “This coordinated approach makes Zero Trust security architectures practically achievable at global scale, where security decisions are continuously evaluated based on current, real-time information rather than outdated login credentials. 

“For financial services institutions, healthcare organizations, government agencies, and other security critical sectors, these specifications provide the standardized foundation needed to implement comprehensive Zero Trust security architectures and continuous access evaluation policies across their entire digital infrastructure.”

Significance of ‘Final Specification’ status

The OpenID Foundation's approval establishes the specifications as the definitive global standard for continuous identity security, providing the foundation for protecting billions of users worldwide. The designation as Final Specifications provides crucial intellectual property protections and guarantees these standards will not undergo further revision. This stability gives organizations worldwide the confidence to invest in large scale implementations without risk of standard deprecation

The OpenID Foundation's membership represents organizations responsible for protecting billions of user identities worldwide. Major technology leaders, including Apple, IBM, Okta, and others, have already adopted these protocols.

Gail Hodges, the OpenID Foundations’ Executive Director, said: “The fact that the first three specifications in the Shared Signals family are Final is a material milestone in the adoption of the specification. This status unlocks the ability of many governments to adopt the specifications, and encourages many CTOs and CISOs that the specifications are completely stable and ready for adoption. The OIDF recognizes all the countless hours the Shared Signals WG cochairs, contributors, and implementers have played in conceiving, maturing and now scaling this family of specifications, specifications we perceive as vital to the health of identity and security ecosystems globally.”

ENDS

For more information, please contact:

Serj Hallam E: serj.hallam@oidf.org  

Elizabeth Garber E: elizabeth.garber@oidf.org 

About The OpenID Foundation (OIDF)

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net