Presentation from the OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group Data Sharing Agreement Workshop on January 31, 2018.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group Data Sharing Agreement Workshop - January 31, 2018
1. Confidential + ProprietaryConfidential + Proprietary
Risk and Incident Sharing and
Coordination Legal Agreement Meeting
Luke Camery, Adam Dawes
January 31, 2018
Public Link: https://goo.gl/hUkTx5
2. Confidential + Proprietary
Agenda
[1:00 - 1:15] Intros
[1:15 - 1:45] RISC Overview
[1:45 - 2:30] Defining the goals of the sharing agreement
[2:30 - 2:45] Break
[2:45 - 3:00] Review the current draft
[3:00 - 3:30] Feedback on the current draft
[3:30 - 4:00] Process for working together and making progress
5. Confidential + Proprietary
Connected Accounts
● Email and phone number recovery creates an implicit relationship
● Federated sign in creates an explicit relationship
○ Example: Sign in with Google
● Account protections on one site don’t protect our
users on their other sites
6. Confidential + Proprietary
● Protect our shared users’ accounts across the Internet
● Protect our shared users’ data while respecting their
privacy
Goals
8. Confidential + Proprietary
An exploit at one service often leads to hacks elsewhere
● Attackers use account recovery mechanisms
to gain access to other accounts
● Email and phone hacks are especially valuable
to gain access to other Internet services
● Compromise results in privacy breach, financial
loss, data loss How Apple and Amazon
Security Flaws Led to My
Epic Hacking
18. Confidential + Proprietary
A solution is needed
Users can’t evict an attacker from a session bootstrapped with SSO
...but SSOut would offer a poor user experience
Easy to hijack, hard to evict
22. Confidential + Proprietary
How is this done technically?
● Security Events standards set by the Internet Engineering
Task Force (IETF)
○ Standardized transport system
● RISC standards built on top at OIDF
○ Standardized message format
23. Confidential + Proprietary
How is our users’ information shared?
● RISC signals are sent only to
the apps that we know the
user is using
● But…
○ Do we share everything
with everyone?
○ Do we share with every
connected app?
24. Confidential + Proprietary
Where you come in!
● Standardized trust framework for sharing
○ Common scope
○ Mutual terms
● Privacy is paramount
● User trust is essential
● Goal: Define the rules of the road for the whole ecosystem
○ Protecting all of our companies and users
25. Confidential + Proprietary
How? A Contract!
● Required to join trusted tester group
○ Pre-launch period until ~April
● To be used bilaterally going forward
● Open agreement to prevent bilateral negotiations
27. Confidential + Proprietary
How do we know the user’s apps?
Explicit
via OAuth
Implicit
registered via API
Request RISC for
alice@gmail.com
Contract
Required
For any app Only for major apps where
our users benefit
28. Confidential + Proprietary
Google + Contract
● Google will:
○ Treat this agreement as final
○ Share indiscriminately with explicit partners after launch
○ Only share with implicit partners with this agreement in place
● Google will not:
○ Negotiate bilateral amendments to this agreement
○ Accept implicit partners without extraordinary circumstances
30. Confidential + Proprietary
● State Changes!
○ Account disabled/enabled/deleted
○ Tokens/Sessions revoked
○ Credentials/Identifier changed
○ May include reasoning
● Not in scope:
○ “Riskiness”
○ Commands
What is shared?
Google moves from solid to liquid
32. Confidential + Proprietary
Up Next
[2:45 - 3:00] Review the current draft
[3:00 - 3:30] Feedback on the current draft
[3:30 - 4:00] Process for working together and making progress