Reduce Certification Fatigue with Effective Role Management
Facebook X LinkedIn

Reduce Certification Fatigue with Effective Role Management

Combined Session
Wednesday, May 10, 2023 14:30—15:30
Location: A 05-06

Reduce Certification Fatigue with Effective Role Management

IAM and security leaders end up certifying far more access than necessary, owing to a failure to classify business resources. Furthermore, business users pay the price because they must spend an inordinate amount of time filling out these lengthy surveys. Benoit will show how to reduce certification fatigue through robust role management, which helps business users achieve better results while taking less time out of their day.

Reduce Certification Fatigue with Effective Role Management
Event Recording
Reduce Certification Fatigue with Effective Role Management
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
Reduce Certification Fatigue with Effective Role Management
Presentation deck
Reduce Certification Fatigue with Effective Role Management
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Benoit Grangé
Benoit Grangé
Omada
Benoit brings over 25 years of experience in leading teams to build world-class products and services focused on delivering an exceptional customer experience and security. Benoit is a technology...

Adaptive Protection for Identities

Decentralized Identity protection is important in data collaboration because it helps to protect the privacy and security of individuals and organizations involved in the supply chain. By ensuring that only authorized individuals have access to sensitive information, identity protection helps to prevent data breaches and other security incidents.  A chain of trust establishes a series of checks and verifications that ensure that the data being shared is accurate and trustworthy. This is critical in the context of supply chain regulations, where inaccurate or incomplete information can have serious consequences for compliance and risk management.

In the second part of the talk, we will explore the concept of adaptive protection for identities in Microsoft Purview. By using a combination of machine learning, behavioral analysis, and risk-based decision making, we can create a dynamic system that adapts to new threats in real time. This approach offers a more proactive and effective way to safeguard identities, and can be applied across a range of industries and contexts. Together, we can work to develop a more robust and resilient digital identity ecosystem that protects individuals and organizations alike.

Adaptive Protection for Identities
Event Recording
Adaptive Protection for Identities
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
Adaptive Protection for Identities
Presentation deck
Adaptive Protection for Identities
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Matthias Buchhorn-Roth
Matthias Buchhorn-Roth
In Transition
I am an accomplished data ecosystem expert, specializing in the development of sovereign data collaboration solutions across various industries. As an active member of the Eclipse DataSpace...
Martina Vollmer
Martina Vollmer
Microsoft
Martina Vollmer is a Cloud Solution Architect - Engineering for Identity and Power Platform at Microsoft, with combining security and automation with low/no code development. Her background in...

Beyond OAuth: Navigating the Complexities of User and Group-Focused Authorization in Modern Applications

Authorization in modern applications is becoming increasingly complex, particularly when it comes to managing access to resources at the individual user and group levels. OAuth has become a widely-used standard for granting access to resources on behalf of a user, but it is not well-suited for these more nuanced use cases. In this talk, we will explore the confusion surrounding the use of OAuth for user and group-focused authorization in applications. We will discuss the standard meaning of authorization in OAuth, which is to grant access for an application to call APIs on behalf of the user, and how misusing OAuth for this purpose can lead to bad architecture and bloated JWT tokens. We will also introduce alternative standards like UMA (User-Managed Access) and GNAP (Group-Based Nested Access Protocol) as potential solutions for user and group-controlled resource delegation. These standards provide a more fine-grained and dynamic approach to access control and can be integrated with policies created by a PBAC (Policy-Based Access Control) server for a more comprehensive solution. Attendees will leave with a better understanding of the limitations of OAuth for user and group-focused authorization, and with a clear understanding of the potential of UMA and GNAP as solutions for these use cases.

Navigating the Complexities of User and Group-Focused Authorization in Modern Applications
Event Recording
Navigating the Complexities of User and Group-Focused Authorization in Modern Applications
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
Beyond OAuth: Navigating the Complexities of User and Group-Focused Authorization in Modern Applications
Presentation deck
Beyond OAuth: Navigating the Complexities of User and Group-Focused Authorization in Modern Applications
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Aarthi Raghavendra
Aarthi Raghavendra
EmpowerID
Aarthi Raghavendra is a seasoned software architect and product manager with over 10 years of experience in the industry. She holds a Master's degree in Computer Science from the University of...
Subscribe for updates
Please provide your email address