Session Abstract: Zero trust architectures depend upon the ability to continuously evaluate access decisions. CAEP (Continuous Access Evaluation Profile), an open standard based on the OpenID Shard Signals Framework (SSF), enables signals between different vendor systems to communicate interoperably, so decisions can be made with the right data at the point of access. We'll take a deep dive into specific scenarios critical to zero-trust success: session revocation and dynamic authorization. Session revocation is critical due to the long-lived nature of federated login sessions; user access properties may change over time and need to be communicated to all services that the user is logged into. Dynamic authorization is critical because a user may need to get access to different resources (e.g., storage buckets) based on their tasks. We'll explain how streams are set up in SSF and how various CAEP events can flow, based on mutually shared users between transmitters and receivers.