Cross Account Protection: Collaborating to Protect Users

1 view
Download
  • Share

Speaker: Roshni Chandrashekhar, Tech Lead Manager and Staff Software Engineer, Identity Platform, Google

With a burgeoning internet presence of apps and services, have you ever wondered what your weakest link is? Invariably, it is the account that connects all your apps and services, when you use single sign-on. Historically, a compromised account would result in the attacker retaining access to connected apps. In this talk, we will cover protocols designed to help mitigate such access, the internet standards work done to get there, and the application, in practice, of these protocols at Google.

The protocols, named Risk and Incident Sharing and Coordination (RISC) are designed to make it easy for connected apps and services to receive security notifications about compromised accounts so that they can take immediate action to protect shared accounts. This involves creating a security event token (using the industry standard JWT format) as well as designing APIs to handle streaming events to relying parties. With this talk, we hope to demonstrate the emerging technology behind cooperation to protect users from the darker parts of the internet.

Speaker: Roshni Chandrashekhar, Tech Lead Manager and Staff Software Engineer, Identity Platform, Google

With a burgeoning internet presence of apps and services, have you ever wondered what your weakest link is? Invariably, it is the account that connects all your apps and services, when you use single sign-on. Historically, a compromised account would result in the attacker retaining access to connected apps. In this talk...

Advertisment

Advertisment