Event Recording

How to Build Interoperable Decentralized Identity Systems with OpenID for Verifiable Credentials

Show description
Speakers
Dr. Torsten Lodderstedt
Managing Director
yes IDP GmbH
Dr. Torsten Lodderstedt
Dr.-Ing. Torsten Lodderstedt is managing director at yes with more than 15 years experience in running large scale consumer identity services. In his previous positions, he helped organisations in public, banking, railway communication, and telecommunication domains to implement...
View profile
Kristina Yasuda
Identity Standards Architect
Microsoft
Kristina Yasuda
Kristina is an Identity Standards Architect at Microsoft, known for her work on standards in decentralized identity ecosystem: as an editor of OpenID for Verifiable Credentials specifications in OIDF, Selective Disclosure for JWTs draft in IETF, JWT-VC Presentation Profile in DIF; as a chair of...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Solving a Logistical Nightmare: Imagining a Decentralized Identity Future at DB Schenker
May 10, 2023

IAM is hard enough without the additional complexities that logistics companies face. Warehouses need to be secure, but it’s difficult to find an identity solution that’s suitable for short-term staff who don’t have or can’t use computers, mobile devices, or biometrics in their work environment. Until recently Decentralized Identity has been stuff of dreams, but that is rapidly changing and the lines between identity and authentication blurring even more. In this session, we’ll explore how a future powered by Decentralized Identity is offering logistics giant DB Schenker a path to stronger security while maintaining productivity in its warehouses—providing a fast, flexible and interoperable way for workers to verify their identity.

Event Recording
Trust Inspiring CIAM – Essentials for a Secure, Experience-Driven Digital Business
May 12, 2023

Confusing Customer Identity Management (CIAM) with traditional Enterprise IAM comes at a high price: Applying internal regulatory compliance requirements and heavy security challenges to customer-focused interactions could easily limit user experience in a way that it measurably affects your digital business success, with dropped or interrupted transactions. Building Identity & Access around your customers' needs requires a profoundly different approach, which is on the one hand a trust-driven interaction experience with your brand, and on the other hand, complies with KYC and Cybersecurity requirements. In this session, we will give you an overview on the current state of CIAM and future developments you should include in your considerations before deciding on how to move forward.

Event Recording
Policy-Driven IGA – Why This Approach Produces Better Outcomes
May 10, 2023

IGA activities in organizations have largely been around defining access policies manually, configuring access request workflows and scheduling periodic access reviews.  Such activities require significant administration as well as continuous involvement by stakeholders.  There are also delays that come with this model that could potentially cause security risk and non-compliance in the organization.  An approach that is more intuitive is to discover policies, review them and apply access changes based on policies. This results in fewer IGA administrative and end-user activities for the organization while ensuring that both excess access and under access are addressed in a timely manner.

Event Recording
Touchstones Along My Identity Journey
May 11, 2023

In 2005, Kim Cameron excitedly told me about digital identity and set my life on a course to “Build the Internet’s missing identity layer”.  In this talk I’ll tell key stories from my identity journey – stories of the people, ideas, and lessons learned along the way.  I’ll speak of technology and collaboration, usability and business models, solving problems people actually have, and building new ecosystems.  Come with me on this journey of exploration, trials, triumphs, and humor as I recount touchstones of the human endeavor that is digital identity.

Event Recording
Going Native... with Mobile App Authentication
May 10, 2023

Today, industry best practice requires that the user experience for authentication and authorization require the user to use some form of browser to interact with the Authorization Server. From a product perspective, this creates a disjointed user experience and while there are good reasons for requiring the use of a browser component this is a very common discussion between product and security when designing a mobile app. This talk will propose an industry standard way to allow for native user experiences while covering the pros, cons and implications of doing so.

Event Recording
Why Many MFA Programs Fail Strong Authentication Cyber Insurance Criteria - And What to do About It.
May 12, 2023

Like many businesses, you started the MFA journey and might even consider it at a level of maturity. Yet, when questioned to rate compliance coverage or cyber insurance requirements for strong authentication business-wide, do you have a moment?

Workforce identity workflows are complicated, with an extensive portfolio of assets and legacy applications that create gaps in strong authentication coverage. However, organizations need to trust nothing and no one - and have to prove strong authentication is in place to regulators and cyber insurance underwriters.

In this session we will explore ways to strengthen your authentication system and fill coverage gaps:

  • Understand how MFA program can overcome strong authentication challenges from legacy applications and privileged users
  • Get tactics and strategy recommendations that accelerate your journey to Full Passwordless
  • Learn from our real-world experiences in meeting MFA challenges head-on
Event Recording
FIDO for the Enterprise - Challenges & Rewards
May 11, 2023
Event Recording
From A (ACLs) to Z (Zanzibar): Standardizing Access Policies with IDQL/Hexa
May 10, 2023

The adoption of multiple clouds is accelerating across all industries. While multi-cloud brings many benefits, it also results in new challenges. Organizations must manage platform-specific access policies in the bespoke policy syntax of each cloud.
Security and risk gaps arise between cloud identity systems due to the increased policy fragmentation and technical complexity that can obscure visibility and make it difficult to determine who has access to what.
These challenges grow exponentially when you consider the various access policies (and system languages) associated with each data, network, and platform layer (and vendor) in an organization’s tech stack.
This session will describe an open-source solution to multi-cloud access policy fragmentation: Identity Query Language (IDQL) and Hexa Orchestration. IDQL and Hexa are two sides of the same coin that together perform policy orchestration across incompatible cloud platforms.
IDQL is the universal declarative policy language that can be translated into a target system's proprietary or bespoke access policy format. Hexa is the open-source reference software that brings IDQL to life and makes it operational in the real world by connecting to target systems and performing the three main functions of discovery, translation, and orchestration.
Hexa Policy Orchestration was recently accepted as a Cloud Native Computing Foundation (CNCF) sandbox project. The session will include a technical review of Hexa plus a demonstration of current capabilities.

Event Recording
Rethinking Cloud Access Management
May 11, 2023

We must secure our organization’s processes regardless of what tech they run on. Originally, security leaders had leverage. We controlled the horizontal. We controlled the vertical. And if people wanted to work, they needed to follow our rules to access corporate apps and services. But then came Cloud apps, and BYOD, and consumerization, pushing security beyond our outer limits. Security happens where psychology and technology intersect. The everyday decisions of employees increase or decrease an organization’s risk.

Employees don’t need us. And by employee, I mean more than end-users. This is a broader conversation; including software developers, IT engineers, DevOps practitioners, and more. To get people to opt in and follow secure practices, we turn to behavior science. IT security leaders must offer them a compelling experience. In this panel we will discuss how to carefully balance the need for security, compliance, and efficient resource management to ensure that your cloud environment is both secure and effective.

Event Recording
Validating the Security of Mobile Authentication Apps
May 10, 2023

You are shifting through RFIs for a new mobile app based multi-factor authentication solution for your company. The vendors claim that their products are 100% secure and we all know that there's no such thing as a 100% secure solution, but it's marketing and you know how marketing sometimes goes overboard. How do you determine if the solution is actually fit for your appetite for risk? Can you be sure development time dev credentials have been cleaned up? Is the rooting detection any good? Does the app store plaintext credentials? Is it vulnerable or can someone build a scalable attack against the product you are about to acquire to protect your crown jewels? Let's take a look at different options out there and talk a little bit about what you can request from the vendors.

Event Recording
Opening Session
May 09, 2023
Event Recording
Market Overview CIAM: Customer Identity & Access Management
May 12, 2023

This session provides an overview of the CIAM solution market and provides you with a compass to help finding the solution that best meets your needs. In a recent Leadership Compass, KuppingerCole´s Senior Analyst John Tolbert examined the CIAM market segment, product/service functionality, relative market share, and innovative approaches to providing SOAR solutions.