Event Recording

Hybrid IAM: Interoperable Verifiable Credentials for Workforce Identity

Show description
Speakers
Matteo Midena
SSI Researcher and Developer
Monokee
Matteo Midena
I’m Matteo Midena, I obtained my bachelor’s degree in September 2022 at Padua University with a degree of 110/110. I’m passionate about Web3, Cryptography and Decentralized Identity indeed I participate in and contribute to open-source projects like Trust over IP Spanning...
View profile
Dr. Mattia Zago
Solutions Architect
Monokee
Dr. Mattia Zago
Mattia Zago holds a PhD in Computer Science from the University of Murcia, Spain, with particular dedication in Machine Learning applications to cybersecurity; he works at Monokee (Rovereto, Italy) as a cybersecurity engineer (official registration code VR-A-4783). Together with solid...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Beyond Zero Trust to Achieve Zero Friction
May 11, 2023

Regulatory bodies, government agencies, and CIOs are mandating Zero Trust as a cyber security framework. What does Zero Trust mean for your security strategy? With a Zero Trust security model, nobody is trusted automatically, even when they’ve cleared the perimeter. Instead, all identities are verified, minimum access is granted based on context, and activities are monitored to make sure controls are working as expected. The Zero Trust model requires multiple security controls throughout an IT environment to protect and manage identities, devices, networks, applications, and data. This session will take you through the reality check of where Zero Trust started, how it has evolved over the years and what does it really mean for your organization today.

Event Recording
The Future role of PAM: Securing any Privileged Workload & Access
May 11, 2023

PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.

On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.

These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.

Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.

In this panel, the state and requirements on the future PAM will be discussed.

Event Recording
Prompt Engineering for Identity Security Professionals | Workshop
May 09, 2023

ChatGPT mainly is what you make out of it. If you are an author it will help you writing. If you are a tech analyst it will help you create a list of critical capabilities for a certain species of software tools. And if you want to hack into a network it will help you writing code that can be used maliciously. 

A prompt guides language models like ChatGPT to create meaningful and useful output. This workshop will teach you the best practices for crafting prompts that result in meaningful and accurate responses. You'll learn how to structure your prompts to elicit specific information, as well as techniques for fine-tuning the model to suit your needs. Whether you're a developer, researcher, or just a curious individual, this workshop is designed to give you the skills you need to unlock the full potential of ChatGPT. Join us and take the first step towards creating truly intelligent conversational systems..

When we asked ChatGPT to create a workshop abstract for Identity Security Professionals, this was the output it provided:

"Prompt Engineering is a powerful tool that can enhance the abilities of identity security professionals to perform their job more effectively. The workshop will equip attendees with the skills they need to engineer AI prompts and leverage AI tools to research, communicate, understand new technologies and threats, understand malicious code, detect or scan for vulnerabilities, generate countermeasures, and summarize their findings and communicate status and results effectively.

Attendees will learn how to use natural language processing techniques and machine learning to improve the efficiency and accuracy of their work, and gain a deeper understanding of the most recent trends and developments in the field of identity security. Additionally, by providing an in-depth examination of the latest methodologies and tools used in prompt engineering, attendees will be well-equipped to stay ahead of emerging threats and secure their organizations' sensitive data."

Event Recording
Opening Session
May 09, 2023
Event Recording
Lessons Learnt Rolling Out a B2B CIAM Program
May 12, 2023

Holcim is the Global leader in innovation and sustainable and building solutions and we are offering different digital solutions to the partners (Customers, suppliers, carriers...) making business with us. The identity among those solutions definitely need to be centralized under a CIAM solution mainly focused in the Business to Business setup in order to improve management, customer experience and compliance with regulations. During this session, it will be shared the main pain points and the lessons learnt after more than one year rolling out a CIAM program.

Event Recording
Policy-Based Access, Just-in-Time IAM, Next-Gen IAM - Getting Rid of Roles and Recertification
May 11, 2023

Access control is a key part of cyber security, however traditional approaches do not work well for modern business IT environments that nowadays typically include a mix of applications on-prem and across multiple cloud environments.

Most modern companies tend to struggle with access management for a variety of reasons. These include the fact that it is difficult to make the necessary connections to the many disparate IT systems for which they need to provision access, role-based access management is challenging, static role-based entitlements are difficult to manage and typically require regular recertification processes, and traditional approaches are focused on granting access to resources required by an individual to perform their job function, but do not cover how those rights are actually used to stop any abuse of entitlements.

In addition, course-grained authorization is no longer sufficient because modern applications and sensitive data assets in cloud-native, containerized and DevOps environments require fine grained authorization capabilities that can also supply identity attributes and context variables.

A policy-based approach can address many of the pain points experienced by organizations today by enabling a centralized, consistent, dynamic, on-demand (just-in-time) way of managing access to IT resources. In this panel session we will discuss nothing less than the future of Access Management.

Event Recording
Market Overview: Privileged Access Management Solutions & the Pamocracy
May 11, 2023

In this session, KuppingerCole´s Paul Fisher will give an overview of the market for Privilege Access Management (PAM) platforms and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing PAM solutions. He will also explain how the new Pamocracy is affecting the market.

Event Recording
The eID Threat Landscape – Stay Ahead of the Fraudsters
May 10, 2023

Cash grab-robberies are out, online fraud is in. When multinational hacker groups target senior and vulnerable citizens as a business model.

Learn how BankID is fighting fraud and helps you stay on top by identifying, preventing and notifying you of fraudulent usage in real time, while preserving top user experience.

The dream of tomorrows digitalized society is already a reality. Sweden is one of the world’s most digital and innovative societies. The fast and secure digital identification provided by BankID is a corner stone in this, to many, futuristic ecosystems. Many shops and stores do not accept cash and the amount of cash is low, something that inflicts digital threat. Studies shows a steep growth curve of digital fraud in several markets. In some places, fraud has surpassed drugs in turnover and profitability and fraud factories are popping up globally. Talented social engineering fraudsters and patterns with efficient crime-as-a service software, modus and tools. Fraud schemes including native and international fraud clusters targeting Swedish bank customers.

Learn more around the Risk and Anti-fraud toolset in the BankID Identity Platform. Digital identity is an area where the need for innovation is extensive. Whatever future eID scenario you discuss, security is always at the core.

Event Recording
Kantara Initiative Meet-Up - The Identity Place To Be
May 09, 2023

This workshop will feature the innovative and strategic initiatives underway at the Kantara Initiative. Where do you fit in and how can you benefit from all that Kantara has to offer? Key takeaways:

  • Kantara leads the way in US certifications for compliance with NIST Digital Identity Guidelines, 800-63. With all the major US identity verification companies entering their assurance program to obtain trust marks against the NIST 800-63 standards, earning IA2, AAL2, and FAL2 certifications. Learn how to become part of this elite group of service providers.
  • Version 4 of NIST 800-63 is out and Kantara is defining the requirements in the Identity Assurance Framework. Learn about future updates that will enable you to participate in real-world innovation that allows service providers and relying parties to gain meaningful return on their investment on the cutting edge of digital identity founded on standards.
  • Get the latest reports, white papers, and releases from the Kantara Work Groups, some of which will also be featured during the conference, including the Identity Assurance Work Group (IAWG), Privacy Enhancing Mobile Credentials WG (PEMC), Advanced Notice & Consent Receipt WG (ANCR), User Managed Access (UMA) WG, and Resilient Identifiers for Underserved Populations (RIUP) WG.
  • Equity and inclusion is a key priority for Kantara, learn about recent efforts and ways to use DEIA strategies to raise your bottom line and increase your return on investment by building DEIA into your business case.
Event Recording
Current Work and Future Trends in Selective Disclosure
May 11, 2023

There’s a lot of foundational work happening in the space of Selective Disclosure (SD) right now. Selective Disclosure enables you to have a token with many claims (say, an ISO Mobile Drivers’ License (mDL)), and only release the claims necessary to the interaction – for instance, your birthdate but not your home address.  Selective Disclosure enables Minimal Disclosure.  This is sometimes realized using Zero Knowledge Proofs (ZKPs) but that’s not always necessary.

In decentralized identity ecosystems, users hold their own credentials to share them with others when needed. One key requirement for these credentials is selective disclosure: instead of sharing the entire credential, users should be able to share only the minimal amount of information necessary for a given use case. This is where SD-JWT comes in.
SD-JWT (Selective Disclosure JWT) is a new format for enabling selective disclosure in JWTs. It is based on the JOSE family of standards for signing and encryption, making it easy to understand and implement.
Developed by the IETF OAuth Working Group, SD-JWT is not limited to verifiable credentials, but can be used universally to provide selective disclosure for any JWT.

Due to its simplicity, SD-JWT has quickly gained traction, with several implementations already available and ongoing adoption as an important building block in both commercial and public projects. In this talk, we will introduce the concepts behind SD-JWT and provide a detailed overview of its capabilities and benefits. We will also discuss the current state of SD-JWT adoption and future directions for its development.

Some of the current work pertinent to Selective Disclosure is:

Event Recording
Market Overview: Secure Access Service Edge (SASE)
May 11, 2023

The term secure access service edge (SASE) has become popular in recent months and has been adopted by numerous vendors. SASE stands for a concept that integrates a range of cloud-native security services including cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), with wide-area network (WAN) capabilities for delivering both directly to any edge computing location. In this session, KuppingerCole´s John Tolbert will give an overview of the market for SASE solutions and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing SASE solutions.

Event Recording
Celebrating a Digital Age to Advance Digital Stages of Necessity
May 11, 2023

Samuel Devasahayam will discuss the past decade of identity sights through Microsoft’s lens, demonstrating that security in a digital age remains valuable, and detailing what these insights imply for the next decade to continue building customer trust and resilient infrastructures.