IAM and security leaders end up certifying far more access than necessary, owing to a failure to classify business resources. Furthermore, business users pay the price because they must spend an inordinate amount of time filling out these lengthy surveys. Benoit will show how to reduce certification fatigue through robust role management, which helps business users achieve better results while taking less time out of their day.
Decentralized Identity protection is important in data collaboration because it helps to protect the privacy and security of individuals and organizations involved in the supply chain. By ensuring that only authorized individuals have access to sensitive information, identity protection helps to prevent data breaches and other security incidents. A chain of trust establishes a series of checks and verifications that ensure that the data being shared is accurate and trustworthy. This is critical in the context of supply chain regulations, where inaccurate or incomplete information can have serious consequences for compliance and risk management.
In the second part of the talk, we will explore the concept of adaptive protection for identities in Microsoft Purview. By using a combination of machine learning, behavioral analysis, and risk-based decision making, we can create a dynamic system that adapts to new threats in real time. This approach offers a more proactive and effective way to safeguard identities, and can be applied across a range of industries and contexts. Together, we can work to develop a more robust and resilient digital identity ecosystem that protects individuals and organizations alike.
Authorization in modern applications is becoming increasingly complex, particularly when it comes to managing access to resources at the individual user and group levels. OAuth has become a widely-used standard for granting access to resources on behalf of a user, but it is not well-suited for these more nuanced use cases. In this talk, we will explore the confusion surrounding the use of OAuth for user and group-focused authorization in applications. We will discuss the standard meaning of authorization in OAuth, which is to grant access for an application to call APIs on behalf of the user, and how misusing OAuth for this purpose can lead to bad architecture and bloated JWT tokens. We will also introduce alternative standards like UMA (User-Managed Access) and GNAP (Group-Based Nested Access Protocol) as potential solutions for user and group-controlled resource delegation. These standards provide a more fine-grained and dynamic approach to access control and can be integrated with policies created by a PBAC (Policy-Based Access Control) server for a more comprehensive solution. Attendees will leave with a better understanding of the limitations of OAuth for user and group-focused authorization, and with a clear understanding of the potential of UMA and GNAP as solutions for these use cases.
