Authorization 2.0
Combined Session
Thursday, June 06, 2024 17:30—18:30
Location: B 07-08
Thursday, June 06, 2024 17:30—18:30
Location: B 07-08
In the face of escalating data breaches and relentless attacks on identity, the imperative to establish robust Zero Trust (ZT) architectures has never been more urgent. Yet, the complexity of this undertaking, coupled with the multitude of tools and stacks involved, can be overwhelming.
This session will examine the Zero-Trust reference architecture outlined by NIST, revealing that authorization sits at its very core. Building on this foundation, we'll showcase how harnessing the organizational power of graphs can effectively streamline the complexity of ZT initiatives.
While graphs are renowned for their effectivness in threat and fraud detection, their mostly untapped potential in Identity and Authorization remains a hidden gem. Beyond real-time applications, we'll explore how the analytical might of graphs, a cornerstone for various AI techniques, can revolutionize Identity practices.
The next frontier of customer identity lies not in simply knowing who someone is, but in what they are allowed to do. This is more important than ever in the financial services industry, as the proposed Payment Services Directive 3 (PSD3) framework creates further opportunities to deliver highly personalised, secure, and scalable data-driven services through Open Banking. At the same time, customers are pushing their providers to give them the tools needed to delegate control of their finances to trusted persons, while doing more to secure their accounts against fraud.
The good news is that Dynamic Authorisation is purpose-built to address these industry problems. By centralising authorisation decisioning and enforcement, financial service providers can streamline authorisation workflows, ensure consistent and secure data sharing with third-party providers, improve loyalty and reduce fraud – all in one. Policy-based authorisation takes this even further by enabling dynamic rules that adapt to real-time context and risk factors.
Join authorisation experts Adam Rusbridge and Adam Preis of Ping Identity to learn how Dynamic Authorization can enable:
- Fine-grained control: Define and enforce access controls for payments, transfers, account settings and data requests, minimising security risks and regulatory compliance headaches.
- Enhanced user experience: Streamline API interactions and reduce friction for TPPs, accelerating Open Banking and Open Finance investments.
- Data monetisation: Leverage granular control over data access opens doors for innovative data-driven services and revenue streams.
- Agility and scalability: Respond swiftly to changing market needs and regulatory landscapes with adaptable authorisation policies.
Join this discussion about the efforts of the AuthZEN working group in the Open ID Foundation, which will include an overview of the authorization space, and the various technologies and players involved. The panel will also discuss why the group exists, the problems that it is trying to solve, and the state of the current work.
As Authorization appears to be the next horizon for standardization efforts, and the multiple technologies, often incompatible with each other, the need for standardization becomes more and more crucial. Come and hear how XACML, Cedar, Graph, IDQL, and more.
