Event Recording

Passwordless Primer

Show description
Alejandro Leal
Research Analyst
Alejandro Leal
Alejandro joined KuppingerCole as a Research Analyst in December 2021. His main areas of expertise include digital transformation in the public and private sector, managing business in today’s geopolitical context, and governance in artificial intelligence and cyberspace. Background...
View profile
European Identity and Cloud Conference 2023
Event Recording
Best Practice: Empowering the Vision of the IoT with Decentralized IAM
May 11, 2023

How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things

  • The Challenges of IoT and Identity 
  • SSI key elements in a nutshell 
    • Decentralized Identifier (DID)
    • Verifiable Credentials (VC)
    • The role of blockchain / DLTs
    • How the elements work basically together
  • The SSI advantages / disadvantages in general and for IoT
  • Can SSI replace “traditional” Identity and access solutions and how? 
    • The IoT possibilities filancore enables with SSI

From SSI zero to hero – ETO`s digital & IoT transformation in practice

    • From or need to vision, strategy and IoT-SSI in operation
      • Our innovation, organization, and technology problems from back then
      • SSI as a competitive chance
    • ETO`s SSI strategy and roadmap – where we started, are and going
    • Our SSI High-Level Architecture and IoT product innovation(s) [decentralized IAM in use]
    • Our lessons learned and take-aways with SSI
Event Recording
What’s Hot at the OpenID Foundation | Workshop
May 09, 2023

OpenID Foundation leaders and contributors will brief the EIC community on the latest progress and outlook for the OpenID Foundation. As part of this workshop we will cover: 

  • The identity landscape
  • The Foundation’s 2023 strategy
  • New partnerships and liaisons
  • Headlines from the Foundation’s latest whitepapers on Government, Privacy and IoT
  • Briefs on Working Group and Community Group progress and outlook
  • Deep dives on key issues facing the community - for your input!

Please join us early to be part of the conversation. Workshop presenters include Nat Sakimura, Gail Hodges, Kristina Yasuda, Torsten Lodderstedt, Tim Cappalli and others.

Event Recording
How to Get Your Cyber Insurance, Bring Down the Premium and Up the Coverage
May 12, 2023

More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.

The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.

Event Recording
All the IAMs - Modern Convergence of Digital Identity for Different Populations
May 09, 2023
Event Recording
Decentralized Identity Ecosystem for Southeast Asia: A journey from MVP to Production
May 12, 2023

Decentralized identity has made its waves in the EU with European Blockchain Services Infrastructure (EBSI) and in the US with various funded projects. A vast market in south-east Asia stays untapped. We have enabled our partner organization ZADA to build a decentralized identity ecosystem that connects various southeast Asian countries with numerous cases like 'Decentralized Vaccination TravelPass', 'Employment IDs', and 'Government issued Educational Credentials'. The journey of a decentralized identity platform from ideation to MVP and to a scalable production system can bring tremendous insights. We were able to successfully enable the public sector in Myanmar to engage with self-sovereign identity and bring value to its citizens by issuing over more than a quarter million digital credentials. Monetization of these credentials was an essential factor for us. These self-sovereign identity credentials varied in use cases and were verified by Singapore immigration, Public sector hospitals, the Education Ministry of Myanmar, the Health Ministry of Myanmar, and various other private sector vendors. Our journey covers various use cases in EdTech, HealthTech, IAM, and KYC. Explored right, these cases can help us dive into how enterprises can engage with the southeast Asian identity market.

Event Recording
Policy-Based Access, Just-in-Time IAM, Next-Gen IAM - Getting Rid of Roles and Recertification
May 11, 2023

Access control is a key part of cyber security, however traditional approaches do not work well for modern business IT environments that nowadays typically include a mix of applications on-prem and across multiple cloud environments.

Most modern companies tend to struggle with access management for a variety of reasons. These include the fact that it is difficult to make the necessary connections to the many disparate IT systems for which they need to provision access, role-based access management is challenging, static role-based entitlements are difficult to manage and typically require regular recertification processes, and traditional approaches are focused on granting access to resources required by an individual to perform their job function, but do not cover how those rights are actually used to stop any abuse of entitlements.

In addition, course-grained authorization is no longer sufficient because modern applications and sensitive data assets in cloud-native, containerized and DevOps environments require fine grained authorization capabilities that can also supply identity attributes and context variables.

A policy-based approach can address many of the pain points experienced by organizations today by enabling a centralized, consistent, dynamic, on-demand (just-in-time) way of managing access to IT resources. In this panel session we will discuss nothing less than the future of Access Management.

Event Recording
Street Cred: Increasing Trust in Passwordless Authentication
May 10, 2023

Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication? 

The industry needs to trust passwordless authentication (FIDO2). Adversaries and then criminals have circumvented our authentication controls for decades. From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks.

What holds us back from getting rid of passwords? Trust. In this session, we will propose a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor, and to reassess based on shared signals (CAEP). We will share a path forward for increasing trust in passwordless authentication.

Event Recording
The Decentralized Identity Journey has Begun in Financial Services
May 11, 2023

Learn how Raiffeisen Bank International heads toward decentralized identity to empower their customers across Europe and set the gold standard for privacy protection.

The increased mobility of users and their demand for personalized, unified omnichannel access experiences has stretched federated IAM beyond its limits. Meanwhile, the need for organizations to collaborate more to compete, and build communities of trust and value for those same users affordably and securely, cannot be met by existing federated IAM solutions. Learn how Raiffeisen Bank International (RBI) will embrace the new paradigm of decentralized identity to improve existing experiences and create the opportunity for new, valuable user experiences and increased levels of engagement and collaboration withbusiness partners across multiple jurisdictions, without the need to replace their infrastructure. Simultaneously, understand why starting their journey now, enables RBI to future-proof their ecosystem to rapidly support the EU Digital Wallet and official digital credentials that will become available. Get a glimpse into the solution architecture being deployed at RBI and an understanding of the benefits and how they can be communicated to executive leadership and business partners. Yes, decentralized identity may be great for web3 someday; however, learn from RBI how it can also solve today’sproblems in a practical way and work in harmony with existing IAM systems enhancing existing federationplatforms.

Event Recording
Defining the Protocol for Internet-Scale Digital Trust
May 10, 2023

The Trust Over IP Foundation (ToIP) is focused on the centerpiece of the ToIP stack: the trust spanning protocol that will do for identity interchange what the Internet Protocol did for data interchange. This panel will explore how this will enable ubiquitous, trusted, interoperable identity exchange.

The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems based on digital wallets and digital credentials. ToIP was founded by a pan-industry group of leading organizations with a mission to provide a robust, common set of standards forming a complete architecture for internet-scale digital trust. The ToIP Technical Architecture Specification V1 was completed earlier this year. Now ToIP is focusing on the keystone to ubiquitous identity, the ToIP Trust Spanning Protocol. This protocol will do for identity interchange what the Internet protocol did for data interchange.

This interactive panel, moderated by ToIP’s Executive Director, will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age. Come to this panel to understand the why, how, and when of this new protocol.

Event Recording
Digital Trust in the Metaverse & Decentralized Internet of Everything
May 11, 2023

Phishing, hacking, threats, fraud, and malicious behavior online of all types all share a common root: verification. In this session we’ll go beyond identity and explain how decentralized identity and verifiable credentials can provide a complete, secure system for exchanging different types of information between multiple parties. Learn how Trusted Data Ecosystems can connect people, machines, companies or any two entities to multiple businesses and jurisdictions without sharing private information. In this conversation, long-time community contributor at Hyperledger, working group leader at Decentralized Identity Foundation, and Indicio Senior Engineer Sam Curren will share more about digital trust and describe the critical importance of digital verification to decentralized healthcare, finance, the metaverse, and to the interaction of digital objects and non-digital objects in the spatial web—the “Internet of Everything.”

Event Recording
Ahead of the Curve - the Customer Demands it, the Market Demands it, do You?
May 10, 2023

Companies today are being faced with business-critical yet seemingly conflicting topics; how to build trust, loyalty and personalized experiences that fuel growth in a world of fading cookies and GDPR. There has never been more urgency than now to focus on strategy and technology to meet the demands of the privacy-conscious consumer.  The collection of data and its management is core to this challenge, but current identity methods are missing the opportunity to solve it with legacy approaches and risk-based thinking. At IndyKite, we believe that facing this mounting challenge requires us to make leaps in both our thinking and technology implementations. Join us as we challenge the current operating state and discuss what the world might look like when we have the tools to power a truly customer-centric ecosystem - one where consumer data ownership and personalized services that fuel growth are no longer at odds. 

Event Recording
Security Offered as Components Empowering Enterprises to Gain Control
May 10, 2023

You often think service providers should build identity and API security infrastructure by themselves to have full control and flexibility so that it can fit into their business and technology stack. But it tends to be time consuming and costly due to lack of expertise to do so. Buying a heavy-weight solution is another considerable option, but it reluctantly leads dependency on the particular vendor of the solution, which may have redundant features and may not accommodate to customize in a cost-effective and timely manner. In this session, we will discuss a third option to “buy and build” that can combine the best of both worlds and give you control by building from scratch, as well as minimize the time and resource by leveraging “Identity Components as a Service.”