Event Recording

Cardea: verifiable credentials for health information go open source

Show description
Speakers
Heather Dahl
CEO
Indicio
Heather Dahl
Heather is Co-founder and CEO of Indicio, the market leading developer of enterprise-class verifiable data solutions that optimize your existing systems ensuring digital privacy, efficiency, and trust. Under her leadership, she has driven the company’s growth strategy and overseen its...
View profile
Yuri Feliciano
Innovation Advisor
Government of Aruba
Yuri Feliciano
As an appointee of the Prime Minister of Aruba, Yuri heads the Aruba eGovernment pilot project. He currently supports the government of Aruba as the innovation advisor to the Minister of Tourism and Public Health working on the Aruba Health App and the ED Card entry...
View profile
Adrien Sanglier
Innovation Program Manager
SITA
Adrien Sanglier
Adrien is Program Manager at SITA Lab, and runs the Blockchain & Digital Identity Research program. He brings experience developing innovations and proving new concepts on live customer environments. He is currently involved exploring the concept of self-sovereign identity for...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
The Role of Identity & Access Management for Ransomware Resilience
May 11, 2022
Event Recording
Panel | The Pieces of Modern Authorization - Whats Happening in the Market
May 12, 2022
Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.

Event Recording
Friends don’t let Friends Centralize Authorization Enforcement
May 12, 2022
Event Recording
PAM for the People
May 12, 2022
The cyberssecurity approaches and strategies that works well for a multinational with a large and well funded cybersecurity department may not be as applicable for a mid sized company where the security department may be a single person.
Still if the partner company that delivers the cheese to a retailer falls to a cybersecurity attack there is simply no cheese to sell to the customers so the retailer not only looses money but also fails at their most basic task. So how do we as multinationals help our partners with implementing basic controls such as PAM in a way that works in their business reality?
In this session we will be looking at how you as a relatively cybersecurity mature company can do to help your less mature partners. It is also suitable for persons who has been asked to launch a cybersecurity or PAM program without been given the full resource to execute a full program.
Event Recording
What Does It Mean to Package Ethics Into a Technology Stack?
May 11, 2022
Event Recording
Global AI Ethics and Governance
May 13, 2022

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.

Event Recording
Joni Brennan and Allan Foster
May 12, 2022
Event Recording
GAIN Insight
May 12, 2022

In this session, Daniel Goldscheider will give an overview on GAIN, the standards behind, and use cases. 

Event Recording
All Other Identities - The Risk That Is Hiding in Plain Sight
May 12, 2022

For the last 30 years  virtually every  company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and  all  the other identities that  are not  directly addressed by today's workforce or customer access management solutions. The universe of  "all other identities"  is enormous, numbering in the billions and  maybe even the trillions of distinct and unique identities. In the absence of solutions and processes to actively manage and control the identities of contractors, service providers, agencies, franchisees and  all  the possible variations of people,  devices  and entities that your organization interacts with, accepting risk but not being able to  mitigate  it has been the normal course of business. It is past time that these risks are acknowledged,  addressed,  and mitigated. Richard Bird explains the current state of third and n-th party identity risk, how to recognize it and what to do about it in this presentation on a new frontier in security and risk.

Event Recording
European Identity & Cloud Awards Ceremony
May 11, 2022

Once again, analysts from KuppingerCole come together to showcase outstanding Identity Management and Security projects, standards and people. The winners will be honored live on stage during the award ceremony.

Event Recording
In Transition - From Platforms to Protocols
May 13, 2022

Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.