KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords, simpler for consumers to use, and easier for service providers to deploy and manage. While initially focused on the consumer space FIDO2 holds advantages for the enterprise willing to break the mould on legacy authentication models.
This session will look at the components of a FIDO2 environment and investigate the options for FIDO deployments. A view of the possible future of FIDO will be discussed.
The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords, simpler for consumers to use, and easier for service providers to deploy and manage. While initially focused on the consumer space FIDO2 holds advantages for the enterprise willing to break the mould on legacy authentication models.
This session will look at the components of a FIDO2 environment and investigate the options for FIDO deployments. A view of the possible future of FIDO will be discussed.
OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has been historically difficult to meet very high security and interoperability requirements when using OAuth. Daniel and Joseph have spent much of the last five years working to improve the state of the art and will present the latest developments in the field.
There are challenges when trying to achieve high security and interoperability with OAuth 2: Many potential threats need to be addressed, some not part of the original OAuth threat model. To seamless authorizations, optionality must be minimized OAuth itself and also in any extensions
used.
Six years ago, the IETF OAuth working group started work on the Security Best Current Practice document and more recently on OAuth 2.1. Meanwhile, the OpenID Foundation has created FAPI1 and FAPI2 security profiles.
We will introduce these specifications and help you understand the focus of each document and when to use which. We show how to achieve on-the-wire interoperability and high security through the use of techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS. We highlight the benefits for implementers and the role of conformance testing tools.
Decentralized Identity is about to change the way we do IAM in enterprises. It is not just about the C-identities (consumers, customers, citizens). This raises two questions: What do to differently in IAM, to leverage the potential of decentralized identities? And what not to do anymore, because it is becoming legacy? IAM, without any doubt, will change fundamentally. But is it about rip-and-replace of IAM and in particular IGA, or about complementing it? In this panel, we dive into this decentralized lake of innovation, new standards, products, vendors and start-ups in order to find out how to benefit from DIDs in the enterprise.
Are there interoperability models and how could a longer-term migration scenario look like? What about Identity Workflow Orchestration? Join this great panel session to discuss the way forward for workforce identity.
Finding the right passwordless solution can be a daunting task. Searching the web for a passwordless authentication solution will present many options for various use cases. With so many options, how do you choose the solution that best meets your requirements?
This presentation will help guide you through the different FIDO standards, Passkeys and provide real-world examples of how they are being used today. We'll explore the benefits of FIDO, including increased security and improved user experience, and discuss the challenges and limitations.
If you're ready to say goodbye to passwords and embrace the future of passwordless authentication, join us and learn how to find the right FIDO solution for your passwordless needs.
Sure, MFA goes a long way in preventing account takeover but it is only one layer. Using AI to look at identity data to evaluate risk can add an additional layers – not only to prevent takeover but mitigate the impact once a takeover happened.
Still developing CIAM in-house? Discover the realities of serving 50 million customers using Hosted Customer Identity and Access Management (CIAM) as a service (SaaS) from a vendor.
Customer Identity and Access Management is one of the most critical platform components. How big of a risk would it be for the large enterprise to delegate it to the vendor solution? And how much risk would it be to not do it?
In 2019 our Eastern Europe business was struggling with Accounts Takeovers where botnets of 1 million IPs total size were involved in massive credential stuffing attacks. And we decided to replace all our legacy auth with a vendor solution.
In this session we will go through the key moments of such transition and the key learnings from the past 4 years. We won’t miss the aspect of value proposition, customer experience, real cost and return on such an investment.
There are many benefits when we cross over the silos of vendors, clients and service providers
In this panel discussion, we will talk with community leaders in our industry about the benefits of community, how the power of community extends beyond peer-to-peer support, and accelerates business innovation, grows market share, and increases customer retention.
We will also talk about how they work to foster and engage the greater community, and why you should get envolved.
The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when?
In this session, we will present a new architecture for Identity First Security based on Centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations.
This session provides an overview of the CIAM solution market and provides you with a compass to help finding the solution that best meets your needs. In a recent Leadership Compass, KuppingerCole´s Senior Analyst John Tolbert examined the CIAM market segment, product/service functionality, relative market share, and innovative approaches to providing SOAR solutions.
The Common Ground movement of the Dutch municipalities is developing innovative solutions for greater interoperability. An important part of this is the data landscape, where functionality is accessed through microservice API’s. In the analysis of this architecture, one aspect is barely touched upon: The Access Control aspect in API’s is not appropriately co-developed.
The Municipality of The Hague has performed a Proof Of Architecture (the POA) to demonstrate that it is possible to unlock an existing API in which access is not explicitly modeled, or that still uses traditional Role Based Access Control methods internally, restricting interoperability across contexts.
The POA is done in an effective and efficient way through innovative 'zero trust architecture' concepts, such as Policy Based Access Control. Security and privacy are thus demonstrably realized in accordance with legal requirements. The POA proves that it is technically feasible to add input-filtering of access requests to ignore the restricting RBAC method and thereby open doors for municipalities for interoperability in an autonomous and secure way.
During the presentation the working principles of API access from a perspective of Identity & Access Management are explained, but also how these principles can be applied in practice in an existing application landscape.
The presentation will be a joint presentation between the lead architect of the City of The Hague, Jan Verbeek, and access strategist André Koot.
Cross device flows lets a user initiate an action on one device (e.g. a SmartTV) and authenticate or authorize that action on a trusted personal device (e.g. a mobile phone). Examples includes authorizing a smart TV to access streaming content, or authenticating to a service by scanning a QR code with a mobile phone and completing the authentication on the mobile phone. This process of authorizing an action on a separate (but trusted) device from the one on which an action is initiated is an increasingly common flow, whether used for devices with limited input capabilities, multi-factor authentication or credential presentation. A number of standards have adopted this pattern including Device Authorization Grant (formerly Device Code Flow), Client Initiated Backchannel Authentication (CIBA) and Self Issued OpenID Provider (SIOP). These flows solve important business problems, but is vulnerable to attacks where the user is tricked into granting consent to an attacker. The IETF OAuth working group has recognised this challenge and is creating new guidance that leverages zero-trust principles to defend against these "illicit consent grant" attacks. This session will discuss the attacks and how the new guidance can mitigate these threats against cross device flows.
Whereas our Privacy and Security peers have top executive-level access and presence as well as often Board-level access, Identity typically does not.
Should that continue to be the case? Are the conditions right for the establishment of a Chief Identity Office… and is that even a good idea?
In this panel, Drs. Jacoba Sieders, Denny Prvu, and Ian Glazer will debate the pros and cons of the notion of a Chief Identity Officer role. Topics will include:
As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.