![Confidential + Proprietary
Agenda
[1:00 - 1:15] Intros
[1:15 - 1:45] RISC Overview
[1:45 - 2:30] Defining the goals of the sharing agreement
[2:30 - 2:45] Break
[2:45 - 3:00] Review the current draft
[3:00 - 3:30] Feedback on the current draft
[3:30 - 4:00] Process for working together and making progress](https://image.slidesharecdn.com/oidfrisclegalmeetingpres2018-01-31-180208202313/85/OpenID-Foundation-s-Risk-Incident-and-Sharing-Communication-RISC-Work-Group-Data-Sharing-Agreement-Workshop-January-31-2018-2-320.jpg)
![Confidential + Proprietary
Up Next
[2:45 - 3:00] Review the current draft
[3:00 - 3:30] Feedback on the current draft
[3:30 - 4:00] Process for working together and making progress](https://image.slidesharecdn.com/oidfrisclegalmeetingpres2018-01-31-180208202313/85/OpenID-Foundation-s-Risk-Incident-and-Sharing-Communication-RISC-Work-Group-Data-Sharing-Agreement-Workshop-January-31-2018-32-320.jpg)
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group Data Sharing Agreement Workshop - January 31, 2018
- 1. Confidential + ProprietaryConfidential + Proprietary Risk and Incident Sharing and Coordination Legal Agreement Meeting Luke Camery, Adam Dawes January 31, 2018 Public Link: https://goo.gl/hUkTx5
- 2. Confidential + Proprietary Agenda [1:00 - 1:15] Intros [1:15 - 1:45] RISC Overview [1:45 - 2:30] Defining the goals of the sharing agreement [2:30 - 2:45] Break [2:45 - 3:00] Review the current draft [3:00 - 3:30] Feedback on the current draft [3:30 - 4:00] Process for working together and making progress
- 3. Confidential + ProprietaryConfidential + Proprietary Overview
- 4. Confidential & Proprietary We seem to be losing against the bad guys
- 5. Confidential + Proprietary Connected Accounts ● Email and phone number recovery creates an implicit relationship ● Federated sign in creates an explicit relationship ○ Example: Sign in with Google ● Account protections on one site don’t protect our users on their other sites
- 6. Confidential + Proprietary ● Protect our shared users’ accounts across the Internet ● Protect our shared users’ data while respecting their privacy Goals
- 7. Confidential + ProprietaryConfidential + Proprietary The Problem
- 8. Confidential + Proprietary An exploit at one service often leads to hacks elsewhere ● Attackers use account recovery mechanisms to gain access to other accounts ● Email and phone hacks are especially valuable to gain access to other Internet services ● Compromise results in privacy breach, financial loss, data loss How Apple and Amazon Security Flaws Led to My Epic Hacking
- 9. Confidential + Proprietary Example: Hijacking
- 10. Confidential + Proprietary Hijackers find a way in
- 11. Confidential + Proprietary … and spread
- 12. Confidential + Proprietary Example: Spam
- 13. Confidential + Proprietary Spam can be more or less noticeable
- 14. Confidential + Proprietary SSO makes it easy for you to get into 3P accounts
- 15. Confidential + Proprietary SSO’s Fatal Flaw
- 16. Confidential + Proprietary SSO’s Fatal Flaw
- 17. Confidential + Proprietary Easy to hijack, hard to evict
- 18. Confidential + Proprietary A solution is needed Users can’t evict an attacker from a session bootstrapped with SSO ...but SSOut would offer a poor user experience Easy to hijack, hard to evict
- 19. Confidential + ProprietaryConfidential + Proprietary The Solution
- 20. Confidential + Proprietary Sharing important security events across providers Risk and Incident Sharing and Coordination WG
- 21. Confidential + Proprietary Defenses grow to match attack surface
- 22. Confidential + Proprietary How is this done technically? ● Security Events standards set by the Internet Engineering Task Force (IETF) ○ Standardized transport system ● RISC standards built on top at OIDF ○ Standardized message format
- 23. Confidential + Proprietary How is our users’ information shared? ● RISC signals are sent only to the apps that we know the user is using ● But… ○ Do we share everything with everyone? ○ Do we share with every connected app?
- 24. Confidential + Proprietary Where you come in! ● Standardized trust framework for sharing ○ Common scope ○ Mutual terms ● Privacy is paramount ● User trust is essential ● Goal: Define the rules of the road for the whole ecosystem ○ Protecting all of our companies and users
- 25. Confidential + Proprietary How? A Contract! ● Required to join trusted tester group ○ Pre-launch period until ~April ● To be used bilaterally going forward ● Open agreement to prevent bilateral negotiations
- 26. Confidential + ProprietaryConfidential + Proprietary Google’s Plan
- 27. Confidential + Proprietary How do we know the user’s apps? Explicit via OAuth Implicit registered via API Request RISC for [email protected] Contract Required For any app Only for major apps where our users benefit
- 28. Confidential + Proprietary Google + Contract ● Google will: ○ Treat this agreement as final ○ Share indiscriminately with explicit partners after launch ○ Only share with implicit partners with this agreement in place ● Google will not: ○ Negotiate bilateral amendments to this agreement ○ Accept implicit partners without extraordinary circumstances
- 29. Confidential + ProprietaryConfidential + Proprietary The Data
- 30. Confidential + Proprietary ● State Changes! ○ Account disabled/enabled/deleted ○ Tokens/Sessions revoked ○ Credentials/Identifier changed ○ May include reasoning ● Not in scope: ○ “Riskiness” ○ Commands What is shared? Google moves from solid to liquid
- 31. Confidential + Proprietary Signals in Scope Account Status Events ● account_disabled ● account_disabled ○ reason=hijacking ● account_disabled ○ reason=bulk_account ● account_enabled ● account_credential_change_required ● account_deleted ● email_recovery_activated Revoked Events ● sessions_revoked ● tokens_revoked Identifier Change (future) ● account_email_changed ● account_identifier_recycled ● email_recovery_removed ● email_recovery_registered
- 32. Confidential + Proprietary Up Next [2:45 - 3:00] Review the current draft [3:00 - 3:30] Feedback on the current draft [3:30 - 4:00] Process for working together and making progress