Top firms test interoperability of final SSF and CAEP
Published October 30, 2025
The OpenID Foundation and hosting partner FIDO Alliance brought together implementers of the newly finalized Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP) specifications to demonstrate interoperability at the Authenticate 2025 conference in Carlsbad, California, earlier this month (October 13-15, 2025).
The Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP) enable organizations to share security signals and events across platforms, allowing for more responsive and coordinated security postures.
This interoperability event marks an important milestone. It represents the first time implementers have tested their solutions against the final SSF and CAEP specifications, proving that these standards can work together in practice across different vendors and platforms.
Eight leading organizations tested
The following organizations participated in the interoperability test:
Conference attendees were able to view live demonstrations in a dedicated room at the event. Five implementers participated on-site, while three tested for interoperability remotely.
Interoperability results
The table below shows the results of the interoperability testing. A green check indicates that an implementation successfully passed the test criteria for that function (Transmitter or Receiver). SSF supports both "push" and "poll" delivery transports. A note next to the check mark indicates which transport was tested. The absence of a note means both transports were tested successfully.
Implementation | Transmitter | Receiver |
CAEP Hub (SGNL) | ✅ (push) | ✅ (push) |
caep.dev (SGNL) | ✅ | ✅ |
✅ (push) | ||
IBM Verify Antenna | ✅ | ✅ |
JAMF | ✅ (push) | |
Okta ITP (Okta) | ✅ (push) | ✅ (push) |
Omnissa | ✅ (push) | |
SailPoint | ✅ | ✅ |
What this means for the industry
This interoperability event demonstrates that real-time security coordination is now a reality. The fact that eight different organizations' implementations successfully communicated with each other proves these standards enable the security ecosystem organizations need.
Enterprise device management systems can instantly alert all connected services about compromised devices, identity providers can immediately broadcast credential threats, and cybersecurity platforms can share intelligence across organizational boundaries, all in real time.
Organizations no longer face the impossible choice between constantly disrupting users with re-authentication requests or accepting substantial security risks from outdated login information.
“Authenticate 2025 provided an excellent venue for this interoperability event - the first time implementers tested their solutions against the final SSF and CAEP specifications," said Atul Tulshibagwale, co-chair of the OpenID Foundation’s Shared Signals Working Group. "Seeing eight production ready implementations successfully work with specifications that are only a few months old demonstrates the strong industry demand for these standards.
Thanks to our FIDO Alliance partners
We're incredibly grateful to FIDO Alliance for their exceptional support, which ranged from providing a perfectly situated room to highlighting the interoperability event in the opening keynote and allocating multiple slots on the agenda.
Nishant Kaushik, CTO of the FIDO Alliance said: “Building a more resilient defense against modern identity-based attacks requires a context-driven and dynamic security architecture that extends beyond the initial login event. The success of the SSF interoperability event at Authenticate 2025 is an exciting milestone, as it demonstrates that our industry is able today to provide seamless, standards-based solutions for organizations to continuously verify and adapt user trust and permissions. We’re proud to collaborate with the OpenID Foundation as we continue building the strong foundations needed for a safer digital landscape.”
Gail Hodges, Executive Director for the OpenID Foundation, said: “We are so grateful to our liaison partner FIDO for bringing this Shared Signals interoperability demonstration into the heart of FIDO Authenticate.”
For more information about the OpenID Foundation’s Shared Signals Framework and CAEP specifications, please visit: https://openid.net/wg/sharedsignals/
About the OpenID Foundation
The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.
