Consent is an overloaded term - it could mean many things: from agreeing to terms & conditions to IoT data-sharing via user-managed access. We'll outline a hierarchy of what consent can mean and the various mechanics that are used to get the consent. We will re-cap popular approaches for getting user consent.
For the last 30 years virtually every company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and all the other identities that are not directly addressed by today's workforce or customer access management solutions. The universe of "all other identities" is enormous, numbering in the billions and maybe even the trillions of distinct and unique identities. In the absence of solutions and processes to actively manage and control the identities of contractors, service providers, agencies, franchisees and all the possible variations of people, devices and entities that your organization interacts with, accepting risk but not being able to mitigate it has been the normal course of business. It is past time that these risks are acknowledged, addressed, and mitigated. Richard Bird explains the current state of third and n-th party identity risk, how to recognize it and what to do about it in this presentation on a new frontier in security and risk.
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.