Event Recording

Modern Authorization: The Next IAM Frontier

Show description
Speaker
Omri Gazitt
CEO
Aserto
Omri Gazitt
Omri is the co-founder/CEO of Aserto.com, an authorization startup, and his third entrepreneurial venture. He's spent the majority of his 30-year career working on developer and infrastructure technology, most recently as the CPO of Puppet. Previously he was the VP and GM of HP's Cloud Native...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Cyber Insurance Claims & Denials
May 12, 2023
Event Recording
A 4 Year Journey Towards a Smooth and Strong e-Signing Solution in a Multi-National Insurance Company
May 10, 2023

A journey of the multi-national insurance company to find and introduce a smooth corporate e-signing solution, both legally and technically well-justified. A story of considering and aligning different dimensions to find a tiny path between legal trust and protection, technical constraints, smooth user experience, global EU Regulation (eIDAS) and country-specific local habits.

It was a huge puzzle to identify and solve all the critical actual and future needs of the different business use cases for e-signing across the company to come up with a singe corporate solution and move gradually away from the very fragmented and mainly technically driven landscape of signing solutions.

Traditionally those have been introduced as the ad-hoc remedy to some local needs in isolation from other initiatives and without proper validation of both short and long term legal impact to the company.

Event Recording
From A (ACLs) to Z (Zanzibar): Standardizing Access Policies with IDQL/Hexa
May 10, 2023

The adoption of multiple clouds is accelerating across all industries. While multi-cloud brings many benefits, it also results in new challenges. Organizations must manage platform-specific access policies in the bespoke policy syntax of each cloud.
Security and risk gaps arise between cloud identity systems due to the increased policy fragmentation and technical complexity that can obscure visibility and make it difficult to determine who has access to what.
These challenges grow exponentially when you consider the various access policies (and system languages) associated with each data, network, and platform layer (and vendor) in an organization’s tech stack.
This session will describe an open-source solution to multi-cloud access policy fragmentation: Identity Query Language (IDQL) and Hexa Orchestration. IDQL and Hexa are two sides of the same coin that together perform policy orchestration across incompatible cloud platforms.
IDQL is the universal declarative policy language that can be translated into a target system's proprietary or bespoke access policy format. Hexa is the open-source reference software that brings IDQL to life and makes it operational in the real world by connecting to target systems and performing the three main functions of discovery, translation, and orchestration.
Hexa Policy Orchestration was recently accepted as a Cloud Native Computing Foundation (CNCF) sandbox project. The session will include a technical review of Hexa plus a demonstration of current capabilities.

Event Recording
Biometrics for Identity Assurance
May 10, 2023

In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have. 

Join iProov to hear how biometrics can improve security for both digital and physical access.  Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.

Event Recording
How Deepfakes Are Changing the Landscape of Identity Fraud and How Can We Prevent the Risks
May 11, 2023

Explore the latest developments in deepfake technology and its impact on identity fraud. With deepfakes becoming increasingly realistic and widespread, it is essential for businesses and organisations to understand the risks they pose and take action to mitigate them. Attendees will gain a comprehensive understanding of the risks posed by deepfakes to the identity verification industry and how to protect their organisations from them effectively. The session will feature expert insights and real-world examples of how businesses and organisations can implement deepfake detection technology and other measures to prevent identity fraud.

Event Recording
Rethinking Educational Accreditation and Onboarding with Decentralized Identity
May 10, 2023

Skills not degrees are what matters in today's job market. Using SSI and OpenBadges standards, people can gain micro-certificates based on skills acquired during their studies, work, or volunteering. We will discuss what it takes for educational institutions and employers to adopt a privacy-friendly, frictionless, and more secure onboarding process for students and employees based on this technology. We will explore the new paradigm for IDaaS, an eIDAS 2.0 compliant process, and how we enable Life Long Learning. 

Event Recording
Defining the Protocol for Internet-Scale Digital Trust
May 10, 2023

The Trust Over IP Foundation (ToIP) is focused on the centerpiece of the ToIP stack: the trust spanning protocol that will do for identity interchange what the Internet Protocol did for data interchange. This panel will explore how this will enable ubiquitous, trusted, interoperable identity exchange.

The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems based on digital wallets and digital credentials. ToIP was founded by a pan-industry group of leading organizations with a mission to provide a robust, common set of standards forming a complete architecture for internet-scale digital trust. The ToIP Technical Architecture Specification V1 was completed earlier this year. Now ToIP is focusing on the keystone to ubiquitous identity, the ToIP Trust Spanning Protocol. This protocol will do for identity interchange what the Internet protocol did for data interchange.

This interactive panel, moderated by ToIP’s Executive Director, will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age. Come to this panel to understand the why, how, and when of this new protocol.

Event Recording
Modern Authorization Panel - Going Beyond RBAC
May 10, 2023

Every cloud-native application needs some form of access control. Most applications provide role-based access control (RBAC), which has limitations when it comes to enterprise scale and fine-grained access control. 
Zero trust architectures require us to go further. Following the principle of least privilege, modern cloud apps can implement just in time authorization with fine-grained controls. With a fine-grained model, access rules can be defined on the application’s resources, often down to individual items. And a just-in-time model helps ensure the user has access to what they need, when they need it.

Two ecosystems are emerging around modern authorization: Policy-as-code and policy-as-data. Open Policy Agent (OPA) brings a policy-as-code approach to fine-grained authorization, and Google’s Zanzibar is the most known representative of the policy-as-data camp.
Join the panelists to discuss new developments in modern authorization, and compare the strengths and weaknesses of policy-as-code and policy-as-data as foundational models for a robust access control system.

Event Recording
Trends in Passwordless Authentication for CIAM
May 11, 2023

Passwordless helps in reducing ATO fraud, provides better security, and smoother experience. But the passwordless approach for each organization and region is fundamentally different, in large part because the journeys or flows that your customers will take are unique. In this session Huzefa Olia will talk about the various options that an organization can introduce for Passwordless access for their customers. 

Event Recording
Interworking of Verifiable Credential Products
May 10, 2023

The EU funded Next Generation Internet (NGI) Atlantic project "Next Generation SSI Standards" and the Walmart funded Jobs for the Future (JFF) Plugfest, both have the same aim of fostering wide scale adoption of Verifiable Credentials. They are doing this by funding global interworking of Verifiable Credentials products from many different suppliers located in Europe, the USA and Asia. The NGI Atlantic project is committed to using the OpenID for Verifiable Credentials (OIDC4VCs) draft standard specifications, whilst JFF is allowing the 30+ participants to decide amongst themselves which protocols to use. Three protocol suites have been chosen: OIDC4VCs, VC-API with CHAPI, and DIDComm.

This presentation will provide an overview of the two projects, will provide an overview of the 3 protocol suites that have been chosen, and will present the results of the interworking trials.

The NGI Atlantic project will finish in December 2022, and besides interworking trials, will deliver an open source test suite that suppliers can use to test their implementations for conformance to the OIDC4VCs protocol suit for both credential issuing and verification. Some tests are being added to the W3C CCG Traceability test suite (written in POSTMAN) and some are being added to the Open ID Foundation's existing OpenID Connect conformance test suite (written in Java).

The JFF Plugfest will finish in 1Q2023. In November 2022 each VC Issuing software supplier must demonstrate the issuing of a verifiable credential to the wallets of at least two different wallet software providers, whilst each wallet software provider must obtain a verifiable credential from at least two other VC Issuing software providers. In February 2023 VC wallets must demonstrate the presentation of a Verifiable Presentation/Verifiable Credential to at least two different verification software suppliers, and each verifier must demonstrate that it is capable of accepting a VP/VC from at least two different wallets.

The success of these projects should catapult the acceptance of inter-workable verifiable credential products to the market.

Event Recording
Ceremonies
May 09, 2023

The act of identifying oneself to a website or service is a ceremony so common that we don’t often pay attention to it. The muscle memory we have built up over years of performing this ceremony over and over, day after day, obscures both potential changes to this not-always-so-simple act and ways we could make these ceremonies easier and more effective. 

In this talk, Ian Glazer, will:

  • Give an overview of the many kinds of user-facing ceremonies 
  • How these ceremonies are changing
  • How they could change even more and the implications for end-users
Event Recording
SAP Transformation and IGA
May 10, 2023

Various large organizations typically have invested heavily in SAP as well as IGA. There comes a point where the two systems start overlapping functionalities. This session will provide a viewpoint on an integrated IGA approach based on organization needs.