The new Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) Working Group is great news 🔥. It aims to improve exchange of security signals related to identities across different platforms so that they can collaborate to make informed decisions and prevent incidents.
Imagine an attacker has stolen an identity, and is looking around service A then service B. Individually, these platforms might not treat this a suspicious enough, nor have the ability to do much, for example if the identity is managed by yet another service. One of IPSIE's goals is that service A and B can share their observations among each other, but also with the identity service and service C. This provides the opportunity for service C to block any suspicious actions by that account, knowing it's past. This also gives the identity provide the chance to lock the account and report the account as compromised. 🎉
And so much more!
IPSIE's scope includes:
- Single sign-on (SSO) to centralise login, policies, and enforcement (OIDC)
- Lifecycle management to secure user on/offboarding and prevent security risks like orphaned accounts and shadow directories, avoiding unauthorised access (SCIM)
- Entitlements (governance/ privileged access) to enforce least-privilege access and move toward zero standing privileges (SCIM)
- Risk signal sharing to get seamless security insights and share them across the entire security ecosystem (CAEP/SSF)
- Session termination and token revocation to immediately terminate all user sessions in response to detected threats
Kudos to Okta for spearheading this 🏆