The OpenID Foundation's perspective on secure digital infrastructure

The blog post released today by the Cybersecurity and Infrastructure Security Agency (CISA) Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration outlines vulnerabilities in cloud identity infrastructure and the urgent need to address these challenges. 

We applaud CISA's call for public-private collaboration, and their readiness to take a leadership role in identifying and helping to close the gaps. The OIDF stands ready to collaborate with CISA, NIST, cloud service providers (CSPs), other standards bodies and the wider stakeholder community to address these persistent threats.  

For example, one promising body of specification work is the Shared Signals Framework and its associated CAEP and RISC signals, a family of work highlighted in a 2024 report regarding the summer 2023 Microsoft Online Exchange incident.

We encourage CSPs, government agencies, and other ecosystem participants to engage in OIDF specification development as we address these emerging threats. Active participation from all parts of the cybersecurity community ensures that the standards address the needs of the various stakeholders.

We expect that remediating such complex threats will require not only standards, certification, and best practices, but strategic thinking on how to scale the adoption of these tools across ecosystems, including (but not limited to) the US Government’s own technical estate. 

For background on the benefits of the shared signals specifications, please  refer to a recent blog post by Shared Signals WG members or to the Shared Signals Specifications, which are open to public review before they reach final publication status. 

CISA’s approach to public and private sector collaboration aligns with our own mission to lead the global community in creating identity standards that are secure, interoperable, and privacy preserving. We are pleased to be supporting CISA’s vital work.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.