This is not a post I ever wanted to write.
Recently one of the legends in the identity industry, Andrew Nash, passed away. Andrew was many things to me: a friend, a great foil for an argument, and a teacher. Professionally speaking, he was the example of an identity executive; he was both a preposterously big-brained identity expert and a seasoned corporate leader. He was an old school PKI operator, assembled a legendary team at PayPal, ran Google Identity, and so many, many, many more things.
Andrew not only had a huge impact on me personally and my career, but he also had a real impact on SGNL. Andrew realized the value of Shared Signals in its infancy. Way back then there was only RISC, and not really in the form it is in today. Google and others were thinking about ways to exchange information about compromised accounts and this led to a working group in the OpenID Foundation (OIDF). In 2013, Andrew went on to found Confyrm, which was later bought by CapitalOne, to harness the ability to share meaningful identity and security telemetry between organizations. The original RISC spec is not only the basis of the current Shared Signals specification, it also spawned off the SecEvents working group in the IETF, where the subject identifiers, push delivery, and poll delivery specifications were developed. Through many twists and turns, that vision became the Shared Signals Framework Working Group in OIDF and the modern forms of RISC and CAEP.
Andrew’s curmudgeonly tenacity and razor-sharp mind cut a rough path for SGNL and all of us as people in identity to follow, and for that we are so deeply grateful. The identity industry has lost a true pioneer, but his legacy lives on in every secure connection, every shared signal, and every advancement that builds upon the foundation he helped create.