Event Recording

Opening Session

Speakers
Dr. Scott David, LL.M.
Executive Director - Information Risk and Synthetic Intelligence Research...
University of Washington - APL
Dr. Scott David, LL.M.
Scott David, J.D., LL.M., is the Executive Director - Information Risk and Synthetic Intelligence Research Initiative (IRSIRI) at the University of Washington Applied Physics Laboratory and was formerly the Executive Director of the Law, Technology and Arts Group at UW School of Law. Scott...
View profile
Daniel Goldscheider
Founder and ED
OpenWallet Foundation
Daniel Goldscheider
Daniel is Founder and ED of OpenWallet Foundation, a consortium of companies and non-profit organisations collaborating to drive global adoption of open, secure and interoperable digital wallet solutions as well as providing access to expertise and advice through our Government...
View profile
Berthold Kerl
CEO
KuppingerCole
Berthold Kerl
Berthold Kerl, born 1960, studied economics at the University of Nürnberg and performs as CEO of KuppingerCole since 1 st July 2020. Before that he had been with Deutsche Bank AG for 17 years. As CIO he was working on major IT Transformation, IT Strategy, Change Management and Governance...
View profile
Martin Kuppinger
Principal Analyst
KuppingerCole
Martin Kuppinger
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to KuppingerCole, Martin wrote more than 50 IT-related books and is known  as a widely-read columnist...
View profile
Drs. Jacoba C. Sieders
Consultant, Strategic Digital Identity
Independent
Drs. Jacoba C. Sieders
Jacoba is a digital identity expert, eager to make digital life better and a lot more secure than it is today. Keynote speaker at international IAM congresses and teacher of masterclasses.  After twenty years in leading Identity positions at four multinational banks, Jacoba now focuses...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Pros & Cons of Anonymity and ZKP - Do we Know Them?
May 12, 2023

Within the digital identity wallet-movement (and especially SSI), there is a lot of focus on proving something about yourself, without revealing anything else, also known as ZKP (Zero-Knowledge Proof). It is important to realize that if we build this into the future identity systems, we will also grant any criminal the right to full anonymity.
While there are some marginal use cases (buying beer and adult materials) where we might want this, using ZKP also excludes accountability, unless there is a way to reveal the identity behind the proof. This would then be pseudonymity, and the challenge here, is who is authorized to reveal this, and how to prevent mis-use.

Event Recording
CIAM-as-a-Service for 50 Million Customers at OLX Group Europe
May 12, 2023

Still developing CIAM in-house? Discover the realities of serving 50 million customers using Hosted Customer Identity and Access Management (CIAM) as a service (SaaS) from a vendor.

Customer Identity and Access Management is one of the most critical platform components. How big of a risk would it be for the large enterprise to delegate it to the vendor solution? And how much risk would it be to not do it?

In 2019 our Eastern Europe business was struggling with Accounts Takeovers where botnets of 1 million IPs total size were involved in massive credential stuffing attacks. And we decided to replace all our legacy auth with a vendor solution.

In this session we will go through the key moments of such transition and the key learnings from the past 4 years. We won’t miss the aspect of value proposition, customer experience, real cost and return on such an investment.

Event Recording
Moving on from legacy MFA: Phishing-resistant MFA as a prerequisite for Passwordless
May 10, 2023

As long as passwords exist, enterprises are vulnerable to account takeover attacks –yet organizations looking to eliminate passwords may not know where to begin their passwordless journey. While passwordless authentication methods—especially those based on FIDO2—are widely available, they are not yet universally supported nor adopted. This lack of a universal approach can cause confusion and complacency—or both. Attend this session to learn why (and how) organizations should move away from passwords and legacy MFA to advance to and adopt a secure passwordless strategy centered on phishing-resistant MFA in 2023

Event Recording
Trends in Passwordless Authentication for CIAM
May 11, 2023

Passwordless helps in reducing ATO fraud, provides better security, and smoother experience. But the passwordless approach for each organization and region is fundamentally different, in large part because the journeys or flows that your customers will take are unique. In this session Huzefa Olia will talk about the various options that an organization can introduce for Passwordless access for their customers. 

Event Recording
The Ubiquitous Credential - Government-issued Identity in Your Phone
May 11, 2023

This decade may well be labeled “the decade of the digital credential.” From COVID passports to mobile driver’s licenses, digitized credentials transforming to “born digital” credentials, and governments and large tech companies developing their own wallets, personal information has never been easier to share with the wave of a device. The convenience is amazing, and the privacy implications are terrifying.

Even scoping the issue down to government-issued credentials or credentials directly derived from government data, there are a variety of requirements feeding into this growing ecosystem:

  • user control of data
  • data minimization
  • relying party accountability
  • extensibility to other domains
  • optional audit log of transactions and ability to assert rights (CCPA, GDPR)
  • minimization of fraud

In this session, Heather Flanagan and Mike Kiser will discuss the outcomes of the recently released white paper on government-issued credentials and the privacy landscape (publication date expected in April 2023). The issues at hand are not solely about policy, nor are they only about technology. It is about closing the policy and protocol gaps that exist between today’s disparate solutions and services and providing a vision of a privacy-preserving, globally viable privacy landscape.

Event Recording
Beyond Zero Trust to Achieve Zero Friction
May 11, 2023

Regulatory bodies, government agencies, and CIOs are mandating Zero Trust as a cyber security framework. What does Zero Trust mean for your security strategy? With a Zero Trust security model, nobody is trusted automatically, even when they’ve cleared the perimeter. Instead, all identities are verified, minimum access is granted based on context, and activities are monitored to make sure controls are working as expected. The Zero Trust model requires multiple security controls throughout an IT environment to protect and manage identities, devices, networks, applications, and data. This session will take you through the reality check of where Zero Trust started, how it has evolved over the years and what does it really mean for your organization today.

Event Recording
Cloud Signatures for the New eIDAS Wallet Ecosystem
May 11, 2023

To enhance interoperability between digital identity schemes and digital trust services across borders, the eIDAS regulation provides a legal framework for electronic signatures in the EU, defining how to use them to ensure their validity across Europe. eIDAS2 now includes plans for the creation of a European Digital Identity Wallet (EUDIW). Cloud signatures are expected to play a vital role across this new ecosystem by enabling natural and legal persons to electronically sign and seal documents and transactions with high-assurance remote digital signing certificates. Cloud signatures based on the Cloud Signature Consortium (CSC) Standard can help achieve cross-border interoperability via specifications and certification for the usage of Remote Electronic Signatures and Seals in this new pan-European digital identity ecosystem.

Join us to learn about the new CSC Standard general architectural framework in specific eIDAS context (Kim Nguyen, CSC Board Member, D-Trust) and for a technical deep-dive into the recently launched CSC Standard version 2.0 (Luigi Rizzo, Chair of the CSC Technical Committee, InfoCert).

Event Recording
Trust No One, Always Verify
May 11, 2023

Cybercriminals no longer “hack” in – they simply log in. Once inside, they hunt for privileged accounts. A vast majority of breaches today are due to the abuse of stolen privileged accounts. Privileged accounts are very powerful but at times, anonymous and shared. Learn how to take control of Privileged Access to ensure that your most valuable asset - your data - is protected.

Event Recording
Security Offered as Components Empowering Enterprises to Gain Control
May 10, 2023

You often think service providers should build identity and API security infrastructure by themselves to have full control and flexibility so that it can fit into their business and technology stack. But it tends to be time consuming and costly due to lack of expertise to do so. Buying a heavy-weight solution is another considerable option, but it reluctantly leads dependency on the particular vendor of the solution, which may have redundant features and may not accommodate to customize in a cost-effective and timely manner. In this session, we will discuss a third option to “buy and build” that can combine the best of both worlds and give you control by building from scratch, as well as minimize the time and resource by leveraging “Identity Components as a Service.”

Event Recording
Machine Learning in IAM & IGA
May 11, 2023

This presentation will provide an overview of the terminology and basics of AI and ML in the context of Identity and Access Management (IAM) and Identity Governance and Administration (IGA). It will explore a number of current use cases for leveraging ML in IAM, demonstrating the benefits of automation and enhanced security that ML can bring to identity management. The presentation will conclude with strategic considerations for using ML in IAM, highlighting the importance of considering business value, available data, and existing technologies when implementing ML-based solutions for identity management.

Event Recording
Ceremonies
May 09, 2023

The act of identifying oneself to a website or service is a ceremony so common that we don’t often pay attention to it. The muscle memory we have built up over years of performing this ceremony over and over, day after day, obscures both potential changes to this not-always-so-simple act and ways we could make these ceremonies easier and more effective. 

In this talk, Ian Glazer, will:

  • Give an overview of the many kinds of user-facing ceremonies 
  • How these ceremonies are changing
  • How they could change even more and the implications for end-users
Event Recording
The Human Impact of Identity – Women in Identity Code of Conduct
May 11, 2023

Women in Identity strongly believes there is a need for a global Identity Code of Conduct to address identity exclusion—being excluded from access to identification credentials — that subsequently leads to exclusion from financial services and products.

The Women in Identity team are half way through their research project with the current phase focused on the development of the code of conduct.

This panel will share early look at the guiding principles that will ensure all users of digital identity systems have a consistent and high-quality user experience.