13A/ Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java implementation

From IIW

Security Event Tokens, Subject Identifiers, and SSE/CAEP/RISC Java Implementation

Wednesday 13A

Convener: Matt Domsch

Notes-taker(s): Matt Domsch

Tags for the session - technology discussed/ideas considered:

standards, Shared Signals & Events, RISC, CAEP, SSE

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps

Matt presented an overview of the OpenID Foundation Shared Signals and Events Working Group, and his implementation of the object model in an open source Java library at https://github.com/sailpoint-oss/openid-sse-model/. Slides: https://domsch.com/IIW32/IIW32-openid-sse-model.pdf

Dale Olds asked if this code is or could be incorporated into the Springsource Authorization Server announced in 2020, or into other identity providers. Matt has not worked with any other products yet to include it - IIW is the first place outside the working group mailing list that this project has been discussed publicly. He hopes that by having an open source library implementation that adopters will be able to integrate SSE into their applications that much faster.