[Openid-specs-risc] RISC Trusted Tester Available with Google

Adam Dawes adawes at google.com
Tue Jan 29 00:47:38 UTC 2019 

Hi everyone,

I just wanted to provide an update on Google's RISC implementation. We now
have opened up our Trusted Tester program for apps that want to implement
as a RISC Receiver and we're planning to launch in the coming weeks. It
relies on Google Sign In, so this is for the explicit flow only right now.

We're excited to have others check it out and begin implementation. We're
planning to do some press around this and if you'd like to participate,
please let me know. To implement and join as an early access partner,
you'll need to:

   -  Sign up
   <https://docs.google.com/forms/d/e/1FAIpQLSf0M5zo2qC3mEZIEleyG0yglIO02xw-TsVEYBLpYxB8XH7tEg/viewform?usp=sf_link>
   - Join the Google Group
   <https://groups.google.com/forum/#!forum/risc-early-access>
   - Access the documentation
<https://developers.google.com/identity/risc/> (must
   be logged into Google with the identity you signed up to the Google Group)
   - Build and test

Please report any feedback or questions to
risc-early-access at googlegroups.com

If you'd like to play with this as a user, we are using the consumer facing
brand of Cross Account Protection (CAP). To get started:

   - Step 1: Add your work, personal or test account to the dogfood group
   <https://groups.google.com/forum/#!forum/risc-early-access>
   - Step 2: Sign In to an app with Google Sign In that supports CAP

*Who supports CAP?*
Right now, we're integrated with Firebase Authentication, so any app using
Firebase should be ready to go. A few ones you can try include:

   - Deep Town
   <https://play.google.com/store/apps/details?id=com.rockbite.deeptown>
    and Smashing Four
   <https://play.google.com/store/apps/details?id=com.geewa.smashingfour>
    games
   - PlantSnap
   <https://play.google.com/store/apps/details?id=com.fws.plantsnap2>
   - Screencastify <https://www.screencastify.com/>

We've got other large providers currently implementing and more on the way
soon.

*What should I test?*
You can then see which services are using CAP by looking at your Google
Sign In apps
<https://myaccount.google.com/permissions?utm_source=google-account&utm_medium=web&e=AccountSettingsPermissionsShowRisc>
in
myaccount and looking for Cross Account Protection symbol decorating the
apps you just signed into.
[image: unnamed.png]

If you change your password on your account, Google will close all your
existing Google sessions and we'll send a RISC SET to the apps you signed
into with Google that also support CAP. Wait about an hour or so, and you
should be logged out of your 3P account too (and good riddance attackers!).

This is exciting progress. Please ping me off thread if you'd like to work
with us!

thanks,
AD
-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20190128/859aabe4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unnamed.png
Type: image/png
Size: 89633 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20190128/859aabe4/attachment-0001.png>

More information about the Openid-specs-risc mailing list