KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Authorization in modern applications is becoming increasingly complex, particularly when it comes to managing access to resources at the individual user and group levels. OAuth has become a widely-used standard for granting access to resources on behalf of a user, but it is not well-suited for these more nuanced use cases. In this talk, we will explore the confusion surrounding the use of OAuth for user and group-focused authorization in applications. We will discuss the standard meaning of authorization in OAuth, which is to grant access for an application to call APIs on behalf of the user, and how misusing OAuth for this purpose can lead to bad architecture and bloated JWT tokens. We will also introduce alternative standards like UMA (User-Managed Access) and GNAP (Group-Based Nested Access Protocol) as potential solutions for user and group-controlled resource delegation. These standards provide a more fine-grained and dynamic approach to access control and can be integrated with policies created by a PBAC (Policy-Based Access Control) server for a more comprehensive solution. Attendees will leave with a better understanding of the limitations of OAuth for user and group-focused authorization, and with a clear understanding of the potential of UMA and GNAP as solutions for these use cases.
Authorization in modern applications is becoming increasingly complex, particularly when it comes to managing access to resources at the individual user and group levels. OAuth has become a widely-used standard for granting access to resources on behalf of a user, but it is not well-suited for these more nuanced use cases. In this talk, we will explore the confusion surrounding the use of OAuth for user and group-focused authorization in applications. We will discuss the standard meaning of authorization in OAuth, which is to grant access for an application to call APIs on behalf of the user, and how misusing OAuth for this purpose can lead to bad architecture and bloated JWT tokens. We will also introduce alternative standards like UMA (User-Managed Access) and GNAP (Group-Based Nested Access Protocol) as potential solutions for user and group-controlled resource delegation. These standards provide a more fine-grained and dynamic approach to access control and can be integrated with policies created by a PBAC (Policy-Based Access Control) server for a more comprehensive solution. Attendees will leave with a better understanding of the limitations of OAuth for user and group-focused authorization, and with a clear understanding of the potential of UMA and GNAP as solutions for these use cases.
In the current economical climate many companies are facing the need to restructure the operations to ensure efficieny and profitability.
This does in some cases result in layoffs but is also means that projects are cancelled and the staff that was assigned to these projects are freed up for other efforts. In IAM terms the results is a lot of movers in the organisation which traditionally has been a usecase that has been challenging to efficiently support.
How do we help the business and support the need for assignment based access to ensure efficient usage of staff? This talk will look at the lessons learned from implementing assigned based access at a global retailer. It may also include Swedish meatballs, flatpack furniture and moose hunting towers.
The shift to multi-cloud introduces a wide range of cloud security risks that remain unaddressed due to the siloed approach and limited focus of existing cloud security tools. Most cloud security tools offer highly focused solutions that are limited in scope and capabilities to address the growing spectrum of multi-cloud security risks. The convergence of IAM and multi-cloud security tools (CSPM, CWP and CIEM) offer a cloud security platform that takes an integrated approach to securely manage identities and their access entitlements to cloud resources for cloud-native application development, deployment and operations in the cloud. In this session, we will discuss:
To enhance interoperability between digital identity schemes and digital trust services across borders, the eIDAS regulation provides a legal framework for electronic signatures in the EU, defining how to use them to ensure their validity across Europe. eIDAS2 now includes plans for the creation of a European Digital Identity Wallet (EUDIW). Cloud signatures are expected to play a vital role across this new ecosystem by enabling natural and legal persons to electronically sign and seal documents and transactions with high-assurance remote digital signing certificates. Cloud signatures based on the Cloud Signature Consortium (CSC) Standard can help achieve cross-border interoperability via specifications and certification for the usage of Remote Electronic Signatures and Seals in this new pan-European digital identity ecosystem.
Join us to learn about the new CSC Standard general architectural framework in specific eIDAS context (Kim Nguyen, CSC Board Member, D-Trust) and for a technical deep-dive into the recently launched CSC Standard version 2.0 (Luigi Rizzo, Chair of the CSC Technical Committee, InfoCert).
The Zero Trust paradigm, the approach of eliminating inherent trust in an IT architecture and always verifying, has been discussed for over a decade. It is well known that Zero Trust is a team sport, with Identity in the center. The many components, from IGA to Device Management, Network-segmentation to contextual awareness and beyond can be fulfilled by as many vendors, bearing the question about how to integrate these for a secure and convenient user experience. While there may be integrations available for some components, they will most likely be disjointed and/or require custom development, making it a challenge to be agile and innovative.
An alternative to the described problem would be Orchestrating Zero Trust, applying the approach of "Detect, Decide, Direct". Through Orchestration the task of gathering all signals and relevant information (Detect) for an appropriate authorization decision (Decide), and continuing with the proper next step(s) (Direct) can be fulfilled in a flexible manner, facilitating customization in a future proof manner.
In this session we will describe the "Detect, Decide, Direct" approach and see how Orchestration can be a key enabler of Zero Trust.
For many years public concern about technological risk has focused on the misuse of personal data, with GDPR, most hated and loved at the same time as one of the results. With the huge success of LLMs and generative AIs such as ChatGPT, artificial intelligence soon will be omnipresent in products and processes, which will shift regulator´s attention to the potential for bad or biased decisions by algorithms. Just imagine the consequences of a false medical diagnose, or of a correct diagnose created by an AI and then not accepted by the doctor. Not to mention all the other fields where bad AI can be harmful, such as autonomous cars or algorithms deciding on your future credibility. Inevitably, many governments will feel regulation is essential to protect consumers from that risk.
In this panel discussion we will try to jointly create a list of those risks that we need to regulate the sooner the better and try to create an idea on how this future regulation will impact the way we use AI in our bsuiness and private lives.
The digital identity paradigm looks set to evolve. Citizens might rely on digital identity wallets within a few years. As the metaverse and Web 3.0 take shape, users will need more than ever to trust who they interact with and be protected against fraud. How are mobile operators approaching these evolutions? This session will bring GSMA perspective on the mobile industry’s contribution to securing digital services, as the identity landscape shifts. Helene Vigue will share how tomorrow’s digital identity may build on mobile operators’ assets and services.
Practical Cyber Security Architecture: Reducing complexity – Introducing a practical model for security classifications. Building and running cyber security in both worlds modern cloud security in combination with legacy on premises introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely fit in legacy systems. Based on a model for security classification we will explore some practical methods for reducing complexity in modern cyber security.
The claim or desire for authorizations, permissions and the rights set in practice often have a wide divergence. Typically, more rights are assigned unconsciously than were actually required.
The resulting vulnerabilities can have significant consequences therefore, it is essential to be able to monitor the true permissions at any time, regardless of how the permissions have been set. It is almost impossible to manage monitoring manually, even in small environments. Therefore, independent automatisms that can automatically explore, analyze and report the real settings are becoming a requirement.
In this session we will show you how Cygna Labs can support you in these challenging tasks and thereby ensure and improve security in your company.
What’s the highest value platform feature you can offer your Kubernetes tenants? It might be standardizing workload identity and policy controls. In this session, we will discuss desirable properties for a workload identity and present a modern architecture built on SPIFFE and cert-manager which uses Open Policy Agent (OPA) for policy decisions. This should leave you with actionable ideas to help you re-evaluate your workload identity functionality and security posture.
This panel will explore the current state of multifactor authentication (MFA) and its limitations, as well as potential solutions for improving the security and user experience of MFA. We will discuss topics such as the challenges of implementing MFA, the limitations of mobile-based MFA, and alternative methods for MFA, such as biometrics and behavioral analysis. The panel will also address the future of MFA, discussing the potential for new technologies to improve security and user experience, and the role of industry and government in shaping the future of MFA. Overall, the panel aims to provide valuable insights and perspectives on the multifactor authentication dilemma and the steps needed to move beyond mobile-based solutions.
In this session, I will first talk about the design considerations and challenges when applying SSI to IoT, followed by the description of an initiative for creating an embedded SDK for SSI. Finally, I will discuss new opportunities for building decentralized identity and access management solutions for IoT.
Data is Power. And as a popular comic superhero said, with power comes more responsibility. For companies offering digital services, the responsibility lies in storing the customer data securely. Growing number of global privacy regulations underpin this responsibility.
More and more organizations are using specialized Customer Identity and Access Management (CIAM) solutions which enable them to consolidate the data of existing customers while offering new and innovative ways to acquire new ones. CIAM tools can be used to prevent fraud, monitor suspicious activity as well as generate important business reports and statistics.
CIAM market is growing yearly but remains the most innovative in various IAM disciplines in to meet the fast-changing digital business demand. Utilizing modern, flexible, and scalable CIAM platforms will enable organizations to combine good customer experience with strong data security. Certainly, a recipe for a successful online enterprise!
This talk will give insights on how to strategize your CIAM journey and shed light on some pain points companies face when embarking on this exciting adventure.