Event Recording

Lessons Learned from Projects Using Verifiable Credentials in the Education Industry

Show description
Speakers
Naohiro Fujie
General Manager
Itochu Techno Solutions
Naohiro Fujie
Naohiro Fujie, General Manager at ITOCHU Techno-Solutions Corporation(CTC),  has spent more than 20 years in the IT industry and primary focused on Digital Identity. Since 2021, he has been Chair of the OpenID Foundation Japan. And from 2020, he has been a co-chair of the eKYC and Identity...
View profile
Prof. Dr. Shigeya Suzuki
Project Professor
Keio University
Prof. Dr. Shigeya Suzuki
Shigeya Suzuki is a researcher with expertise in computer networks, distributed systems, and software development. He is an active member of W3C's DID and VC WG and is one of the key designers of Japan's Trusted Web Initiative and Originator Profile technology. Suzuki earned his Ph.D. from Keio...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Zero Trust: Where do We Want to be in Five Years?
May 11, 2023

The digital-first customer experience and remote-first workforce pushed zero trust from buzzword to reality. And yet, much of the conversation is still heavy on theory and light on practice. Cyentia completed a global study of high-level practices which measurably contribute to a more successful cybersecurity program based on a rigorous survey of nearly 5,000 practitioners. Within that study, we analyzed commonalities of organizations implementing and operating Zero Trust. Let's look closely at where we are today.

Now imagine it is 2028. You’re five years into your Zero Trust transformation. People like it and usability has improved. Defensibility is better, too, with a number of attacks having been stopped over the past couple years. But then, in 2028, you get the call. There’s been a security breach. What happened!? This session will explore the future with a pre-mortem on how breaches will look under a Zero Trust architecture.

Event Recording
Modern Authorization: The Next IAM Frontier
May 10, 2023

Identity and access have always been joined at the hip. In the age of LDAP, authenticated users were granted permissions based on group membership. But this mechanism hasn’t transferred into the federated identity landscape.

Instead, modern identity systems try to generalize permissions into scopes that are embedded into access tokens. But this doesn’t facilitate fine-grained authorization - a “read:document” scope doesn’t typically mean the user can access every document!

While identity has moved to the cloud, we still don’t have fine-grained, scalable mechanisms for generalizing authorization. So every application builds its own, and IT ends up administering every application differently.

Fixing this is arguably the most pressing challenge for the IAM industry. In this talk, we propose a set of principles, inspired by zero-trust and the latest work in cloud-native authorization, that should underlie the solutions we build:

  1. Support for fine-grained authorization (both ABAC and ReBAC), delivering on the principle of least privilege. Google’s Zanzibar provides an important blueprint.
  2. Managing authorization policy-as-code, enabling separation of duties and policy-based access management. Open Policy Agent is a good building block.
  3. Performing real-time access checks for continuous verification. This function should be downstream from authentication.
  4. Collecting fine-grained decision logs, providing the underpinning for comprehensive offline auditing and access analysis.
Event Recording
Revolutionizing Identity Governance and Administration with Low-Code Bot Automation
May 11, 2023

Identity Governance and Administration (IGA) is critical for ensuring the security of an organization, but it can also be a complex and time-consuming process. Join us for an engaging conversation on how Identity Governance and Administration Bot Flow (IGABotFlow) is revolutionizing the IGA field. This new approach combines the power of low-code orchestration, bot technologies, and a visual interface to simplify the management of access to sensitive information and resources while improving security.

"Citizen developers" will learn how to use IGABotFlow to automate complex business processes, including identity-related tasks, with low code visual tools. Additionally, attendees will discover how bots can proactively monitor and respond to events and changes in data, performing tasks and interacting with users without explicit requests. IGABotFlow is a game-changer in the field of identity governance and access management. Attendees will learn about the use cases where this technology could make a difference in their organization.

Event Recording
Zero Trust Applied for Access Management - How to Control and Monitor the User Access
May 12, 2023

UX with Security in Corporate and Customer Access but including a huge monitoring approach to have the effect of Zero Trust for the users. I will Mix CIAM, Access Management, IAG and UEBA

Event Recording
Rogue on Steam? Risks and Rewards of a Seamless Digital Life in the Metaverse
May 10, 2023
Event Recording
When will my Digital ID Wallet Work all Over the World?
May 11, 2023

When I travel aboard or do business with someone from outside my country, my payment cards and phone work across international boundaries. When will my Digital ID do the same?

This presentation will share how OIX’s work on Global Interoperability, part of the GAIN initiative, is defining how this will be possible through smart digital IDs or wallets that dynamically adapt to the policy rules of each new trust framework they encounter in a way that works seamlessly for the end user.

So, when I fly to the EU from the US my Digital ID from my US based wallet provider reads the rules of the EU trust framework and simply adapts. I don’t need to get a new local Digital ID for my visit to the EU. The EU trust framework policy rules will be described using a new globally applicable Open Policy Rules Exchange Framework that allows all frameworks to publish their policy characteristics in a standard machine-readable way.

My digital ID wallet contains key ‘golden credentials’ that should be accepted all over globe: passport, driving licence, bank account, telco account and my digital national ID card. Each trust framework will value these differently in its own Assurance Policy, which can also be published via the policy rule exchange framework. To make this work, new proofing and data content standards for some of the golden credentials will be required.

Technically, exchange of policy rules will be a decentralized approach, where policy rules are shared directly from each trust framework only to wallets they trust. The presentation will also outline the technical architecture to underpin this, and how the Open Policy Rules Exchange Framework will fit as a policy component as part of the Open Wallet Foundation architecture.

OIX is working with and analysing various trust frameworks around the global to create the Open Policy Rules framework, including the UK, Canada, EU, Australia, Singapore, MOSIP and Bank ID Sweden.

Come and find out more about how OIX’s vision of allowing us all to have a trusted Digital ID that can be accepted anywhere in the world can be achieved.

Event Recording
Celebrating a Digital Age to Advance Digital Stages of Necessity
May 11, 2023

Samuel Devasahayam will discuss the past decade of identity sights through Microsoft’s lens, demonstrating that security in a digital age remains valuable, and detailing what these insights imply for the next decade to continue building customer trust and resilient infrastructures.

Event Recording
Biometrics for Identity Assurance
May 10, 2023

In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have. 

Join iProov to hear how biometrics can improve security for both digital and physical access.  Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.

Event Recording
Past, Present and Future of the Italian Digital Identity Ecosystem
May 11, 2023

Italy has two National Digital Identity schemes, namely: SPID and CieID (leveraging the national ID card). Both of them are based on SAML2 and are on their way to supporting OpenID Connect. The reasons for this decision are numerous, and they are primarily related to OpenID Connect Core features such as flexibility, ease of implementation, better support for mobile applications, and widespread adoption, particularly in the private sector. To manage this transition, we considered several documents by the OAuth working group describing security best Current Practices and the OpenID Foundation specifying a profile for iGov and a framework for federation. In particular, the latter defines a hierarchical federation model with high security, interoperability, scalability, and transparency based on dynamic delegation mechanisms; Italy is an enthusiastic early adopter.
In this talk, we introduce the Italian OpenID Connect profile based on the iGov and federation profiles and explain the main security measures that we considered within our design from the aforementioned standards and available best current practices. We also discuss how the Italian OpenID Connect profile contributes to the iGov and OpenID Connect Federation documents. We conclude the presentation with a brief discussion of eIDAS 2.0 and some of the ongoing preliminary works in the context of the Italian digital identity ecosystem to move toward an SSI-based solution using the Italian OpenID Connect profile as a starting point.

Event Recording
Market Overview: Secure Access Service Edge (SASE)
May 11, 2023

The term secure access service edge (SASE) has become popular in recent months and has been adopted by numerous vendors. SASE stands for a concept that integrates a range of cloud-native security services including cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), with wide-area network (WAN) capabilities for delivering both directly to any edge computing location. In this session, KuppingerCole´s John Tolbert will give an overview of the market for SASE solutions and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing SASE solutions.

Event Recording
Passwordless by Design ("~pbD"?) - Real-Life Experiences, Constraints, and Implications
May 10, 2023
Event Recording
Adam Cooper: Centralised or decentralised - what’s the real question?
May 11, 2023

There are clear battle lines drawn between the centralised and decentralised worlds, but how much of this is ideology and how much is simply a misunderstanding of how services are delivered, rights protected, and trust established? Both models have advantages and disadvantages but that doesn’t mean that one should simply replace the other.

Governments need data about us to plan services such as where schools and hospitals should be built or where the most vulnerable in society are so that they can be supported. That data can also be used to cause harm, but technology alone will not solve the problems of control, protection of basic rights, and the delivery of fair and fraud resistant services.

In this session Adam Cooper seeks to identify the real questions we should be asking and provides his own insights based on over a decade of working with governments, citizens, and the private sector to deliver better outcomes for all of us.