Event Recording

Modern Authorization Panel - Going Beyond RBAC

Show description
Speakers
Gert Drapers
Co-founder & CTO
Aserto
Gert Drapers
Gert Drapers is the co-founder and CTO of Aserto.com , leading technology implementation and strategy. A widely recognized expert in the data and developer space, Gert has built and operated various services like Xbox Live, SQL Server Azure, and the Azure identity service during his 24yr tenure...
View profile
Anders Eknert
Developer Advocate
Styra
Anders Eknert
Anders Eknert has a long background in software development and security. Previously in his career, Anders focused primarily on identity systems. He has spent more recent years in the emerging domain of policy-as-code where his interests include the organizational and people aspects of the space...
View profile
Sebastien Faivre
Co-Founder and CTO
Brainwave GRC
Sebastien Faivre
Sebastien is Chief Technical Officer and co-founder at Brainwave GRC, responsible for product vision, features and design. Sebastien is a seasoned Product Management expert with more than 20 years of expertise. In the course of his professional experience he has designed and launched several...
View profile
Benoit Grangé
Chief Technology and Product Officer
Omada
Benoit Grangé
Benoit brings over 25 years of experience in leading teams to build world-class products and services focused on delivering an exceptional customer experience and security. Benoit is a technology expert with deep expertise in the design, development and operation of cloud and software Identity...
View profile
Michael Lind Mortensen
Manager, Security & Compliance
Bankdata
Michael Lind Mortensen
Michael is a leader in one of Denmark's biggest banking consortiums, Bankdata, managing zero-trust decentralized authorization for 8 member banks and 2000+ APIs. Michael has also been a board member in the Danish Council for Digital Security for the past 6 years, advicing politicians and private...
View profile
Atul Tulshibagwale
CTO
SGNL
Atul Tulshibagwale
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation, which he co-chairs. Prior to joining SGNL, he was a technical leader at Google where he focused on...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
eIDAS 2.0 and EUDI Wallet - State of Play
May 12, 2023

While eIDAS 2.0 is still under legislative process, closing to the end, the European Commission prepares the framework for the EUDI Wallet reference implementation, and standardization bodies are working on developing new technical standards.
There is a real need for updated information on all efforts around eIDAS 2.0, as the implementing deadlines are very tight.
The session will shed light on latest developments and impact on the market.

Event Recording
The Decentralized Identity Journey has Begun in Financial Services
May 11, 2023

Learn how Raiffeisen Bank International heads toward decentralized identity to empower their customers across Europe and set the gold standard for privacy protection.

The increased mobility of users and their demand for personalized, unified omnichannel access experiences has stretched federated IAM beyond its limits. Meanwhile, the need for organizations to collaborate more to compete, and build communities of trust and value for those same users affordably and securely, cannot be met by existing federated IAM solutions. Learn how Raiffeisen Bank International (RBI) will embrace the new paradigm of decentralized identity to improve existing experiences and create the opportunity for new, valuable user experiences and increased levels of engagement and collaboration withbusiness partners across multiple jurisdictions, without the need to replace their infrastructure. Simultaneously, understand why starting their journey now, enables RBI to future-proof their ecosystem to rapidly support the EU Digital Wallet and official digital credentials that will become available. Get a glimpse into the solution architecture being deployed at RBI and an understanding of the benefits and how they can be communicated to executive leadership and business partners. Yes, decentralized identity may be great for web3 someday; however, learn from RBI how it can also solve today’sproblems in a practical way and work in harmony with existing IAM systems enhancing existing federationplatforms.

Event Recording
State and Future of Digital Identity – Results from a KuppingerCole Study
May 10, 2023

KuppingerCole conducted a series of polls over the past months, gathering data about the state and future of IAM. Together with the ongoing market sizing analysis and predictions of the KuppingerCole analysts, we’ve created a study providing insight into our assessment of the current state of the IAM market as well as where we see the market evolving. Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, and Marina Iantorno, Analyst at KuppingerCole Analysts, will present selected results from that study and share their perspectives on the evolution of the IAM market.

Event Recording
The Killer Credential - Spotting Verifiable Credentials That are Absolute Must-Haves for Every Party in an Ecosystem
May 10, 2023
Event Recording
EU Wallet – eIDAS 2.0: The New European Identity Framework is a Gamechanger
May 10, 2023

The existing eIDAS governance framework for digital identity is fragmented for different regulated markets in different EU countries. Today identity provider solutions for finance, healthcare and other regulated markets follow central approaches for the management of identities and consent in high secure data center environments and using legacy standards (e.g. OIDC, central public key infrastructure).

eIDAS 2.0 creates a EU wide identity ecosystem with adapted new standards, new stakeholders and a focus on using mobile devices. The existing roadmap allows to anticipate three to five years (or more) transition. For banking, insurance, healthcare or the public sector it is time to adopt these standards in their digital transformation strategy.

Based on the Gematik requirements for a federated identity provider with central OIDC compliant resource and authorization server Comuny shifted relevant identity provider functions (data storage + token generation) on the mobile device.

The speakers will describe challenges and solutions for this regulated market. They also discuss the chance to combine existing central OIDC flows with mobile decentral, wallet based principles as a bridge into the new eIDAS 2.0 governance framework. The audience will get a clear understanding about requirements, opportunities and practice details to create the transition into eIDAS 2.0 identity ecosystem.

Event Recording
Why the Cyber Security Managed Service Market Needs a Twist?
May 10, 2023

The Cyber Security Market has developed quite significantly within the last decade. The scarcity of expertise in the market, the increased number of attacks, the lack of leverage of product implementation ROI are a number of topics we will shortly address in this session. Why it is going to be key that companies should consider an outcome-based managed services going forward.

Event Recording
FIDO2: The Train is Leaving the Station
May 11, 2023

The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords, simpler for consumers to use, and easier for service providers to deploy and manage. While initially focused on the consumer space FIDO2 holds advantages for the enterprise willing to break the mould on legacy authentication models.

This session will look at the components of a FIDO2 environment and investigate the options for FIDO deployments. A view of the possible future of FIDO will be discussed.

Event Recording
Cloud-Powered Technologies and Strategies for Secured DevOps Environments
May 10, 2023

As organizations shift to agile development methodologies and the use of cloud-based platforms, they have the opportunity to leverage the cloud to improve their security practices. By adopting a DevSecOps approach, organizations can integrate security into the development lifecycle and take advantage of the scalability, flexibility, and automation capabilities of the cloud.

In this session, We will explore the benefits of leveraging the cloud for security in DevOps, and discuss the key principles of DevSecOps architecture, including collaboration, automation, and continuous integration and delivery. We will also examine the role of security tools and technologies, such as static code analysis, dynamic testing, and vulnerability management, in the DevSecOps process, and discuss how these tools can be effectively deployed in a cloud environment.

In addition, I will provide practical guidance and strategies on how organizations can implement the latest DevSecOps strategies in their cloud environments. This will include a discussion of best practices for integrating security into the development process, such as setting up security gates, implementing security testing early in the development process, and automating security checks.

Overall, this session will highlight the benefits of leveraging the cloud for improved security in DevOps, and provide practical guidance with the latest cloud technologies on how to implement DevSecOps effectively in a cloud environment.

Event Recording
Identity Security Implementation and Deployment in KONE
May 11, 2023

In this talk, Krishna Balan Kannappan will describe Kone´s path to a holistic and integrated Identity Security infrastructure.

  • IDM Deployment in KONE includes Lifecycle management of KONE Internal Users and non person accounts. Automated Processes in IDM ensures that minimum accesses required for Internal Users are granted automatically based on User Attributes and all accesses are removed automatically when user leaves the organization. Non Person accounts are hardened automatically based on the usage.
  • Applications authorization is managed by IDM using various provisioning mechanisms.
  • Applications authentication is controlled by Azure AD, MFA enabled is mandated for all applications and end users.
  • Admin Accounts used for Accessing KONE Infrastructure and Workstations are managed in IDM(Microsoft recommended Tier based model is used).
  • Self Service allows Role Owners and Account Owners to Create Access Reviews, Manage Passwords, Manage Access.
  • KONE SOC team uses IDM for performing emergency actions to disable/enable/reset Password of AD Accounts.

Privilege Access Management:

  • KONE uses PRIVX as the PAM Solution for allowing access to Infrastructure. PAM is integrated with IDM for authorizations. PAM Solution ensures KONE Infratructure cannot be accessed outside PAM by access controls and continuous monitoring.
  • PAM Uses Separate MFA for added Security.
  • Automations are implemented to onboard/offboard Application servers into PAM

DevSecops model is used for Development, automated deployments, Security Scans and automated Testing.

Event Recording
Current Work and Future Trends in Selective Disclosure
May 11, 2023

There’s a lot of foundational work happening in the space of Selective Disclosure (SD) right now. Selective Disclosure enables you to have a token with many claims (say, an ISO Mobile Drivers’ License (mDL)), and only release the claims necessary to the interaction – for instance, your birthdate but not your home address.  Selective Disclosure enables Minimal Disclosure.  This is sometimes realized using Zero Knowledge Proofs (ZKPs) but that’s not always necessary.

In decentralized identity ecosystems, users hold their own credentials to share them with others when needed. One key requirement for these credentials is selective disclosure: instead of sharing the entire credential, users should be able to share only the minimal amount of information necessary for a given use case. This is where SD-JWT comes in.
SD-JWT (Selective Disclosure JWT) is a new format for enabling selective disclosure in JWTs. It is based on the JOSE family of standards for signing and encryption, making it easy to understand and implement.
Developed by the IETF OAuth Working Group, SD-JWT is not limited to verifiable credentials, but can be used universally to provide selective disclosure for any JWT.

Due to its simplicity, SD-JWT has quickly gained traction, with several implementations already available and ongoing adoption as an important building block in both commercial and public projects. In this talk, we will introduce the concepts behind SD-JWT and provide a detailed overview of its capabilities and benefits. We will also discuss the current state of SD-JWT adoption and future directions for its development.

Some of the current work pertinent to Selective Disclosure is:

Event Recording
European Identity & Cloud Awards Ceremony
May 10, 2023
Event Recording
Verifiable Credentials and Dynamic NFTs – Two Sides of the Same Medal
May 10, 2023

NFTicket is a protocol, which combines the identification power of cryptographic wallets with those of Decentralized Identifiers (DID). We will present that there is functional equivalence of Verifiable Credentials (anchored by a DID) and Non-fungible Tokens (NFTs, anchored by a wallet).

More that showing, we will be introducing a protocol which implements this, so that verified DIDs can issue “business facts”, such as: vouchers, tickets, membership passes, cerificates of ownership – in short anything which can be expressed by Verifiable Credentials.
NFTicket does a bidirectional translation of this VC to an enhanced ERC721 NFT, such that the DID of the holder and the owner wallet of the NFT correspond 1:1 are linked through did:ethr.

We will demonstrate the application of this protocol based on a pilot we have implemented for NRverse.io. The Verifiable Credential in this case being Renewable Energy Certificates which are used to decarbonize events with a measurable carbon footprint.