Confyrm Shared Signals in Google Keynote
Last week Confyrm was excited to have its signal manger technology showcased as part of a demo with Google and Ping Identity during the Google Keynote at the Cloud Identity Summit (CIS) in San Diego.
Online services that support user log-ins via an Identity Provider (IDP) have little knowledge of operational changes that may occur during the life of an open session. Change to accounts managed by an IDP sometimes need to be signaled to many different services on different platforms.
The use case implemented in the Google demo (more details in Pam Dingle’s blog) is a common one in enterprise federations…
- For various reasons a user needs to change their password
- Maximum password life time
- Account recovery process, …
- The user resets their password at an Identity Provider (IDP), in this case implemented on Ping Connect
- An Event is passed to a Signal Manager that performs some policy based processing on the incoming Event
- A Signal is then generated that can be distributed to multiple application services where:
- Google APIs are called to close sessions and erase tokens
- The next time a user tries to access the service, a new authentication process can be triggered at the Ping IDP.
A Signal Manager is an event clearinghouse that distributes signals to multiple appropriate recipients on receiving a published event. Signals are not proscriptive, so each signal recipient can apply its own business or security logic to decide what action should be taken. A more detailed description including the current state of shared signaling as a technology can be found in Andrew Nash’s blog.
The Confyrm Event Warning Service (CEWS) implements a Signal Manager and APIs for Event Publication and Signal Delivery and goes live on July 5.
CEWS is currently being used for pilots in the UK and USA for high and low assurance identity systems preserving the privacy of consumer accounts and protecting brand reputation for IDPs and Service providers.
Confyrm is expanding the signaling use cases supported and interested in opportunities to show how signaling simple operational events can improve the security and trust of identity federations.