Credential Compromise (RISC)
Security event indicating a user's credentials may have been compromised (RISC §2.1). Requires immediate protective action by all Receivers.
Credential Compromise (RISC)
Security event indicating a user's credentials may have been compromised (RISC §2.1). Requires immediate protective action by all Receivers.
Security EventsRISCHigh SeverityCRITICAL
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Compromise Detection
Identity Provider → Identity Provider
2
Create Credential Compromise SET
Identity Provider → Identity Provider
3
Deliver SET to Receivers
Transmitter → All Subscribed Receivers
4
Receiver Validates SET
Receiver (RP) → Receiver (RP)
5
Terminate All Sessions
Receiver (RP) → Session Store
6
Revoke All Tokens and Keys
Receiver (RP) → Token Store
7
Force Password Reset
Receiver (RP) → User Store
8
Log and Alert
Receiver (RP) → Security Operations
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.