Event Recording

Defending Cross-Device flows against Illicit Consent Grant Attacks

Show description
Pieter Kasselman
Identity Standards Architect
Pieter Kasselman
Pieter Kasselman is a member of Microsoft's Identity Standards team where he focus on developing standards to address the most important problems in the field of identity. Pieter has over 25 years' experience as a technologist and engineer, working on bringing new technologies and business...
View profile
Top related content
Event Recording
Panel | Digital Identities and IoT - How to Leverage OIDC and OAuth 2.0 for the Best User Experience and Security! IAM Related Experiences From the Automob
Sep 15, 2021

A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc.
Several compelling use cases require smart things to act not only for themselves but also on behalf of the end-user. OpenID Connect and OAuth 2.0 can be used to provide a user-friendly and secure user journey. Learn about the experiences with these standards when it is about IoT and how Identity & Access Management products help to reduce time-to-market, costs, and inconsistency between different touchpoints.

Key Takeaways: 

- What are the essential protocols to bring identity and IoT together
- What are the challenges, best practices, and pitfalls of IoT projects
- Arguments for buy or build

Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Andre Priebe, CTO, iC Consult Group
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Securing the Privacy of Non-logged in Devices
Sep 14, 2021

Many services across the web today allow users to consume the service without explicitly signing up. They generally identify users by a cookie containing a unique browser-id and store user data against it.

George Fletcher, Identity Standards Architect, Verizon Media Group
Deepak Nayak, Privacy platforms Architect, Verizon Media
Event Recording
Digital Identities and IoT – How to leverage OIDC and OAuth 2.0 for the best user experience and security!
May 13, 2022
Event Recording
Pre-Conference Workshop | How OpenID Standards are Enabling Secure & Interoperable Digital Identity Ecosystems
May 10, 2022

OpenID Foundation Workshops provide technical insight and influence on current digital identity standards while also enabling a collaborative platform to openly address current trends and market opportunities. The OpenID Foundation Workshop at EIC includes a number of presentations focused on 2022 key initiatives for the Foundation.

Event Recording
Securely Identifying Mobile Apps
May 12, 2022

Today's open standards ensure that when a user chooses to login, the user’s authentication is protected and only delivered to the mobile app that initiated the authentication. However, how does the Authorization Server identify or verify the invoking app? This talk will look at the potential for mobile app impersonation and mechanisms available to protect against these attacks.

Key takeaways:

  • What’s needed to impersonate a mobile app
  • How standards currently address this exposure
  • Mechanisms to strongly identify a mobile app
Event Recording
Going Native... with Mobile App Authentication
May 10, 2023

Today, industry best practice requires that the user experience for authentication and authorization require the user to use some form of browser to interact with the Authorization Server. From a product perspective, this creates a disjointed user experience and while there are good reasons for requiring the use of a browser component this is a very common discussion between product and security when designing a mobile app. This talk will propose an industry standard way to allow for native user experiences while covering the pros, cons and implications of doing so.

Event Recording
How to Build Interoperable Decentralized Identity Systems with OpenID for Verifiable Credentials
May 10, 2023

OpenID for Verifiable Credentials (OID4VC) is a set of protocols that enables issuance and presentation of verifiable credentials expressed in any format including but not limited to W3C vc-data-model and ISO/IEC 18013-5 mDL. The power of the protocols lies in its demonstrated simplicity, security, and the implementer's ability to make choices across the tech stack - not just for credential formats, but also entity identifiers, trust model, crypto suites, revocation mechanism, etc. However, this also means that to be interoperable and enable certain use-cases(s), implementers need to agree on the sets of choices across the tech stack, usually referred to as interoperability profiles.

In this talk, we will share implementation experience of OID4VC specifications, and introduce existing interoperability profiles based on OID4VC. Of course we will also provide updates to OID4VC specifications, how they have evolved from the last year based on an overwhelming amount of implementation feedback.

Event Recording
Building Secure, Trusted and Interoperable Self-sovereign Identity with OpenID Connect
May 12, 2022


Event Recording
Victor Ake, Allan Foster - Digital Identity for the Internet of Things: Security, Privacy and Consent Challenges
May 10, 2017

IoT is a new digital channel to provide more products and services. However Security, Privacy and Consent in such environment are a major concern. To provide a secure interaction we need a “Holistic Identity” strategy, where identities represent humans, devices, things and their relationships; and privacy and consent management are also part of the strategy. Without Identity there are no security nor privacy, and this goes for all kind of entities! To implement a Digital Transformation strategy, it is necessary to provide more channels to face customers and citizens. The IoT is the perfect channel to interact with the end user and its environment, however this needs to be done in a secure way.