The OpenID Foundation is excited to announce the first interoperability event testing against the soon-to-be-final Shared Signals Framework (SSF) specification at Authenticate 2025. 

This event will demonstrate interoperability on the final specification, after the membership votes on it as being ‘final’ by end of August), as per OIDF Process Document. It will serve as the final phase of testing on the OpenID Foundation open source tests before they are announced as available for implementer self-certification, as per our certification program process. 

Demonstrating real world business value

SSF interoperability events enable participants to demonstrate real-world use cases with their products leveraging CAEP, RISC or SCIM events to deliver business value. The interoperability testing conducted at the three previous Gartner IAM Summits drew an amazing response as conference attendees witnessed firsthand how their security can be dramatically improved using SSF.

The sessions will be led by Atul Tulshibagwale, Corporate Board Member of the OpenID Foundation and CTO of SGNL. Atul will also present a breakout session on Monday, October 13, explaining the standards, and revealing the interoperability testing results.

Atul noted "Demonstrating conformance to the final published specifications is an important milestone that this interoperability test will establish. Companies interested in securing their systems using CAEP and SSF can rely on these interoperable implementations with the confidence that future products would have to conform to the same specifications.”

Gail Hodges, the OpenID Foundation’s  Executive Director added: “We are delighted to see the Shared Signals specifications moving through the public review and voting process, to see the Shared Signals Working Group (SSWG) bring those specifications through four interoperability events on two continents, and to prove out the open source tests so any implementer can build to and self certify to the same global open standards. We are grateful to our friends at our peer standards body FIDO for their invitation to demonstrate the interoperability of Shared Signals at their annual event in San Diego.”

Andrew Shikiar, Executive Director and CEO of the FIDO Alliance said: “The Authenticate conference has proven to be a fantastic venue for global attendees to collaborate on innovations in authentication and digital identity. We welcome the OpenID Foundation’s Shared Signals Framework implementers to interoperability test and demonstrate their implementations, which complement the strong authentication capabilities of passkeys enabling responsive session management using CAEP.”

Invitation to participate

The OpenID Foundation’s SSWG is inviting participation from implementers of the proposed final specifications of SSF, CAEP and RISC. As always, the OpenID Foundation welcomes those who have demonstrated interoperability to previous versions of these standards, as well as new entrants implementing for the first time.

To accommodate this diversity of new and earlier implementations, the SSWG has designed the following rules:

• Conformance Tests: All participants that have a SSF Transmitter must pass the OpenID Foundation’s free, open source conformance tests.

• Event Types: Transmitters and Receivers must support the SSF verification event type and at least one additional event type, such as CAEP session revoked, CAEP credentials changed, or CAEP device compliance change.

• Interoperability Tests: Each participant must test with at least one other participant to achieve the ‘interoperable’ status. Note that Transmitters need to pass the conformance tests in order to participate.

Implementation categories

Interoperable implementations will be categorized as follows:

• Available Now: Publicly documented, currently available solution
• Available Soon: Publicly documented solutions with near-term availability
• In Development: Solutions not publicly documented or available.

There will be 15 demonstration slots, divided into three sessions of five slots each. These will be allotted to interoperable implementations based on their category above, with preference given to those with membership of the OpenID Foundation

More on Shared Signals

To read more about why shared signals are critical specifications, and why Gartner analysts, CISA, NIST and others refer to Shared Signals as a critical best practice to secure public and private ecosystem implementations read more here:

• “Shared Signals Framework: The Blueprint for Modern IAM (Part 1 of 4)” - OpenID Foundation
• “Juggling with Fire Made Easier: Provisioning with SCIM (Part 2 of 4)” - OpenID Foundation 
• “Review of the Summer 2023 Microsoft Exchange Online Intrusion” CISA Cybersafety Review Board Report
• NIST SP800-63-4 (draft)
• AuthZEN & Shared Signals in the Gartner IAM 2025 Spotlight - OpenID Foundation
• Gartner report - Hype Cycle for Digital Identity 2025 (Note: requires Gartner subscription or purchase).

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.