Hi all, I'm new to this list, so let me start by introducing myself: I'm Atul Tulshibagwale, CTO of SGNL, a company that was started in Q4 last year, and which is focused on enterprise authorization solutions. I am also the co-chair of the OpenID Foundation's Shared Signals and Events (SSE) working group. I have been involved in the development of the Continuous Access Evaluation Protocol (CAEP) from the very beginning, and it is now a profile on top of the OpenID SSE Framework. Prior to joining SGNL, I was a Software Engineer at Google, where I started working on CAEP. My LinkedIn profile is here: https://linkedin.com/in/tulshi
*The Need for an RPC Security Standard*: In our conversations with multiple cloud platform providers and SaaS providers, there seems to be an emerging need to address vulnerabilities caused by an attacker penetrating an organization's VPC. In order to limit damage in such a scenario, we think RPC security needs to be reviewed. Since an organization's cloud presence spans multiple cloud platforms and utilizes third-party SaaS services, a standard way of securing RPCs is required. We have captured these thoughts in a blog on our website here: https://sgnl.ai/2022/06/why-we-need-an-rpc-security-standard/ I'd like to know what people in this working group think, and would love to have the opportunity to discuss this at the upcoming IETF 114 meeting in Philadelphia. Thanks, Atul -- Atul Tulshibagwale CTO, SGNL Twitter: @zirotrust <http://twitter.com/zirotrust>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
