Early-bird Discount
expires in
Register Now

Agenda

Dynamic Trust - Globally

Dynamic Trust - Globally

Combined Session
Thursday, June 06, 2024 17:30—18:30
Location: B 09
Log in to download presentations

Federation Bubbles
17:30—17:50

Watch the video

 

Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.

But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?

This isn't addressed by only using local accounts, or creating and distributing shards of a global truth. We need a world that expects things to move.

Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.

Justin Richer
Independent Consultant, Founder
Bespoke Engineering, LLC
Justin Richer is a security architect, software engineer, standards editor, and systems designer with over two decades of industry experience. He is the lead author of OAuth2 In Action and...
The Italian National Federation: Design, Deployment, and Lessons Learned
17:50—18:10

Watch the video

 

Deploying national federations is a complex task, requiring the integration of various protocols to build a secure, reliable, scalable, and interoperable ecosystem. This session will focus on the Italian experience in the design and deployment of national digital identity systems, SPID and CIE id, using OpenID Federation and OpenID Connect.

The discussion will delve into the Italian implementation profile of OpenID Federation and the onboarding system highlighting the challenges encountered during the deployment of these national federations, the solutions implemented, and the lessons learned in the process.

The aim is to share insights and practical knowledge that can guide other nations and organizations in their journey toward deploying their own national federations using similar federation protocols.

We are excited about the possibility of contributing to EIC and look forward to the opportunity to share our knowledge with fellow professionals from around the globe. Please find our short biography and portrait:

Giuseppe De Marco
Open Source Project Leader, Digital Identity Expert
Dipartimento per la Trasformazione Digitale
Giuseppe is an expert in Digital Identities, Authentication and Authorization Infrastructures and trust ecosystems, with a solid background in software development, systems administration and...
Francesco Antonio Marino
Innovation Manager and Solution Artichect
Poligrafico e Zecca dello Stato (IPZS)
As an Innovation Manager and Solution Architect with a specific emphasis on Digital Identity, I bring over 15 years of experience in research and developing innovative digital products to the...
High-security & Interoperable OAuth 2: What’s the Latest?
18:10—18:30

Watch the video

 

OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has historically been difficult to meet very high security and interoperability requirements when using OAuth. Daniel and Joseph have spent much of the last six years working to improve the state of the art and will present the latest developments in the field.

There are challenges when trying to achieve high security and interoperability with OAuth 2: There are many potential threats, some not part of the original OAuth threat model. For seamless authorizations, optionality must be minimized in OAuth itself and also in any extensions used.

Seven years ago, the IETF OAuth working group began work on the Security Best Current Practice document and more recently on OAuth 2.1. Meanwhile, the OpenID Foundation has created FAPI1 and FAPI2 security profiles.

We will help you understand the focus of each document and when to use which. We show how to achieve on-the-wire interoperability and security using techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS, discussing the benefits and potential disadvantages of each. We highlight the benefits for implementers and the role of conformance testing tools.

Dr. Daniel Fett
Security and Standardization Expert
Authlete
Daniel holds a Ph.D. in Computer Science for the development of new methods for analyzing the security of web standards. Leveraging this background, he has worked for the past several years to...
Joseph Heenan
CTO
Authlete Inc
Joseph is a software engineer & architect with over 25 years’ experience, who started writing mobile apps before mobile apps existed. He contributes to IETF and OpenID Foundation working...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch