close icon
Identity Unlocked

Identity, Unlocked... Explained: Season 2, Ep 3

Continuous Access Evaluation Protocol (CAEP) with Tim Cappalli and Atul Tulshibagwale

March 05, 2021

Tune in to this episode of the Identity Unlocked podcast, where host Vittorio Bertocci focuses on the Shared Signal and Events (SSE) working group in the OpenID Foundation. This podcast is all about discussing identity specifications and trends from a developer's perspective. The podcast is powered by Auth0; this season is sponsored by the OpenID Foundation.

Welcoming two guests to this episode, Vittorio asks Microsoft Digital Identity Standards Architect Tim Cappalli and Senior Staff Software Engineer at Google, Atul Goel, to share a bit about their backgrounds, bringing them into the identity field. While their trajectories looked quite different, both Tim and Atul ended up landing close to one another in the identity space.

The discussion quickly moves to the main topic of the episode, introducing the scenarios and motivations behind the SSE working group activities as well as some of the key contributors — Microsoft, Google, Sailpoint, AWS, Target, SalesForce, Cisco, among many others.

Vittorio digs deeper into this conversation to learn about their dependence and the details of the Continuous Access Evaluation Protocol (CAEP). Tim and Atul take turns in digging in the details of CAEP, its dependency on the Security Event Token specification (SET), and how its features are complementary with the ones defined by SCIM and FastFed, other specifications we'll soon cover on the show. In particular, the discussion touches on the typical scenarios CAEP is designed to address, some of the mechanisms behind it (event and messaging, etc.), and how Microsoft has been leveraging CAEP in its own solutions to handle some of the challenges the exponential increase in usage brought by COVID presented. The episode comes to a close as Atul issues a call to action: keep an eye on the CAEP specification and contribute your comments as the document progresses thru the standardization process.

Key Takeaways

[7:10] - How the identity landscape has changed

[09:50] - Who are the main actors and how many different components of a network and security system would be involved?

[11:24] - Names active in this space, a very diverse group

[12:04] - Dependence primarily on the security event tokens

[14:12] - Tim weighs in on the debate regarding less specific identifiers

[16:24] - Digging deeper into CAEP

[21:34] - More practical scenarios of where this setup would be useful

[28:30] - Where are we now in the discussion?

Connect with Tim on Twitter
Connect with Atul on Twitter
Connect with Vittorio Bertocci on Twitter

Learn more about Identity, Unlocked
Find out more on Auth0
Learn more about the sponsor for this season, the OpenID Foundation

Identity, Unlocked

Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration.

About Auth0

Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit

  • Twitter icon
  • LinkedIn icon
  • Faceboook icon