Event Recording

Trust Inspiring CIAM – Essentials for a Secure, Experience-Driven Digital Business

Show description
Speaker
Dr. Phillip Messerschmidt
Lead Advisor
KuppingerCole
Dr. Phillip Messerschmidt
Dr. Phillip Messerschmidt joined KuppingerCole in January 2021 as Advisor & Analyst. Prior to this, he worked for various management consultancies, primarily advising major banks on challenges related to the IT security infrastructure topic of identity and access management (IAM). His focus...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Adam Cooper: Centralised or decentralised - what’s the real question?
May 11, 2023

There are clear battle lines drawn between the centralised and decentralised worlds, but how much of this is ideology and how much is simply a misunderstanding of how services are delivered, rights protected, and trust established? Both models have advantages and disadvantages but that doesn’t mean that one should simply replace the other.

Governments need data about us to plan services such as where schools and hospitals should be built or where the most vulnerable in society are so that they can be supported. That data can also be used to cause harm, but technology alone will not solve the problems of control, protection of basic rights, and the delivery of fair and fraud resistant services.

In this session Adam Cooper seeks to identify the real questions we should be asking and provides his own insights based on over a decade of working with governments, citizens, and the private sector to deliver better outcomes for all of us.

Event Recording
Passwordless by Design ("~pbD"?) - Real-Life Experiences, Constraints, and Implications
May 10, 2023
Event Recording
Trust No One, Always Verify
May 11, 2023

Cybercriminals no longer “hack” in – they simply log in. Once inside, they hunt for privileged accounts. A vast majority of breaches today are due to the abuse of stolen privileged accounts. Privileged accounts are very powerful but at times, anonymous and shared. Learn how to take control of Privileged Access to ensure that your most valuable asset - your data - is protected.

Event Recording
CAEP and Shared Signals - Past, Present and Future
May 10, 2023

What started as a simple blog post from Google has rapidly ballooned into an industry movement. Major vendors have implemented the Continuous Access Evaluation Protocol / Profile (CAEP) and analysts, practitioners and decision makers agree that it is critical to the future of zero-trust. This keynote, by the inventor of CAEP, goes into the pain points that led to the development of CAEP, the process to recast it as a part of the Shared Signals working group in the OpenID Foundation and the trends that make it an indispensable component of any zero-trust architecture. CAEP’s non-prescriptive nature makes it easy for anyone to implement their own policies and the Shared Signals Framework makes communicating changes efficient and nearly instantaneous. A future powered by Shared Signals and CAEP enables enterprises and vendors to break information silos to create a highly secure outcome.

Event Recording
Building a Rich Workload Identity Stack with SPIFFE and OPA
May 11, 2023

What’s the highest value platform feature you can offer your Kubernetes tenants? It might be standardizing workload identity and policy controls. In this session, we will discuss desirable properties for a workload identity and present a modern architecture built on SPIFFE and cert-manager which uses Open Policy Agent (OPA) for policy decisions. This should leave you with actionable ideas to help you re-evaluate your workload identity functionality and security posture.

Event Recording
Your Identity Is Not Self-Sovereign
May 12, 2023

Are we really in control of our identities, are they merely assigned to us, or is there something else at play?

The promise of a "self-sovereign identity" seems great: you know who you are, and through the magic of technology you can prove to everyone around you that you are who you say you are. The technology to enable this is being built and deployed, but is it the right solution? Even more fundamentally, is it the right model at all?

In this session, we'll examine the core concept of "self-sovereign" identity in the light of how society has historically viewed identity and how our digital systems have modeled identity in different ways over time.

Event Recording
Building a Secure Digital Experience Without Friction
May 10, 2023

As the number of digital touchpoints in the customer journey increases, IT teams rely on customer identity to optimize security and user experience. However, ensuring one doesn't overshadow the other often requires multiple integrations and custom development, creating internal friction and slowing innovation.

In this talk, Sadrick Widmann, CEO at cidaas, will explain how to remove barriers and improve cross-functional collaboration to bring seamless, secure customer experiences to market faster.

Event Recording
Identity Inclusion – Why it Matters
May 09, 2023

The cornerstone of the digital world is trust and key to that experience is a secure and verifiable digital identity. More than one billion people worldwide lack a basic verifiable identity. Without recognizable and consistent proof of identity there can be no financial, health, citizen, or digital inclusion. Women in Identity is a not-for-profit organization championing diversity and inclusion in the identity sector.  Women in Identity enables change through awareness from our research projects (such as the code of conduct) and through our sponsors and members.  In this keynote the chair and vice chair of the Board will share insights on the impact of identity exclusion and provide practical and pragmatic ways organizations and individuals can help drive Identity inclusion. 

Event Recording
Make Decentralized Identity work in the real world with Decentralized Ecosystem Governance
May 11, 2023

Decentralized identity has long been seen as a solution to the interconnected problems of verification, privacy, and security online, but now that it is being deployed in the marketplace, how does it manage the complex information flows and rules required by enterprises and governments? Much theoretical discussion has focused on what should happen, but in this conversation, we’ll discuss what actually happens when a customer implements a decentralized identity solution. We’ll explain why decentralized ecosystem governance is preferred to centralized trust registries, the importance of portable trust, automation, updating, and offline functionality, and why customers need to be able to choose between hierarchical and distributed governance.

Event Recording
Finding the Signal Through the Noise in Web3(++) Identity
May 11, 2023

2022 brought a lot of activity in web3/crypto identity solutions: Soul Bound Tokens, Verifiable Credentials, and even web5?! In this year-in-review we'll examine the varying approaches, the problems they were trying to solve, and discuss how this can inform all of our user-centric identity efforts.

Event Recording
Orchestrating Zero Trust - "Detect, Decide, Direct"
May 10, 2023

The Zero Trust paradigm, the approach of eliminating inherent trust in an IT architecture and always verifying, has been discussed for over a decade. It is well known that Zero Trust is a team sport, with Identity in the center. The many components, from IGA to Device Management, Network-segmentation to contextual awareness and beyond can be fulfilled by as many vendors, bearing the question about how to integrate these for a secure and convenient user experience. While there may be integrations available for some components, they will most likely be disjointed and/or require custom development, making it a challenge to be agile and innovative.

An alternative to the described problem would be Orchestrating Zero Trust, applying the approach of "Detect, Decide, Direct". Through Orchestration the task of gathering all signals and relevant information (Detect) for an appropriate authorization decision (Decide), and continuing with the proper next step(s) (Direct) can be fulfilled in a flexible manner, facilitating customization in a future proof manner.

In this session we will describe the "Detect, Decide, Direct" approach and see how Orchestration can be a key enabler of Zero Trust.

Event Recording
OpenWallet Deepdive
May 10, 2023