Early-bird Discount
expires in
Register Now


Secure, Collaborative IAM

Secure, Collaborative IAM

Combined Session
Friday, June 07, 2024 13:30—14:30
Location: B 07-08
Log in to download presentations

Securing Workload Identities: Best Practices for Tokenizing Third-Party API Keys and Access Tokens

Watch the video


Stolen secrets and credentials are one of the most common ways for attackers to move laterally and maintain persistence in cloud environments.

Modern cloud deployments employ secrets management systems such as KMS to protect key materials at rest and avoid leaking keys or credentials in source code or other build artifacts. However, secrets are unprotected at runtime, so any vulnerability or compromise of a service could lead to credential theft.

This talk will propose an architecture that, in conjunction with a secret manager, tokenizes secrets and rewrites requests at runtime. Through this approach, application code never directly interacts with key material. Additionally, it enforces stringent access control rules based on Open Policy Agent (OPA) policies for accessing secrets, significantly reducing the blast radius in the event of a security breach.

Vincenzo Iozzo
CEO and Co-founder of SlashID. Previously, Founder & CEO of IperLane (acquired by Crowdstrike). Vincenzo is a Committee Member of the Black Hat Conference Board and was an Associate Researcher...
Enabling Fine Grained Authorization for Microservices with Standards

Watch the video


The proliferation of micro-services along with the changing threat landscape means it is no longer possible to rely on network segmentation to establish a secure permitter while allowing broad access between services inside the perimeter. As a result, we have to assume that the attackers are inside the perimeter and apply fine grained authorization at the microservice level to ensure least privilege access based on the context of each transaction. This context includes details of the transaction, the user, other services, or workloads in the call chain as well as the trust domains in which the services operate.

The good news is that there are two new complimentary standards being developed in the IETF OAuth working group that provide a standardised mechanism for preserving transaction context. The Transaction Tokens draft provides a mechanism for preserving context for fine grained authorization decisions within a trust domain, while Identity Chaining across Trust Domains provides a mechanism for preserving that context even when crossing trust boundaries. In this session we will provide an overview of these two emerging standards and describe how they are used to enable fine grained authorization in microservices.

Pieter Kasselman
Identity Standards Architect
Pieter Kasselman is a member of Microsoft's Identity Standards team where he focus on developing standards to address the most important problems in the field of identity. Pieter has over 25 years'...
Digital Trust - Building Truly Collaborative Networks

Watch the video


Collaborative Networks have been widely used in business models for modern manufacturing to support today’s fast-moving innovations and complex supply chains. Managing different levels of trust efficiently and securely in Collaborative Networks is critical for productization and time-to-market.

Enabling trust in digital interactions requires the right balance between security and user experience. By combining the lessons learned from the user experience of consumer identity; mission-critical identity proofing and identity validation in financial services; and data privacy regulation compliance across regulated markets, a brand new approach of secure identity management across all industries has been on the rise.

Collaborative Networks (suppliers, partners, distributors, brokers etc.) have a very diverse set of users with varying security, privacy and user experience needs. Discover how to strike that balance to harness the true power of collaboration!

Mithun Singh
Product Adoption Manager IAM
Mithun Singh brings almost a decade of experience in Identity and Access Management including Fraud, Risk & Open Banking and is currently the Product...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch