New FIDO white paper champions Shared Signals in digital identity security

A new white paper is pointing to a transformative approach in digital identity security, advocating for the integration of FIDO-based authentication with the OpenID Foundation’s (SSF).

Authored by experts from Microsoft, Yubico, HYPR, Netflix and Okta, “FIDO and the Shared Signals Framework” envisions real-time, adaptive trust across identity and access management (IAM) systems.

The paper arrives as the OpenID Foundation finalizes three key specifications: SSF 1.0, Continuous Access Evaluation Profile (CAEP) 1.0, and Risk Information Sharing and Coordination (RISC) 1.0. These standards, now designated as Final Specifications, enable interoperable sharing of security events such as session changes and credential compromise alerts — a capability increasingly seen as essential to preventing fraud and maintaining zero-trust architectures.

While FIDO protocols eliminate password vulnerabilities through public-key cryptography, the white paper argues that authentication alone is insufficient. Continuous evaluation of session trustworthiness is vital, and this is where SSF comes in. By enabling secure, real-time exchange of identity and risk signals, SSF allows organizations to respond dynamically to threats and maintain robust security postures, the white paper proposes.

The document is aimed at enterprise security leaders, IAM architects, and practitioners responsible for threat detection, lifecycle management and incident response. It highlights how SSF can streamline traditionally siloed IAM systems, replacing bespoke connectors with standardized signaling formats.

The shift enhances visibility across the user journey and adapts to evolving risk. The document sets out Security Event Tokens (SETs) examples and scenarios where FIDO and SSF get to work. The white paper positions SSF as a strategic enabler of collaborative defense.

By layering CAEP and RISC atop FIDO2, organizations can make risk-informed decisions in real time, accelerating incident response and reducing fraud. The synthesis of these technologies moves security toward dynamic, signal-driven ecosystems that prioritize shared resilience over isolated control.

As shared signals gain regulatory momentum — including anticipated requirements under the UK’s Digital Identity and Attributes Trust Framework (DIATF) — the white paper suggests the need for interoperable standards, privacy safeguards, and coordinated threat response in an increasingly complex identity landscape.

Article Topics

continuous authentication  |  digital identity  |  enterprise  |  FIDO Alliance  |  FIDO2  |  identity access management (IAM)  |  OpenID Foundation  |  shared signals