Innovation Best Practises
- TYPE: Expert Talk DATE: Wednesday, May 13, 2020 TIME: 17:30-18:30 LOCATION: EIC CAFÉ
One of the building blocks of any SSI solution is the Trust Framework it relies on. Trust Frameworks provide Verifiers with the means to trust the credentials and the issuers of those credentials, as a top human-layer that sits on top of all cryptographic and technical related layers.
The EBP has been working on deploying a first PoC of EBSI (European Blockchain Service Infrastructure) and ESSIF (European SSI Framework) use case, that sets the ground on how trust can be achieved within eIDAS on the near future.
To give some light into the overall solution, we would like to share our experience after participating in the making of the first ESSIF PoCs.
First, we have helped to define the current ESSIF specs and contributed to the development of the first version that uses the existing eIDAS Trust Framework to proof the diplomas issuer’s identity in a Verifiable Credential workflow use case. In Europe, it’s still difficult for a student who has completed a degree in one university to validate it with another country’s university. We want to use an SSI solution with a common diploma schema to enable cross-border identity services.
Second, we have participated on an SSI project with the European Commission and Microsoft that showcases a diploma’s issuance and verification between universities from different countries, which both have Decentralized Identifiers (DIDs) that enables them to interoperate into a typical Verifiable Credential exchange.
The proposed solution also innovates in the sense that we’ll demonstrate the interoperability of the use case among different ledgers and deployed solutions. One of the universities will have a DID provided using Sidetree, on a Bitcoin ledger, and the other will have a DID provided by ESSIF, on an Ethereum enterprise ledger. And we will present a student that owns a degree from the first university and will present it to the latter, which it will verify that it is issued by the first one to the correspondent user.
- Understand how EBSI and ESSIF will help companies achieve eIDAS-compliant SSI solutions.
Even organizations with mature privileged and identity access management postures struggle to gain visibility into how attackers move laterally once inside the network. Credential harvesting, permission escalation, and other attacker techniques take advantage of organizational credentials that are constantly changing. In this presentation, we will outline some of the common high-risk accounts that tend to fall outside the scope of typical IAM/PAM solutions and how good cyber hygiene practices can help to identify and investigate the privilege abuse that enables attacks.
Identity and Access Management has been at the heart of the digital transformation journeys in enterprises worldwide. We tackle problems such as: management of identities (on-boarding, off-boarding, identity merging), etc; binding the identity to the individual (authentication), and balancing acceptable friction with risk in authentication flows. But to what end? Why do we care about Identity? Of course, the answer is in front of us: Access Management.
However, we need more than Identity and Authentication to ensure we have an Access Management capability that meets today’s needs - multi-channel & mobile-first services, the API economy (e.g. Open Banking), user privacy regulations (e.g. GDPR, CCPA). Authorization - making sure the right users and systems have appropriate access to information and services, across a wide range of scenarios - is key, and Identity and Authentication are but one part of the bigger Authorization picture.
In this session, I'll discuss authorization in the context of typical enterprise access management scenarios. We’ll look at the evolution of authorization from traditional role-based access control, through today’s claims-based protocols to tomorrow’s highly granular and context-aware access control. Along the way, we'll look at emerging patterns such as "adaptive authentication" that are sometimes used to implement authorization, and see why true context-aware authorization might be a better solution.
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 12 - 15, 2020 Munich, Germany