Event Recording

FIDO 2: Zero Trust in Action with Passwordless Phishing Resistant Authentication

Show description
Speakers
Thomas Detzner
Principal Product Manager
Microsoft
Thomas Detzner
Thomas Detzner is a Principal Product Manager on the customer success team in the Microsoft Identity and Network access divisions Identity Architecture team. He spends most of his time working with the engineering team to develop and ship a new service and working with his customers on their...
View profile
Sarah Lefavrais
Product Marketing Manager
Thales
Sarah Lefavrais
Sarah Lefavrais leads technology alliances within Thales’s IAM product marketing team. For the past several years, she has been fully involved in the Go to Market activities of Thales Passwordless FIDO Authentication solutions for Enterprises, contributing to several roundtables,...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Policy Based Authorization Architecture Considerations
May 10, 2023

Policy Based Authorization is becoming the new normal when it comes to identity-centric access controls. However, there is no standard approach to PBAC deployment that fits all use cases. In this session we will look at PBAC requirements for common use cases such as microservices, cloud, API, data & analytics.

Event Recording
Kantara Initiative Meet-Up - The Identity Place To Be
May 09, 2023

This workshop will feature the innovative and strategic initiatives underway at the Kantara Initiative. Where do you fit in and how can you benefit from all that Kantara has to offer? Key takeaways:

  • Kantara leads the way in US certifications for compliance with NIST Digital Identity Guidelines, 800-63. With all the major US identity verification companies entering their assurance program to obtain trust marks against the NIST 800-63 standards, earning IA2, AAL2, and FAL2 certifications. Learn how to become part of this elite group of service providers.
  • Version 4 of NIST 800-63 is out and Kantara is defining the requirements in the Identity Assurance Framework. Learn about future updates that will enable you to participate in real-world innovation that allows service providers and relying parties to gain meaningful return on their investment on the cutting edge of digital identity founded on standards.
  • Get the latest reports, white papers, and releases from the Kantara Work Groups, some of which will also be featured during the conference, including the Identity Assurance Work Group (IAWG), Privacy Enhancing Mobile Credentials WG (PEMC), Advanced Notice & Consent Receipt WG (ANCR), User Managed Access (UMA) WG, and Resilient Identifiers for Underserved Populations (RIUP) WG.
  • Equity and inclusion is a key priority for Kantara, learn about recent efforts and ways to use DEIA strategies to raise your bottom line and increase your return on investment by building DEIA into your business case.
Event Recording
eIDAS 2.0 & Digital Identity Wallet Readiness: What Your Organisation Needs to Know About Digital Identity Wallets
May 12, 2023

The revision of the eIDAS regulation introduces new requirements, challenges as well as opportunities for organisations. In this talk Adrian Doerk provides a structured guidance of aspects organisations need to be aware of to be well positioned in the market. After a general introduction to the eIdAS ecosystem, the focus will be on organisations who want to issue and verify qualified electronic attestation of attributes to/from the European Digital Identity Wallet. 

Event Recording
Your Identity Is Not Self-Sovereign
May 12, 2023

Are we really in control of our identities, are they merely assigned to us, or is there something else at play?

The promise of a "self-sovereign identity" seems great: you know who you are, and through the magic of technology you can prove to everyone around you that you are who you say you are. The technology to enable this is being built and deployed, but is it the right solution? Even more fundamentally, is it the right model at all?

In this session, we'll examine the core concept of "self-sovereign" identity in the light of how society has historically viewed identity and how our digital systems have modeled identity in different ways over time.

Event Recording
Tech Guidance in the Era of Polycrisis & AI-Driven Disruptive Change
May 11, 2023

The most interesting thing about recent AI innovations in the field of LLMs (Large Language Models) such as ChatGPT is that there is not much discussion going on about the effects LLMs will have on our daily lives, the way we consume information, seek guidance and the way we create information. Will we still need Identity Governnance Tools in 5 years time or will a universal cyber-AI have taken over the task of securely running the enterprise you currently work for? What about Tech Analysts and their guidance work? Will 90% of their work be done by non-humans? In this session we will try to jointly find answers on how tech guidance and consulting/advisory will change and, at least partly, disappear.

And this is how ChatGPT would write the Abstract of this discussion:     

The session on "Tech Guidance in the Era of Polycrisis & AI Driven Disruptive Change" will examine the increasing disruptive pressure on today´s business models caused by an evolving landscape of AI driven technology and the critical role of tech analysts to help organizations navigate the challenges and opportunities presented by the convergence of multiple crisis and the rapid pace of technological change.

Topics to be covered include the evolving role of tech analysts in an AI-driven world, the importance of understanding the ethical implications of technology, and the impact of technological change on job markets and society as a whole. The session will also delve into the challenges of staying abreast of an increasingly complex and rapidly changing technological landscape, as well as the importance of fostering a culture of innovation and collaboration within organizations.

Attendees will have the opportunity to engage with speakers and other participants in a lively discussion of these critical issues, gaining valuable insights into the future role of tech analysts in helping organizations succeed in an era of polycrisis and AI-driven change and disruption.

Event Recording
Passwordless Primer
May 10, 2023

Passwordless authentication counts amongst the hot topics in IAM. In this session, the variants of passwordless authentication will be explained. Phishing resistance, device binding, secure elements, and many of the other technical aspects will be explained, put into context, and rated regarding their relevance for different use cases. The session also will discuss use cases and their specific needs, from simplified access to office solutions to a unified passwordless authentication for the entire IT environment.

Event Recording
Lessons Learned from Projects Using Verifiable Credentials in the Education Industry
May 12, 2023

I will talk about lessons learned from several projects which tried to adopt verifiable credentials as learning credentials in educational institutes such as interoperability with the OpenBadge credentials.

Event Recording
CIAM, Wallets, Decentralized - Where is "Traditional" CIAM Heading?
May 12, 2023
Event Recording
To Rotate or Not to Rotate (Privileged Accounts) - That is the Question
May 11, 2023

Rotating credentials of some privileged accounts is a risky task, which might lead to a business shutdown when things go wrong. But the alternative of not rotating them opens the door for attackers to take hold of your organization - thus leading to a business shutdown as well. This is a lose-lose situation.
So what should we do ? Rotate or not rotate credentials of privileged accounts ?
In this session we will discuss about the challenges and solutions.

Event Recording
Cyber Insurance as a Damage Mitigation Strategy
May 12, 2023

Digital transformation came with a wide range of advantages, but it also opened the door to potential cyberattacks. Every organization faces the risk to be the target of a cybercrime, but the transition to business digitalization leaves a greater room to present vulnerabilities in the system, and if attackers happen to identify them, the attack will occur. The world is changing rapidly, and companies must change with it, and so insurers see their possibility to break into the market. Is it worth to have a cyber-insurance policy? Does it cover all the damages? What is the extent of insurers responsibilities and the company one? Could these cases go to court and under what conditions? 

Event Recording
Tilting at White Towers: Making Your Identity Architecture Actionable
May 10, 2023

As an identity professional, you're constantly studying and reviewing new technologies, new protocols, and new products within the space but you struggle for the best way to extract the value of these new shiny, items to benefit your organization. You've been told that a well-developed identity architecture plan is the best way solve business challenges and produce concrete results but your research and fully-notated diagrams have failed to engage your peers.

Many times this is because the architecture was designed by architects for architects without inout from those who are most impacted by the existing legacy technololgies. Architects tend to be more isolated from the actual business so focus more on things like ArchiMate notation and TOGAF frameworks.

Steve "Hutch" Hutchinson will share his own decades of architecture experience and provide attendees with proven methods to make your architecture artifacts relatable to your front-line business workers, understandable by your technical peers from across cyber/IT, and provide demonstratable value to your organization's senior leadership. These same methods will allow you to shepherd your organization to a modern identity econsystem on a budget and timetable purpose fit for your organization's needs and culture.

Event Recording
Managing Your Enterprise Security Posture to Avoid Web3 and Smart Contract Breaches. Practices & Lessons for Enterprises with Case Studies
May 11, 2023

Web3 is a revolutionary changing aspect of technology in the current era but protecting Web3 will be a challenge considering how smart contracts are challenging. New businesses utilizing blockchain technology are more focused on business while their different assets need eyes, such as the most vulnerable DApps and Web3 services.

Decentralized applications, commonly referred to as dApps, are not controlled by a single point of authority. Instead, they run on a blockchain or a P2P network, making them more complex and riskier than traditional applications.

In this talk, we'll discuss how hackers are utilizing their techniques to attack web3 and smart contracts and what are best practices for enterprises to prepare for the challenge.