KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.
Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.
The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.
These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.
An impactful 73 pages proposal for amending the 2014 e-IDAS regulation was made in June last year, a.o. providing EU wide wallets for national e-ID’s. Market consultations and impact assessments have been concluded early 2022 and the European Parliament discussed the proposal with experts answering questions parliamentarians had, not without arousing quite some dust.
The EU Digital ID Proposal is powerful, as it is creating a Pan-European wallet for all member states, trying to stay in line with all existing ID initiatives and legislation. Drs. Jacoba Sieders will give you insight into how she foresees the impact of this EU initiative on businesses across Europe as well as globally.
This session is a continuation of the opening keynote by Martin Kuppinger on the future Composable Enterprise. Together we take a look at what powers the composable enterprise and which concepts and technologies can contribute to building a composable enterprise.
KuppingerCole proposes an engine that powers composable enterprises, made up of composable services, identities, and data. Since this journey towards becoming composable is intensely individual based on business goals and requirements, there countless ways of cultivating this modular trifecta. Therefore, this session identifies some of the building blocks that organizations use to cultivate interchangeability and agility to achieve their continually shifting business goals. These building blocks are modular themselves, allowing organizations to exercise different aspects to power composability.
The world of modern urban mobility is full of - unused - opportunities. To get to their destination, people can use public transportation, take a cab or rent an e-scooter. But many options also means many providers. Anyone who uses more than one of the aforementioned forms of transportation to get from A to B will inevitably be confronted with a fragmentation of their journey. This is anything but smooth and user-friendly. A simple example makes this particularly clear: If Erika Mustermann has to go to London for a business meeting, she first takes the suburban train to the airport, then gets on a plane, and then has a cab take her to the hotel. That's three different booking processes with three different mobility providers. Decentralized technologies, on the other hand, enable a new kind of efficiency and effectiveness in the back-end networking of different providers. But how can such a seamless customer journey be implemented so that both mobility service providers and customers benefit equally? Sophia Rödiger, CEO of bloXmove, is happy to tackle this challenge in a talk on IT Trans. In doing so, she explores the question of how, for example, the individual players in local public transport can cooperate with each other while remaining independent and what role blockchain technology plays in this. She also explains how providers can save resources through the decentralized concept while gaining more customers. In addition, she puts a special focus on how the cooperation between the public and private sectors can be changed by the approach in the long term.
The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. Join this session to get find out the state of passwordless authentication from the FIDO lens, including a sneak peak at major news that will – finally - make passwordless FIDO authentication available to the masses.
Today, seamless access experiences are crafted based on identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication, self-service portals, and federated access. But, is this enough for the next epoch of digital applications, metaverse, and Web 3.0?
The digital world is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double.
In this keynote, Asanka will look at creating a seamless access experience around the digital double using APIs, integration, and identity in order to prepare organizations to address the next digital era.
Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.
“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said.
Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then that zero trust was all marketing and no trousers.
If 2021 brought us anything though, it was finally some clarity that zero trust really does have a role to play in the enterprise, just not by itself. Various vendors and enterprises have finally conceded that while it is important, it is just one part of the puzzle to help organisations manage their ever changing, digitally transformed, hybrid working, flexible, work from home environments.
Everything changed with zero trust, and now it is actually helping us to change again. In this talk, learn from;
Where zero trust came from, and where it is now
What the new working paradigm means for CISOs…
… and how zero trust environments and working models can help, not hinder, even without a final destination