Using existing Standards for Cloud-based Access Management across Organizations

  • TYPE: Combined Session DATE: Wednesday, May 15, 2013 TIME: 11:30-12:30 LOCATION: ALPSEE


Cloud-based IAM is, to be honest, in most cases limited to Cloud-based authentication, which means to use the authentication of a customer or partner organization. A consequence thereof is that the authorization management architecture must be changed, since one can no longer assume that users will be present in the systems of the service provider (or in a specific identity provider) to manage authorizations upfront, e.g. by using role models or other (relatively) static information.

Especially in the last years, the externalization of identities from the applications - a healthy but also necessary step - has led to assembling all sorts of attributes of the user, encoding in some way or the other the authorizations/roles that this person has in the different to-be-used target systems, at the Identity Provider. But this approach, though widespread, has a number of disadvantages, especially in cross-organizational scenarios unless the challenge of dealing with distributed sources for authorization information at run-time has been solved.

This presentation describes an architectural approach to use claims-based authorization assertions for web-based applications in conjunction with SAML authentication delegated to an Identity Provider, where the authorization information is neither stored with the application, nor with the Identity Provider.



Rob Newby studied Physics at the University of Bath, UK, before graduating and choosing a career in Security and Risk Management. He is now a governance, risk and compliance specialist with a background in data security and consultancy within Government, Finance and Telecoms in the UK and...

These days, web application owners benefit from the fact that the world has moved online. People worldwide send out e-mails from their e-mail account(s), keep in contact with friends through social network accounts, perform payments with their online banking account and buy products online…. Because of the success of online services, they are becoming attractive targets to hackers. Today, most accounts are secured with static passwords, but considering the information people store online, static passwords are not enough anymore. Customers demand higher security. It is evident that when those static passwords are intercepted, consequences could be disastrous. The question now is how to keep the valuable information contained within these applications safe from virtual villains? How to create a safe online environment without compromising on user-convenience? Strong cloud-based authentication would be a perfect solution. But will this work? How about managing it? How about relying on hardware technology which has been widely deployed but seldom used? How about the initial verification?

The panelists will discuss the state of secure customer identities that work well for both customers and enterprises.


Frederik has over 15 years of management expericen in a broad range of ICT companies. At the moment, he works for VASCO as an EMEA Business Manager, focusing on our cloud-based authentication security. He is responsible for putting our authentication as a service solutions into the market. These...

Mr. Stewart joined MFC after six years at Intel Corporation, where he held senior positions in both finance and marketing. At Intel, Stewart was responsible for strategic analysis and financial controls for delivering best in class information technology solutions in areas including PC clients,...

Log in to download presentations:  


Session Links


European Identity & Cloud Conference 2013

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 14 - 17, 2013 Munich/Germany