Event Recording

Identity Inclusion – Why it Matters

Show description
Speakers
Melissa Carvalho
Global Cyber Security Vice President
Royal Bank of Canada
Melissa Carvalho
Melissa Carvalho, RBC Global Cyber Security Vice President, leads the Cyber security Planning office and the bank’s Global Identity and Access Management group, providing cyber solutions and services for RBC’s 86,000 employees and 17 million clients. Melissa is also the Vice Chair...
View profile
Emma Lindley
Managing Director, Co-Founder
Women in Identity, Caf
Emma Lindley
Emma Lindley is Managing Director of International Expansion for CAF a digital identity company located in Brazil, USA and UK. She is also co-founder and Chair of Women in Identity a not-for-profit organisation membership organisation focused on diversity and developing inclusive products in the...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
FIDO 2: Zero Trust in Action with Passwordless Phishing Resistant Authentication
May 10, 2023

By now, organizations are well aware of the need for better protecting data and application with modern access management and authentication.
Thales and Microsoft partner to help organizations going passwordless to fight against phishing attacks. Thales and Microsoft experts Sarah Lefavrais and Thomas Detzner will talk about the role of Fido and other phishing resistant authentication methods like CBA in achieving Zero Trust approach.

Event Recording
Ditch Siloed IAM: Convergence, a Must For Identity Threat Detection & Response
May 09, 2023

An increase in the types of digital identities, coupled with multi-cloud adoption, has added complexity to managing identities and privileges. How does one get future-ready, to address these new-age challenges? An Identity-centric security strategy centers on effective governance with zero trust, that simplifies and unifies critical aspects of Access Management (AM), Identity Governance Administration (IGA) and Privileged Access Management (PAM). Join us to explore the benefits of a Converged Identity security approach that is outcome-driven, and looks to ditch the silos of key IAM components.

Event Recording
Biometrics for Identity Assurance
May 10, 2023

In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have. 

Join iProov to hear how biometrics can improve security for both digital and physical access.  Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.

Event Recording
Challenges in Transitioning to the Next Generation Password-less Experience
May 10, 2023

Cash.App is the #1 financial app in the US. It started out with a password-less authentication paradigm back in 2013, built around OTP verifications. We are now transitioning to the next generation password-less experience built around passkey. While the transition offers many promises, the path comes with several challenges, around security guarantees, backward compatibility and seamless user experience. We share insights we learned along the journey.

Event Recording
Building the Roadmap for Your Future IAM | Workshop
May 09, 2023
Event Recording
What’s Hot at the OpenID Foundation | Workshop
May 09, 2023

OpenID Foundation leaders and contributors will brief the EIC community on the latest progress and outlook for the OpenID Foundation. As part of this workshop we will cover: 

  • The identity landscape
  • The Foundation’s 2023 strategy
  • New partnerships and liaisons
  • Headlines from the Foundation’s latest whitepapers on Government, Privacy and IoT
  • Briefs on Working Group and Community Group progress and outlook
  • Deep dives on key issues facing the community - for your input!

Please join us early to be part of the conversation. Workshop presenters include Nat Sakimura, Gail Hodges, Kristina Yasuda, Torsten Lodderstedt, Tim Cappalli and others.

Event Recording
How to Build Interoperable Decentralized Identity Systems with OpenID for Verifiable Credentials
May 10, 2023

OpenID for Verifiable Credentials (OID4VC) is a set of protocols that enables issuance and presentation of verifiable credentials expressed in any format including but not limited to W3C vc-data-model and ISO/IEC 18013-5 mDL. The power of the protocols lies in its demonstrated simplicity, security, and the implementer's ability to make choices across the tech stack - not just for credential formats, but also entity identifiers, trust model, crypto suites, revocation mechanism, etc. However, this also means that to be interoperable and enable certain use-cases(s), implementers need to agree on the sets of choices across the tech stack, usually referred to as interoperability profiles.

In this talk, we will share implementation experience of OID4VC specifications, and introduce existing interoperability profiles based on OID4VC. Of course we will also provide updates to OID4VC specifications, how they have evolved from the last year based on an overwhelming amount of implementation feedback.

Event Recording
What’s Next In Enterprise Authorization
May 11, 2023

As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.

Event Recording
Safeguarding IoT/OT/IIoT Devices, Their Identities and Communication with Autonomous Networking
May 11, 2023

Autonomous networking aims at the appropriate handling of the growing number of devices, machine, sensors and components for which authentication and authorization must be ensured, i.e., identities must exist. The initial provision of such identities, but also the handover and onboarding into the respective operational environment (WiFi, smart home, factory floor) require scalable, automated, end-to-end secured procedures and concepts to facilitate trusted communication, but also e.g., the provision of made-to-measure updates.
Making IoT/OT/IIoT identities and networks secure by design is essential. ACP (Autonomic Control Planes) and BRSKI (Bootstrapping Remote Secure Key Infrastructure) lay one foundation for achieving this.

Event Recording
Decentralized Identity: The Way Forward
May 10, 2023

Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.

Event Recording
To Rotate or Not to Rotate (Privileged Accounts) - That is the Question
May 11, 2023

Rotating credentials of some privileged accounts is a risky task, which might lead to a business shutdown when things go wrong. But the alternative of not rotating them opens the door for attackers to take hold of your organization - thus leading to a business shutdown as well. This is a lose-lose situation.
So what should we do ? Rotate or not rotate credentials of privileged accounts ?
In this session we will discuss about the challenges and solutions.

Event Recording
Lessons Learnt Rolling Out a B2B CIAM Program
May 12, 2023

Holcim is the Global leader in innovation and sustainable and building solutions and we are offering different digital solutions to the partners (Customers, suppliers, carriers...) making business with us. The identity among those solutions definitely need to be centralized under a CIAM solution mainly focused in the Business to Business setup in order to improve management, customer experience and compliance with regulations. During this session, it will be shared the main pain points and the lessons learnt after more than one year rolling out a CIAM program.