Event Recording

Dealing with Multi-Cloud, Multi-Hybrid, Multi-Identity: Recommendations from the Field

Speaker
Matthias Reinwarth
Head of Advisory
KuppingerCole
Matthias Reinwarth
Matthias is Head of Advisory and oversees and leads the KuppingerCole advisory team. Additionally he acts as lead advisor in various customer projects. As head of the IAM practice, Matthias coordinates communication and exchange within the KuppingerCole team across all business units (Events,...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Why KYC Isn’t Enough
May 11, 2022
Event Recording
Privacy: The Real Cost
May 10, 2022

Privacy is one of the most challenging aspects to protect in identity solutions.

The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.

Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.

Event Recording
Pre-Conference Workshop | Standards Matter. Trustworthy use of Identity and Personal Data
May 10, 2022

The world has changed because of COVID. More fraud is taking place. More misuse of identity is occurring. To combat the rise in fraud and to mitigate risk, the Kantara Initiative offers a 3rd party conformity assessment program.

Event Recording
Impressions from the European Identity and Cloud Conference 2022
May 17, 2022
Event Recording
The impact of decentralized identity solutions in the marketplace, insights and lessons
May 13, 2022

Long theorized as the solution to the verification problem on the internet, decentralized identity has now achieved lift-off in the marketplace. In this workshop, we’ll explain who’s interested, why, and what we learned building a series of solutions for global enterprises in the finance, health, and travel sectors. We’ll explain how we implement decentralized identity through the concept of a Trusted Data Ecosystem, and what the near future looks like for businesses who adopt this technology now, including the critical importance of verifiable digital identity to decentralized finance, the metaverse, and to the interaction of digital objects and non-digital objects in the spatial web—the “Internet of Everything.”

Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.

Event Recording
Signing in the Rain: HTTP Message Signatures and Web Security
May 12, 2022

HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if you want to be sure the sender is the right sender, and what you see is what they sent? What if you've got a more complex deployment, with proxies and gateways in between your endpoints that mess with the contents of the message? What if you need assurances on the response as well as the request, and to tie them together? People have been trying to sign HTTP messages in various ways for a long time, but only recently has the HTTP Working Group picked up the problem. Come hear about the HTTP Message Signatures work from the draft specification's authors and see how it works, how to apply it, and talk about how it could change how we use the web.

Event Recording
GAIN Insight
May 12, 2022

In this session, Daniel Goldscheider will give an overview on GAIN, the standards behind, and use cases. 

Event Recording
Reinventing the Network with Zero Trust to Stop External Network Attacks
May 11, 2022
Event Recording
In Transition - From Platforms to Protocols
May 13, 2022

Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.

Event Recording
Quo vadis, SSI? – Self-sovereign Identity on route to production
May 12, 2022

Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation,  promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.

Event Recording
What Does It Mean to Package Ethics Into a Technology Stack?
May 11, 2022