Event Recording

The SolarWinds Hack and the Executive Order on Cybersecurity Happened - It Is Time to Prepare

Show description
Speaker
Sven Ruppert
Developer Advocate
JFrog
Sven Ruppert
Sven Ruppert has been coding Java since 1996 in industrial projects, is working as Developer Advocate for JFrog and Groundbreaker Ambassador (former Oracle Developer Champion). He is regularly speaking at Conferences worldwide and contributes to IT periodicals, as well as tech...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
SSI Market Size (and opportunity in web3.0) and use cases
May 11, 2022

Who is this new beast, which widespread technology is going to be used everywhere from banking to metaverse, travel to healthcare? The technology that has no limits in its application across sectors is equally welcome in centralised and decentralised worlds. Meet, self-sovereign identity (SSI).

How do you quantify the impact of a paradigm which will completely transform how we interact with identity and more broadly, authentic or trusted data? Our estimates say its market size is $550b / $0.55Tr.

We’ll give a brief rundown of SSI applications across Finance, NFT, Banking, Crypto and many more.

Event Recording
Siemens AG: Real-World Enterprise IAM at Scale
May 11, 2022

In today´s unpredictable business environment where change is the normal, it has become critical to have a manageable and scalable Identity & Access Management program in place. In this Best Practice Presentation, Leonardo Morales will talk about the challenges and his learnings from implementing state-of-the-art IAM at Siemens AG, and what the next steps will be.

Event Recording
What Does It Mean to Package Ethics Into a Technology Stack?
May 11, 2022
Event Recording
GAIN Insight
May 12, 2022

In this session, Daniel Goldscheider will give an overview on GAIN, the standards behind, and use cases. 

Event Recording
We’re Gonna Need an even Bigger Boat: How Pervasive Digital Transformation, Nation State Actors, and Open Code Repositories Mandate a Reinvention of Identity
May 11, 2022
Event Recording
Certificate Based Authentication in a Cloud Native Environment - a Migration Journey from Handcrafted XML Signing to OpenID Connect
May 11, 2022

During this best practice session we will present you with hands-on experience from one of our financial services industry customers.

The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the existing mechanism was no longer fit for purpose. Together, we designed a solution to keep the benefits of certificate based authentication while establishing an interaction model conforming to the OpenID Connect standard. We implemented the mechanism based on the open source software Keycloak, successfully passed an external penetration test and have to this point authenticated hundres of thousands of sessions. After our session, attendees will

  • be familiar with standard conforming approaches to use OpenID Connect with certificates for authentication
  • be able to assess which parts of their authentication flow will benefit from using certificates
  • know relevant open source technologies and technical approaches to use in their own implementations
  • understand common pitfalls and relevant considerations when implementing the standards in a real-world, cloud based scenario
Event Recording
Panel | Introducing Open Policy Agent (OPA) for Multicloud Policy and Process Portability
May 11, 2022

With over 120 million downloads, and users like Netflix, Zalando and GS,  the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with  Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.  

Event Recording
Kubernetes and Crossplane at Deutsche Bahn
May 12, 2022

This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience.

The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.

Event Recording
Identity is the New Perimeter: How to Discover, Mitigate and Protect Identity Risks
May 12, 2022

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.

Event Recording
The Empowered Consumer and the Next Era of Digital Identity
May 11, 2022
Event Recording
The Changing Cyber Threat Landscape and its impact on IAM (I)
May 11, 2022
Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.