WG Meeting 2026‐02‐10 - openid/sharedsignals GitHub Wiki

Agenda

• Receiver tests for CAEP - Feedback
• Certification launch
• Aspen Insitute resources response
  • Scaling Scam Prevention Through Shared Intelligence: Mapping the Solutions Landscape
  • United We Stand: A National Strategy to Prevent Scams

Attendees

• Atul Tulshibagwale (SGNL)
• Mike Kiser (SailPoint)
• Yair Sarig (Omnissa)
• Apoorva Deshpande (Okta)
• Gail Hodges (OIDF)
• Aaron Parecki (Okta)
• George Fletcher (Practical Identity)
• Tushar Raibhandare (Google)
• Sean O'Dell (CVS Health)
• John Marchesini (JAMF)

Notes

Receiver Tests for CAEP

• (Gail) Since Thomas won't have time until March, we could add guidance for Receiver tests, and it would be possible for Thomas to complete both tests together
• (Atul) Jen's PR is getting close, pending some comments from Apoorva, but once that is ready, we would be able to add Receiver tests to the interop profile

Certification Launch

• (Atul) What can we learn from FAPI, OIDC, and proposed VCI certification to make SSWG certification successful?
• (Gail) Initial interest is from vendors
• (Gail) In the case of FAPI, this is the first time we saw mandates
  • In the UK: Regulation required certified conformance
  • Same in Brazil
  • ConnectID in Australia
• (Gail) We have good indicators from the US Government, that some of this could get into the NIMBUS 2000 (CISA) documentation
• (Gail) US Government could put obligations into their RFPs
• (Gail) For the banking community, this could be individually driven.
• (Gail) Digital platforms may be doing work in house, so they could be interested in the certification tests
• (Atul) Google showed interest in RISC interop certification
• (Apoorva) What is different about RISC
• (Atul) We can let Google and others specify the differences (if any)
• (Atul) - Close out open issue with interop profile (Receiver) before March. Then, in March, formally launch it as "Beta" to be able to self certify as the first few adopters...in order to be ready for others to use.
• (Gail) - Awesome roadmap it up and lets go! Having a logical order of briefings and who is in scope for relationships (i.e. NIST, CISA, etc) Need the plan sooner rather than later for mass influence
• (Atul) - place that on the last step of Beta to Self Certify
• (Gail) - Mass adoption and influence is key
• (Atul) - The good news is that the IRS is actually using this. Login.gov is the provider for SSF to the IRS

Aspen Institute Response

• (Gail) They released a report talking about the solutions landscape doesn't refer to SSF anywhere.
• (Gail) They refer to proprietary initiatives.
• (Atul) Nat'l strategy doc did not go into SSF (or standards based approaches)
• (Sean) How did you find this?
  • (Gail) I was emailed this.
  • (Gail) They presented it as final, without a feedback round.
• (Atul) - Is this the best change to influence legislation in the US?
• (Gail) - Yes.
• (Sean) SSF comes up when you do any basic research on signals and sharing. How did they miss it?
  • (Gail) It might need whispering in their ears, rather than relying on them to find it.

Action Items

• (Atul) Close out open Interop Issues
• (Atul) Formally Launch Beta to be able to Self Certify
• (Gail) - putting out bullet points to SSWG Co-Chairs for roadmap things