ONE PACKED AGENDA AGENDA

FILL YOUR WEEK WITH ALL THINGS IDENTITY

AGENDA

The bulk of the Identiverse agenda is made up of proposals from the community, gathered via our open and public Call for Presentations, and carefully selected and curated by the Content Committee, comprising subject matter experts with recognised knowledge of their area, under the guidance of the Identiverse Content Chair. The Call for Presentations for Identiverse 2019 will open towards the end of this year, and will be announced here and via our social media channels. So keep an eye out for this important information. We look forward to receiving your proposals!

New this year, Identiverse is pleased to be an (ISC)² CPE Submitter. Delegates holding a CISSP, CCSP, HCISPP or other (ISC)² certification can count attendance at Identiverse sessions, keynotes and masterclasses towards your annual CPE requirement.

To get an idea of how extensive the 2019 agenda will be, take a look at the 2018 agenda.

Sunday - June 24


9:00am - 12:00pm
10:00am
Registration Desk Opens
12:00pm - 6:00pm

Sessions

Cafeteria - Plaza Level
12:00pm - 2:00pm
Lunch
Lunch

No Speakers Assigned

Join us for a light lunch in the Hynes Convention Centre Cafeteria before the afternoon sessions & masterclasses.
Expo Hall
5:00pm - 7:00pm
Welcome Reception & Expo
Welcome Reception & Expo

No Speakers Assigned

Join our sponsors and exhibitors in the Expo Hall for our Welcome Reception and celebrate the start of Identiverse 2018 in style!
Room 302
2:00pm - 2:50pm
Overview: Identity and Access Management
Overview: Identity and Access Management
Brian Campbell
Distinguished Engineer & (un)official Photographer
Ping Identity
This session will give an overview of Identity and Access Management to serve as a mildly entertaining refresher or introduction to help set the stage for the rest of the week. We'll look at some of IAM's past, present, and future and cover industry standards like SAML, OAuth, FIDO, OIDC, and some other acronyms.
3:00pm - 3:50pm
What makes OpenID client software good?
What makes OpenID client software good?
Michael Schwartz
CEO
Gluu
Whether you’re a developer or security architect, you need to know the best practices for OpenID Connect client software. OpenID Connect can be used to achieve a range of security levels. Properly used, it mitigates many risks. However, OpenID Connect’s flexibility, combined with its shared ontogeny with OAuth 2.0, creates opportunities for error--developers may not use (or even know about ) certain features necessary to achieve the transaction integrity they desire. The good news is that client software and middleware services can do some of the heavy lifting. You need the best of both worlds--maximum security and developer joy.
4:00pm - 4:50pm
Countering Identity Creep in a Hybrid-Cloud World
Countering Identity Creep in a Hybrid-Cloud World
Ben Johnson
CTO
Obsidian Security
Cloud computing has exploded our attack surface area, with elasticity and a blend of on-premise, SaaS, and IaaS systems resulting in a dynamic and hard to manage perimeter. As employees are granted more access and more privileges, identity creep is real. And even with the migration to the cloud, organizations are still usually on the hook for the IAM responsibilities and maintenance. The concept of “Triple A” – Authentication, Authorization, and Accounting – has defined security for quite some time. However, we haven’t always given all three As the same level of attention. For the past several years, the industry has been heavily focused on authentication, placing a small amount of attention on authorization, and has virtually ignored accounting. In this presentation, we’ll explore how shifting our focus towards authorization and accounting can help us improve our grasp on identity in the modern hybrid-cloud world. In today’s complex environments, it’s difficult to understand what privileges are required and what activity should be considered normal, so we will discuss those topics with examples.
Room 304
2:00pm - 2:25pm
Using IoT to Improve Identity Management
Using IoT to Improve Identity Management
Mark Diodati
Research Vice President
Gartner
We often focus on providing IAM capabilities for the IoT ecosystem; capabilities like authenticating operators, analysts and devices; and limiting device management, data and analytics to authorized users. But what if we turn it around and ask if IoT can help with IAM? In this session, we will explore the question via a real technical demonstration that leverages facial recognition, mobile push authentication, user provisioning devices, along with IaaS and IoT platforms. We will wrap up the session with guidance on augmenting IAM processes via IoT.
2:35pm - 3:25pm
Beyond API Authorization
Beyond API Authorization
Jared Hanson
Creator of Passport JS and Auth0 Chief Architect
Auth0
The era of web-based APIs has reshaped how we build software. OpenID Connect and OAuth 2.0 have made it possible for service providers to securely make APIs available to third party developers, turning businesses into platforms and ecosystems accessible across a range of devices and applications. But what if what we want to protect isn’t an entire API, but an individual document? What if the creator of this document wants to collaborate with their colleague who’s employed by another company? This session will explore the solutions and challenges to fine-grained access to individual protected resources. What standards and protocols exist, and what remains to be built?
3:35pm - 4:00pm
Microservices Security Landscape
Microservices Security Landscape
Prabath Siriwardena
Director Security Architecture
WSO2
The term ‘microservice’ was first discussed at a software architects workshop in Venice, in May 2011. It's being used to explain a common architectural style they’ve been witnessing for some time. The key driving force behind microservices is the speed to production. One should be able to introduce a change to a service, test it and instantly deploy it in production. Further to that, with the granularity of the services and the frequent interactions between them, securing microservices is challenging. This talk will address multiple perspectives in securing microservices: Secure Development Lifecycle and test automation, DevOps security and application-level security.
4:05pm - 4:30pm
Microservices architecture & security. How (not) to?
Microservices architecture & security. How (not) to?
Bertrand Carlier
Senior Manager
Wavestone
A micro-services architecture might be considered a goal in itself or only appropriate in some specific contexts. Either way, this path leads to new issues to be addressed and tackled : user end-to-end authentication & authorization mixed with service-to-service authentication & authorization, transaction based authorization, scope management and Level of Assurance (~authentication level) management. Some OAuth2 standards come in handy for a portion of those issues but fall (very) short for the rest or just does not address them. Should I rely on an API Gateway or is that optional? Should tokens be opaque or self-signed? Is that really mainly linked to scalability or are there other considerations? How can we overcome these limitations? What additional standard(s) could help in there? In this session we will share feedbacks from many deployments and share why some different design choices were made within different contexts.
4:35pm - 5:00pm
Threat Tolerant IAM Micro Services Architectures
Threat Tolerant IAM Micro Services Architectures
Rakesh Radhakrishnan
Specialist Director
KPMG
Identity & Access Management systems as processes and underlying data models - are being adapted and changed from a monolithic model to a micro service based model software model end to end (low code dev approaches as well with domain driven relevant standards based data models) that are well aligned to micro databses (blocks) and micro segmented software defined networks. These approaches for the first time create the possibility for aligning IAM micro services as "threat tolerant" services - when aligned with threat intelligence end to end and machine learning - from a design, development, deployment and run time perspective - with policy automation. This presentation will also cover a reference architecture for Conusmer IAM that is based on threat tolerant IAM microservices.
Room 306
2:30pm - 2:55pm
Assure your digital channels cost-effectively: Embrace Industry Standards
Assure your digital channels cost-effectively: Embrace Industry Standards
Colin Wallis
Executive Director
Kantara Initiative
Your brands are globally accessible to anyone with a smartphone and an electronic payment mechanism. But your digital and eCommerce channels tread an increasingly precarious path through multi-layered and incompatible regulations, rising customer expectations and cultural sensitivities. Compliance costs to verify identity, manage consent, handle personal data & preferences, and deal with seemingly unsolvable problems of delegated authority can easily spiral out of control. Leveraging industry standards and specifications offer cost effective ways through the compliance minefield as well as deliver both strategic and marketing side benefits. But only if you choose the right ones. Learn how to strategically evaluate and adopt standards applicable to the industry context in which your business operates.
3:00pm - 3:55pm
The Rhythm of Kantara
The Rhythm of Kantara
Colin Wallis
Executive Director
Kantara Initiative
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
Mark Lizar
CEO & Co-Founder
Open Consent
Sal D'Agostino
CXO & Co-Founder
OpenConsent
Andrew Hughes
Independent Analyst - Online Trust & Identity
ITIM Consulting Corp
This session will walk attendees through Kantara's 'nurture, develop, operate' mantra that continues to grow its community of members and volunteers, led by Colin Wallis. Working Group leads Eve Maler, Mike Schwartz, Andrew Hughes, Mark Lizar and Sal D'Agostino will showcase new work in Consent Receipt, User Managed Access, Identity Assurance and others, while new member Lubna Dajani will share why she joined Kantara. The sesssion will be MC'd by ForgeRock's Allan Foster, who is also Kantara's President.
4:05pm - 4:30pm
When Should Whistleblowing Become the Response to Corporate Negligence?
When Should Whistleblowing Become the Response to Corporate Negligence?
Jon Lehtinen
Lead Identity Engineer
Thomson Reuters
It's a repetitive cycle- corporations aggregate our data without our consent, corporations sell our data without our consent, and criminals steal our data by exploiting the companies that don't adequately protect that data. Despite the frequency of PII loss, and the disproportionately negative impact for those effected, many practitioners see their organizations routinely underfund or neglect their information security and identity programs. Furthermore, when existing regulations (or the lack thereof) fail to get companies to invest in securing identity data, what non-regulatory recourse remains to force organizations to remedy their security posture? In this panel we discuss what actions, if any, can be considered an appropriate response to this pattern of corporate behavior, and how identity professionals can work to align the interests of their employers to the interests of those impacted by these lax corporate security practices.
4:35pm - 5:00pm
Centrify Presents: In the Land of Zero Trust, Threats Have No Power
Centrify Presents: In the Land of Zero Trust, Threats Have No Power
Bill Mann
SVP Products and Chief Product Officer
Centrify

As traditional network perimeters dissolve, organizations must discard the old model of “trust but verify” and implement an “never trust, always verify” approach for everything — including users, endpoints, networks, servers and applications.

Zero Trust Security assumes that untrusted actors already exist both inside and outside the network. Zero Trust Security presumes that users and endpoints are not trustworthy and ensures each access request verifies every user, their devices, and limits access and privilege. Zero Trust Security utilizes machine learning to discover risky user behavior and apply conditional access — without impacting user experience. Zero Trust Security requires a Next-Gen Access approach which unifies single sign-on (SSO), multi-factor authentication (MFA), mobility management, privilege management and behavior analytics.

Learn why and how Zero Trust came about, what is the definition, what new use cases and attack surfaces it applies to and how customers are benefiting.

Room 309
2:00pm - 2:40pm
Identity and Access Management at NIST
Identity and Access Management at NIST
Kevin Stine

The 2017 release of NIST SP 800-63 r.3 Digital Identity Guidelines represent an evolutionary shift in the management of digital identities. Just one piece of the puzzle, NIST is working on a variety of identity and access management efforts that complement this work, including standards engagement, research initiatives, and applied projects with government and industry partners. In this session, learn about these current efforts, and hear about the direction of identity and access management at NIST moving forward.
2:45pm - 3:25pm
Building Digital Bridges: Developing International Identity Standards
Building Digital Bridges: Developing International Identity Standards
David Temoshok

Since 2017 NIST has been working to map a diverse set of national identity guidelines in an effort to identify and explore commonalities and gaps. Initially intended to support cross border interoperability, these mappings have become integral contributions to the international standardization process. Mr. Temoshok, will discuss the evolution of NIST’s efforts to support international di gital identity standards, and explore: the mapping exercise conducted with international partners, the impact of NIST SP 800-63 r. 3 on international approaches to digital identity, and current efforts to contribute to emerging ISO projects.
3:30pm - 4:10pm
Improving Mobile Authentication for Public Safety & First Responders
Improving Mobile Authentication for Public Safety & First Responders
Bill Fisher

Mobile platforms offer a significant operational advantage to public safety and first responder (PSFR) stakeholders by providing access to mission critical information and services while deployed in the field, during training and exercises, or participating in the day-to-day business and preparations during non-emergency periods. However, these advantages can be limited if unnecessary or complex authentication requirements prohibit an official providing emergency services, especially when delay – even seconds – is a matter of containing or exacerbating an emergency situation. The National Cybersecurity Center of Excellence (NCCoE) worked closely with Public Safety stakeholders and Industry subject matter experts to build a standards-based, commercially available references design demonstrating multifactor authentication (MFA), identity federation and single sign on (SSO) for mobile native applications. This session will cover the recently released NIST SP1800-13 practice guide which details the challenges of mobile authentication for PSFR personnel, the FIDO and IETF standards for addressing MFA and SSO on mobile platforms, a detailed description of the NCCoE reference architecture and a demonstration of the reference design with public safety applications.
4:15pm - 4:55pm
Privacy Risk Assessments: The Foundation of Privacy Risk Management
Privacy Risk Assessments: The Foundation of Privacy Risk Management
Ellen Nadeau

As consumers show an increasing interest in solutions that protect their privacy, there are new opportunities for companies to gain a competitive advantage in the marketplace by building privacy into their systems. In this session, hear from NIST about the types of privacy risks they've repeatedly seen in identity management systems over the past few years as they've worked with organizations - in both public and private sectors - on privacy risk assessments. Additionally, learn about potential controls - both technical and policy - to help mitigate these privacy risks.
Room 310
2:00pm - 5:00pm
OAuth2 Master Class
OAuth2 Master Class
Justin Richer
Internet Security Consultant
Bespoke Engineering
Come to this half-day class to learn all about OAuth 2, how it works, why it works, and what it's good for. Taught by the author of "OAuth 2 In Action" from Manning Publications.
Room 311
2:00pm - 2:25pm
The Identity Ecosystem Map
The Identity Ecosystem Map
Kaliya Young
Super Hero
Identity Woman
The Identity Ecosystem Map has been under development for several years with funding form DHS S&T. It documents the organizations, standards, companies, pilots, projects, publications and events across the identity ecosystem. This session will be a tour through the map and and include invitation to the community contribute further.
2:30pm - 2:55pm
International Identity Standards at ISO
International Identity Standards at ISO
Andrew Hughes
Independent Analyst - Online Trust & Identity
ITIM Consulting Corp
Most conference presentations about open standards cover technology and protocol interoperability standards. Believe it or not, there are standards that cover process and practices! The ISO SC 27 working group 5 on Identity Management and Privacy currently has a very full schedule of work on Identity and Privacy standards – experts from National Body standards organizations met in Wuhan, China in April to decide on the scope of work on new or updates to ISO standards for Identity management and Privacy. Some of the current work: ISO standards will be updated to incorporate new material from the recently-published NIST SP 800-63-3; updated models for identity assurance; new approaches to incorporate identity-related risk in risk analysis. Attendees will learn about: the role and value of ISO standards in international trade; how nations work together to draft international standards; ; key characteristics of management and practices standards; specific details on the process, practice and technical scopes covered by specific ISO standards.
3:00pm - 3:25pm
OpenID Connect: Overview and Certification
OpenID Connect: Overview and Certification
Michael Jones
Identity Standards Architect
Microsoft
Mike Jones presents an overview and an update on OpenID and the OpenID Certification process.
4:00pm - 4:50pm
Privacy 2.0
Privacy 2.0
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
Mark Lizar
CEO & Co-Founder
Open Consent
Sal D'Agostino
CXO & Co-Founder
OpenConsent
The privacy notices and rights information, or lack of it, comprise what is becoming the public profile of an organization's privacy transparency or Public Privacy 1.0. The GDPR, coming into force on May 25th 2018, is the Y2K of privacy transparency, as services ‘data controllers and processors’ need to be transparent over data processing or risk being liable for non compliance, less trustworthy and less competitive. This presentation proposed to cover Privacy Transparency & Consent. It will cover how IdM systems need to be transparent. Delving into the standards and data sources that are used to make privacy and notice systematically, usable, transparent and public. Privacy notices and rights information, or lack of it, by default comprises an organization’s public privacy profile. How to build, measure and leverage organizational privacy transparency is the goal and critical outcome of Public Privacy 2.0. Privacy 1.0 is self regulation based on privacy policies. Privacy 2.0 is transparency at a machine readable and granular level, along with options for control. The GDPR (New EU LAW) sets the stage for the ongoing performance of privacy transparency. As services ‘data controllers and processors’ need to be transparent about data processing. The risk is that their privacy transparency and organizational performance is deemed non compliant, untrustworthy and less competitive, translating into fines, lost customer and revenue and brand equity. Join this session to learn about privacy, transparency, consent, and control as they relate to identity systems, standards, and interoperability. We will discuss how the Consent Receipts and User- Managed Access (UMA) standards from the Kantara Initiative and the Open Notice project from MIT can play a role in solving these key challenges.
Room 312
2:00pm - 2:25pm
Identity on the Frontlines: A Guide for Developers
Identity on the Frontlines: A Guide for Developers
David Lee
Identity Strategist Office of the CTO
SailPoint Technologies
Mike Kiser
Senior Security Strategist
SailPoint Technologies
What does it mean to manage identity in your application today? Just about any application, no matter the size, has some element of identity: authentication, authorization, password resets. As identity becomes more critical to enterprise security infrastructure, we should see the rise of Identity SDK's from vendors that allow developers to ease these features into their programs. This session will take attendees on a journey, showing them what strong identity looks like for developers, how to use it to improve productivity and leave with applicable best practices on improving workflow and infrastructure with identity.
2:30pm - 2:55pm
GraphQL: a new paradigm for REST(ful) integration and IRM
GraphQL: a new paradigm for REST(ful) integration and IRM
Alex Babeanu
Senior Identity Specialist
Nulli
Current Identity and Access Management protocols and specifications rely on specific/standardized REST endpoints. Building new Web/Cloud applications, Web Developers and product managers face the challenge of having to implement a very eclectic mix of web APIs, including for Identity and Access management. The implemented APIs often need to change over time, and besides, the clients that rely on these APIs sometimes find certain functionality to be lacking The new GraphQL specification turns REST on its head by providing a standardized way of making any kind of request through a single REST endpoint. This session will describe this emerging paradigm and show how it can be used to implement common Authentication and Authorization requests. A demonstration of the use of GraphQL will be included in this session. Finally, this session will explore various stacks of technologies that have implemented the GraphQL specification to show how they can help implement Identity Relationship Management.
3:00pm - 3:25pm
Securing your API beyond basic OAuth by Sender Constrained Tokens and JWT Authorization Request
Securing your API beyond basic OAuth by Sender Constrained Tokens and JWT Authorization Request
Nat Sakimura
Research Fellow
Nomura Research Institute, Ltd.
In the mobile-first world that we live, OAuth 2.0 as in RFC6749 and RFC6750 is the de-facto method for protecting your APIs. It is very simple to use while it is a vast improvement compared to API Key or shared password approach as far as security properties are concerned. However, it has given up some security properties as well. This session explains where the weakness of the basic OAuth exists by considering the source, destination, and message authentication as well as considering the recommendation based on the formal security analysis of ISO/IEC 9798 Standard for Entity Authentication by Basin, Cremers, and Meler. Then, explains how it can be solved using JWT Authorization Request and Sender Constrained Tokens based on the Financial API Security profile developed by OpenID Foundation’s FAPI WG and deployed in UK banks and other financial institutions elsewhere in the world. Such profile should be very useful not only for financial transactions but for other higher risk APIs.
3:35pm - 4:00pm
How the H@ck R U? Take a modern identity assurance approach in an interconnected hacked out world
How the H@ck R U? Take a modern identity assurance approach in an interconnected hacked out world
Ayelet Biger-Levin
Senior Consultant, Identity Product Marketing
RSA
Recent mass data breaches have created an abundance of stolen credentials for sale across the dark web. Even if your organization was not the target, you still may be exposed to the risk of credential replay, phishing, account takeover and many other cyberattacks. In this session, we will take a tour of the Dark Web and expose the latest types of attacks used to steal identity information, where it is being sold and how cybercriminals are leveraging it to conduct account takeover. In this session you will learn: • What are the hottest targets cybercriminals are going after and why • How to identify and monitor the most prolific account takeover indicators • Tips to embrace our interconnected world for stronger identity assurance • Ways to gain a holistic view of identity risk across islands of identities
4:05pm - 4:30pm
How do you know if your security is working? Penetration testing moves you from hoping to knowing
How do you know if your security is working? Penetration testing moves you from hoping to knowing
Chris Sullivan
Chief Information Security Officer
SecureAuth + Core Security
Attackers are present 99 days before detected, and while an improvement over previous years, 3+ months is simply too long. With a growing number of devices, applications, and regulations, security teams struggle to have enough time, resources, or tools to continually and comprehensively test their landscape for security vulnerabilities. The only true way to know the strength of your protection and your true vulnerabilities is to exploit them, and that’s better done by you than an attacker! Whether running penetration testing yourself or using a 3rd party service, there are things you should look for…
4:35pm - 5:00pm
Why is getting to the cloud so hard? (And does it have to be?)
Why is getting to the cloud so hard? (And does it have to be?)
Brian Puhl
Principal Program Manager
Microsoft
Moving enterprise services to a cloud is easy! All you need to do is have the cloud fully customized and connected to do everything your on-premises infrastructure does, without any changes, and cheaper. In this session we're going to look at some of the challenges - technical, political, usability, etc... - which are the common roadblocks to enterprises moving to the cloud. We'll dive into some of the technical solutions that can help make life easier, and find out where you really can just "check a box" and start reaping the rewards

Monday - June 25


9:00am - 12:00pm

Keynotes

Identity’s Cambrian Moment: The State of Identity in 2018

8:00am - 8:15am | Ballroom

Andre Durand

Founder & CEO | Ping Identity

Identity’s Cambrian Moment: The State of Identity in 2018

8:00am - 8:15am | Ballroom

Andre Durand

Founder & CEO | Ping Identity

The rapid diversification of living organisms during the Cambrian explosion followed billions of years of stagnation in the growth of life on earth. Identity in 2018 is on the verge of its own Cambrian moment. After many years of status quo, identity is exploding into every facet of modern life becoming more strategic for enterprises and governments alike. Novel standards and techniques are emerging to meet the evolving identity requirements of consumers, APIs and hybrid IT deployments. It's a time of evolution and revolution. We have 'identity everywhere' with IoT and mobile. We have open banking—and open everything! Andre Durand, CEO of Ping Identity, welcomes you to Identiverse, unravels the genesis of this Cambrian explosion of identity, and explores the future of our digital identity ecosystem.

Business Advice We Shouldn't Believe Any More

8:15am - 9:00am | Ballroom

Andrew McAfee

Principal Research Scientist | MIT

Business Advice We Shouldn't Believe Any More

8:15am - 9:00am | Ballroom

Andrew McAfee

Principal Research Scientist | MIT

Andrew McAfee's new book (coauthored with Erik Brynjolfsson) is Machine | Platform | Crowd: Harnessing our Digital Future, which The Economist called "An astute romp through important digital trends." In this talk Dr. McAfee uses insights from the book to show how technology is rewriting the business playbook, and how a great deal of standard business advice is now dangerously out of date. Best practices are changing rapidly in this time of astonishing technological progress. This fast-paced, lively, and content-rich talk explains why this is, and delivers smart guidance for the next generation of business leaders.

Sessions

Cafeteria - Plaza Level
11:15am - 12:15pm
LIGHTest International Forum
LIGHTest International Forum
Rachelle Sellung
Senior Scientist
Fraunhofer IAO / University of Stuttgart IAT
Join the Open Identity Exchange session on LIGHTest as we discuss how the use of a global and trusted infrastructure can determine and verify digital trust assurances to facilitate decision making and assessing risk. By better understanding operational risk, operation costs can be better controlled. LIGHTest is providing tools for the emerging cross-border trust services market. This session will cover the tri-channel approach being undertaken by the project as we aim to bring together the technical, legal and business elements to ensure success. Lightest is a Horizon 2020 three year project which began in September 2018 and brings together 14 partners from 9 different countries.
Expo Hall
7:00am - 8:00am
Breakfast
Breakfast

No Speakers Assigned

Get your week off to a great start with Breakfast in the Expo Hall!
8:05am - 11:00am
Exhibit Hall 6.25 AM
Exhibit Hall 6.25 AM

No Speakers Assigned

11:05am - 1:15pm
Lunch & Expo
Lunch & Expo

No Speakers Assigned

Join our sponsors and exhibitors for lunch in the Expo Hall!
Room 302
9:30am - 9:55am
Enterprise Identity: Challenges and Opportunities
Enterprise Identity: Challenges and Opportunities
Zack Martin
Specialist Senior, Deloitte Advisory, Cyber Risk
Deloitte & Touche LLP
So, you either want to deploy a new enterprise identity system or upgrade your existing one? This can be a daunting process... but don’t worry: we’re here for you. The session will walk attendees through the basics of enterprise identity: the who, what, when, where, why and how of enterprise identity. The session will set the stage for the overall enterprise identity track which will detail some of the more intricate steps that organizations need to take with these identity systems.
10:05am - 10:30am
Deliver Enterprise IAM at the Speed of Digital Business
Deliver Enterprise IAM at the Speed of Digital Business
Nathan Harris
Lead Identity Architect
Aetna
Two speed IT? I don't think so! Digital Business needs identity capabilities that support rapid business adaptation and growth. And this is achievable with the application of currently available identity management and IT delivery techniques. This presentation will cover how enterprise IAM program agility can be achieved in support of overall business agility goals using three critical capabilities: - Cloud identity services - Analytics & machine learning for IAM - DevOps delivery methods for enterprise IAM solution delivery (yes it is possible!) Each of these provides specific benefits to IAM program delivery speed which we will discuss along with key dependencies and real world outcomes we have achieved.
10:40am - 11:05am
What do you mean, you're going to reset my password?
What do you mean, you're going to reset my password?
Kelsey van Haaster
Product Owner Identity
ThoughtWorks Inc
This presentation, tells the story of an organisation which 4 short years ago, did not have an Identity product. Since 2013, ThoughtWorks, a global software consultancy has not only developed Identity as a valued organisational product but has achieved the equivalent of replacing the engines on a 747 mid-flight. From being a fairly traditional organisation using Active Directory, we have not only dismantled our dependence on on-premise infrastructure and services one piece at a time. Today we are 100% cloud-based and deliver an always available Identity service to 5000 employees in 14 countries and 41 offices. One of our goals this year is to solve a few final puzzles after which we will be able to decommission 32 Domain controllers and say farewell to Windows updates forever. This has required brave leadership, a significant education and training effort and a lot of very tricky conversations. There have been some ups and downs and a few surprises along the way. Unsurprisingly, we have learned a great deal and would like to take the opportunity to share our story.
Room 304
9:30am - 9:55am
Going from Strategy to Execution in Your Enterprise Identity Transformation
Going from Strategy to Execution in Your Enterprise Identity Transformation
Jon Lehtinen
Lead Identity Engineer
Thomson Reuters
With identity getting increasingly recognized as the perimeter of enterprise security, your organization is finally ready to begin its journey to set a holistic vision for what its IAM strategy. But once that strategy is formed, and the program charters, flow-charts, and diagrams are done, getting the enterprise through the execution of that strategy is where the real challenge lies. How will you drive adoption of the new service? How can you migrate without disrupting the business? And can you do it all quickly before the executive suite loses interest and the budget is gone? In this presentation, Jon Lehtinen outlines a framework that charts a course through the execution phase of your enterprise IAM transformation, so your organization can realize the security and business enhancements of Identity on timetable that suits the enterprise.
10:05am - 10:30am
Don't Hire an IAM Engineer, Make One!
Don't Hire an IAM Engineer, Make One!
Dave Shields
Senior Information Security Architect - IAM
DST Systems Inc.
Let's face it, hiring an IAM Engineer is expensive! So is moving them from wherever they live to you (if they move at all). But did you know that the perfect resource may already be at your disposal? I'll share the key skills you want in an IAM Engineer and some lessons learned too!
10:40am - 11:05am
Moving Identity Talent Development Beyond the Basics
Moving Identity Talent Development Beyond the Basics
Olaf Grewe
Director
Deutsche Bank AG
Johannes Müller

Deutsche Bank
Larger, consolidated Identity and Access teams are emerging under the CTO or CSO as organisations attempt to realise the potential of digital business processes. Their people thus receive foundational training focused on the CTO or CSO agenda, but professional development along an I&A curriculum is missing. We will start by illustrate the wider issue in a CSO context based on the recently published NICE Cybersecurity Workforce Framework. We will continue to outline how this impacts the team's delivery capability as skills shortages start to bite. We will further complement this by showing how the team is missing out on talent that could be acquired through internal mobility programmes. We will go on to suggest to crowdsource an I&A-focused curriculum and critical success factors for such an exercise. Steering well clear of any taxonomy work, we will nevertheless outline a number of dimensions and how they may resonate with those contributing to the curriculum. A suggestion on how to structure such a curriculum for delivery will close the talk.
11:15am - 11:40am
Panel: Hot Potato - Should Identity Professionals Own Security?
Panel: Hot Potato - Should Identity Professionals Own Security?
Heidi Wachs
Vice President
Stroz Friedberg, an Aon company
Josh Alexander
Director of Product Management
Salesforce
2018 brings more sophisticated attackers, more valuable identity data, and additional regulation. As such, an important and interesting question comes to light - Should identity professionals own security? If it's our asset to create and cultivate, should we also carry the responsibility to maintain its security? Join us for what will assuredly be a lively exchange between some of the most vocal and influential experts in identity and security. *KEY TAKEAWAYS* * What is your role as an identity professional with regard to identity data protection? * How can you as an identity professional influence security decisions within you organization? * What value-add can you drive as an identity professional with regard to the security of your data and/or organization?
Room 306
9:30am - 9:55am
Hu: The Missing Element
Hu: The Missing Element
Nishant Kaushik
CTO
Uniken Inc
When did the acronym PEBKAC become a commonly accepted trope in security? Blaming users for security failures may be a convenient out, but it is also misguided. Identity and access management, at the center of bringing people into the security equation, should be making things better. But all too often we suffer from the same bad habit of thinking technology can solve all problems - if only the users would listen and do as told. But times, and expectations, are changing. Shifting from “users” to “people” requires us to move security away from being a dark art, and transform it into something more approachable, more human. Identity has a huge role to play in this. So let's examine the contradictions that exist in the way we, as technologists, approach identity, and how the changing role of identity is going to force a change in how we “do” identity.
10:05am - 10:30am
Choosing the Right Consumer IAM Solution
Choosing the Right Consumer IAM Solution
Mary Ruddy
Research VP
Gartner
CIAM is key to enabling your digital transformation and the foundation of your customers' digital experiences. In this session, we will discuss trends in new CIAM capabilities and best practices. We will also provide guidance on which features and vendors to consider when making a CIAM vendor short list.
10:40am - 11:05am
Continuous Identity Verification - Closing the Trust Gap between Registration and Login
Continuous Identity Verification - Closing the Trust Gap between Registration and Login
Matt Cochran
VP of Product and Operations
ID DataWeb
As identity breaches continue to make headlines, several organizations are moving to continuous identity verification as a way to close the trust-gap between end user account opening and ongoing authentication. In this presentation, Matt Cochran will co-present with several industry leaders on this emerging technique, which allows existing federated identity platforms to inject 3rd party verified attributes into their federated login flows. Using this technique, organizations can detect and react to real world changes in ways not possible before.
11:15am - 11:40am
The virtuous circle of business developments and digital identity
The virtuous circle of business developments and digital identity

No Speakers Assigned

Digital Identity models are driven by market developments and the underlying business models. The move from a product focus to a consumer focus has led to a migration from contracts of adhesion to contracts of trust. This change to the economic model will bring about new business opportunities and shape the future development of digital identity.
Room 309
9:30am - 9:55am
Open Banking: The First Step of the Open Revolution?
Open Banking: The First Step of the Open Revolution?
Baber Amin
CTO West
Ping Identity
Open Banking - and its critical identity protocol underpinnings - promises to usher in easier and more secure access to a broader range of financials services, giving choice and convenience to consumers whilst protecting their online safety and privacy. This session explores the business opportunity and sets the stage for a wider consideration of whether lessons learned from the banking sector can be applied to other verticals.
10:05am - 11:05am
Panel: The Business of Open Banking
Panel: The Business of Open Banking
Nat Sakimura
Research Fellow
Nomura Research Institute, Ltd.
Ralph Bragg
Senior Partner
Raidiam
Ian Sorbello
Security Practice Director
The Impact Team
Pam Dingle
Director of Identity Standards
Microsoft
Moderated by Nat Sakimura of the Nomura Research Institute, this panel will focus on the business aspects of how standards like OpenID Connect and new Financial APls are informing and enabling global Open Banking initiatives. The panel will discuss the ongoing development of business cases, technical standards, self-certification and trust frameworks; and explored how proposed standards, like the Financial API, leverage OpenID Connect and may impact the PSD2 and other global banking regulations.
Room 310
9:30am - 9:55am
Moving Beyond the Password: The State of FIDO Standards Adoption
Moving Beyond the Password: The State of FIDO Standards Adoption
Brett McDowell
Executive Director
FIDO Alliance
Passwords endure despite the growing consensus their use needs to be reduced, if not replaced. But even though effective PKI and two-factor authentication solutions have existed for years, barriers to widespread adoption persist. That all ends with modern authentication built by the FIDO Alliance—the cross-industry, not-for-profit consortia that provides a set of specifications and certifications for an interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables web service providers to deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience; eliminates the need for consumers to have multiple authenticators; and lets each service provider create its own trust relationships with individual customers and their devices. Perhaps best of all, FIDO standards protect service providers from data breach risk stemming from phishing and man-in-the-middle attacks. In this session, Brett McDowell, the executive director of the FIDO Alliance will detail the state of adoption of FIDO stronger, simpler authentication including: organizations involved the effort today; who has adopted it globally and why; what the impact has been on the marketplace; and what advancements to the FIDO specifications and certification programs will be available in 2018. Advancements include the ratification of the W3C Web Authentication standard endorsed by Google, Microsoft and Mozilla that will expand FIDO’s reach and market penetration to billions of users through leading browsers and FIDO Certified devices. It also includes the introduction of new security and biometric certification programs, which will significantly raise the trust bar for biometric and second-factor authenticators.
10:05am - 10:30am
When Standards don't Suffice
When Standards don't Suffice
George Fletcher
Identity Standards Architect
Oath Inc.
Implementing or moving to standards is rarely a straight forward effort; rather, the specific use cases of an organization require more than current standards address. In the face of this gap, it's important to have a process for evaluating when and how to extend existing standards. In this talk we will cover this process in the context of real life examples.
10:40am - 11:05am
What's Wrong With OAuth2?
What's Wrong With OAuth2?
Justin Richer
Internet Security Consultant
Bespoke Engineering
OAuth2 is a wildly successful delegation and authorization protocol, used all over the internet in a shockingly vast and diverse array of systems. It's a simple and powerful system that has proven to be incredibly adaptable to many different situations. But, like all technology, it isn't perfect. There are a lot of things that could have been done better in OAuth, many of which have been brought forward in add-on specifications. Come hear one contributor's take on what's gone wrong with OAuth in the years since its development and ratification.
11:15am - 11:40am
Token Binding
Token Binding
Brian Campbell
Distinguished Engineer & (un)official Photographer
Ping Identity
Token Binding is a new IETF protocol enabling strong cryptographic defenses against the use of stolen security tokens. This session will provide a technical overview of how Token Binding works and its application to session cookies and higher level protocols like OpenID Connect and OAuth. Bad jokes and gratuitous photography will be included to take the edge off the otherwise very nerdy content.
Room 311
9:30am - 9:55am
Identity and Access Management of Things
Identity and Access Management of Things
Robert Brown
Founder & CEO
Atakama
Things ain't what they used to be. Internet Things can change business models, bring new functions, improve products and change lives yet the connectivity can also be its downfall. Safety, privacy and usability all depend on security holding throughout the technology stack. Identity is the new perimeter - and IAM professionals the new guardians of the Identiverse. The Internet of Things needs you!
10:05am - 10:30am
The foundations for large-scale security
The foundations for large-scale security
Nicolas Devillard
Senior Product Manager
ARM
The IoT wave is spreading hundreds of billions of devices into everything we touch, creating all kinds of security-related issues at an unprecedented scale. There are no perfect solutions, but we can certainly make things better by building firmware with security designed in. Arm has built a program called PSA (Platform Security Architecture) to properly address how to build devices that can be trusted, covering factory provisioning, isolation of secure services, and life cycle management. In this talk, we will present what Arm has done to propagate security to all connected devices, starting with secure partitioning and cryptographic services as part of the foundations. Giving each device a unique identity while preserving anonymity is the first step towards secure firmware updates and long-term management of devices that sometimes live for decades.
10:40am - 11:05am
IoT and Identity Standards: Advanced Identity for IoT
IoT and Identity Standards: Advanced Identity for IoT
David Waite
Principal Technical Architect, CTO Office
Ping Identity
Today, IoT deployments prefer a hierarchal infrastructure, which leads to simplified trust requirements for devices. Starting from this point, we will explore what happens when you add more complex trust and identity to the mix with thing-to-thing relationships and peer-to-peer communication. In addition, proposals will be given on how to leverage existing and new specifications and technologies to meet these advanced use cases.
Room 312
9:30am - 9:55am
Optiv Presents: The Walls Have Come Down, But Are You Ready?
Optiv Presents: The Walls Have Come Down, But Are You Ready?
Aubrey Turner
Director Client Solutions – IAM
Optiv
Identity has long been deemed the new perimeter, but is this approach working? Despite increased spending on identity programs, organizations are still being breached at a record level. The majority of successful hacks are using compromised credentials. How can you protect your organization from a breach, while meeting expanding compliance mandates? In this session you’ll learn: • How the lack of spending on identity is adversely impacting organizations. • Where you should focus your efforts to establish a solid IAM foundation. • Why identity is quickly becoming the language of security.
10:05am - 10:30am
Virtualizing Identity for Business Agility
Virtualizing Identity for Business Agility
Marius Wrodarczyk
Systems Architect
R.R. Donnelley & Sons Company

Reorganizations, Mergers & Acquisitions, and Divestitures present a very unique set of IAM challenges. Having the right IAM infrastructure in place when these business decisions are made can be the difference between the IAM team being a bottleneck or an enabler.

Mariusz Wrodarczyk, Identity Architect at RR Donnelley & Sons, will review how his organization with 50K employees, multiple businesses, geographically dispersed around the globe, with an average of 5-6 acquisitions per calendar year was given 12 months to fully divest into 3 separate Companies. RR Donnelley faced a number of challenges:

  • Each newly spun-off entity had separate security requirements, such as password, naming standards, and retention guidelines.
  • There were legal and contractual rules prohibiting account/password/group synchronization across the newly created entities.
  • We had to present compounded authorization attributes from multiple stores while maintaining physical separation—which also meant we could not use a global store to sync the attributes/identities from spun-off entities.
  • Because of the extremely aggressive schedule coordination between Application migration and underling Identity Stores migration was impossible. This single challenge by itself influenced the design the most.

As the result of these constraints, the solution needed to be able to allow (for limited time) Anybody to Access Any Systems from Any entity (Spun-off company). This combined with strict rules prohibiting password synchronization and full scale real time identity sync, limited our choice to some kind of Virtual Identity layer.

This presentation will discuss how RR Donnelley leveraged a virtual directory to create a global store which gave us that single point of access/authorization/authentication we needed, then built separate “views” of identity for each company, maintaining the physical/logical separation required to satisfy a myriad of technical and legal requirements.

10:40am - 11:05am
Data Toxicity - The changing landscape of storing PII
Data Toxicity - The changing landscape of storing PII
Allan Foster
Vice President, Global Partner Success
ForgeRock
In the light of several PII and data protection laws around the world, this session takes a hard look at PII Data and the challenges facing any enterprise that stores PII, looking at current requirements, as well as how they might develop, and examine possible strategies that would alleviate the risks.

12:00pm - 6:00pm

Keynotes

Our Secret Strengths: The Skills of an Identity Professional

1:15pm - 1:45pm | Ballroom

Ian Glazer

VP, Product Management | Salesforce.com

Andrew Hindle

Content Chair | Identiverse

Our Secret Strengths: The Skills of an Identity Professional

1:15pm - 1:45pm | Ballroom

Ian Glazer

VP, Product Management | Salesforce.com

Andrew Hindle

Content Chair | Identiverse

An identity and access management professional is more than just her knowledge of federation protocols, her ability to build user provisioning policies, or her talent in deploying social sign-up. Although we inherently know that it takes other skills to be a successful identity professional, we don't often identify them, nor do we consider how to grow them. Join Ian Glazer and Andrew Hindle for an exploration of the secret strengths of our identity profession and pick up some pointers for your own development.

Keynote Panel: Towards a Future without Passwords

5:30pm - 6:00pm | Ballroom

Brett McDowell

Executive Director | FIDO Alliance

Lovlesh Chhabra

VP Identity Platforms | Oath

Brad Hill

Engineering Lead | Facebook

Dean Saxe

Security Engineer | Amazon

John Fontana

Standards and Solutions Analyst | Yubico

Keynote Panel: Towards a Future without Passwords

5:30pm - 6:00pm | Ballroom

Brett McDowell

Executive Director | FIDO Alliance

Lovlesh Chhabra

VP Identity Platforms | Oath

Brad Hill

Engineering Lead | Facebook

Dean Saxe

Security Engineer | Amazon

John Fontana

Standards and Solutions Analyst | Yubico

Password theft is the primary vector for account takeover and identity compromise. Passwords are also one of the most frustrating elements of our daily interaction with the digital world. We've been taking about a 'better way' for decades. New protocols like FIDO 2 and WebAuthn will help solve the problem... but how and when can we solve the adoption challenge? Or should we leapfrog straight to machine learning and contextual authentication? Join our expert panel, moderated by ZDNet writer and long-time Identiverse contributor John Fontana as they explore what's now, and what's next, for Authentication and for our journey towards a future without passwords.

Sessions

Expo Hall
1:20pm - 6:00pm
Exhibit Hall 6.25 PM
Exhibit Hall 6.25 PM

No Speakers Assigned

Room 300
6:15pm - 7:15pm
Speaker Reception
Speaker Reception
Andrew Hindle
Content Chair
Identiverse
Identiverse wouldn't be what it is without the expertise of our Speakers. If you are a Speaker at Identiverse this year, this is our opportunity to say 'thank you' for all your efforts. We look forward to seeing you!
Room 302
2:00pm - 2:25pm
Privileged Access Management 201 - Beyond the Basics
Privileged Access Management 201 - Beyond the Basics
Ken Robertson
IAM Architect
General Electric
Are you ready to move beyond managing passwords for shared accounts? Let’s explore options that you may want to add to your Privileged Access Management toolset. From privileged sessions, to application credential management, to privilege escalation, this will cover what should be included in your budget and what should be avoided. Get more from the tools you already own. This presentation is vendor neutral, but will cover solutions at a high level that are commonly available from many sources.
2:35pm - 3:00pm
Adopting BYOID to the organizations with CIAM technologies
Adopting BYOID to the organizations with CIAM technologies
Naohiro Fujie
Deputy General Manager
ITOCHU Techno-Solutions Corporation
By recent identity flood, end-users in organizations do not wish to have additional identities(especially username and password) for their companies or universities anymore. This makes them to reduce their end-user satisfactions and royalities and sometimes make them to use shadow IT which may have security risk for the organizations. In addition, for many organizations e-mail is not suitable communicating tool anymore especially for younger age, because they are used to use social network tools like twitter/facebook to communicate each other. But in the same time, it is true that IT admins are still required to manage employees' or students' identities in organizations for internal audit and security. In this talk, I would like introduce possibilities to solve this dilemma for organizations by BYOID(Bring Your Own Identities) with CIAM technologies with some demo using Microsoft Azure Active Directory B2C.
3:10pm - 3:35pm
Inside and Out: Make Your App Finally Work for You
Inside and Out: Make Your App Finally Work for You
Tomasz Onyszko
CTO
Predica Sp. z o.o.
Application access was always a problem. VPNs, Remote desktops - we've seen it all. With cloud and identity right now we can finally make it work. See how Azure AD Web Application Proxy makes on-prem apps work for you regardless of place and if you are on-prem, cloud or business guest user in the organization. With the ascent of identity providers and solutions like Azure AD Web Application Proxy, organizations can modernize its applications environment. Sessions will include case study and lessons learned from moving enterprise SAP apps to the cloud environment and enabling mobile access to it using Azure AD Web Application Proxy. Topics covers: Azure AD WAP, B2B, Ping Access, on-prem and Kerberos applications, modernising legacy apps (SAP, Oracle) access.
3:50pm - 4:15pm
The Healthcare Identity Landscape
The Healthcare Identity Landscape
Catherine Schulten
VP of Product Management
LifeMed ID
If banking has KYC (know your customer) why doesn’t healthcare have KYP (know your patient)? Patient identification errors have been a known weakness in the U.S. healthcare ecosystem for years and because of misidentification there are recognized, harmful outcomes. It is extrapolated that 160,000 adverse events per year result from misidentification of patients' laboratory specimens alone. An adverse event is defined as injury or death. Most patient identification errors occur during the care encounter with approximately 12% of the errors occurring during the initial registration process. Meaning that identity assurance is not happening when a new patient is being added to the system or scheduled. During this session we will review the causes of misidentification and observed outcomes. How patient identity is being addressed today. And finally, an overview of some of the more promising efforts to promote a stronger, more resilient patient identity design.
4:25pm - 5:25pm
The CARIN Alliance - ID Proofing and Authentication in Healthcare
The CARIN Alliance - ID Proofing and Authentication in Healthcare
Jeremy Grant
Managing Director of Technology Business Strategy
Venable LLP
Blake Hall
Founder and CEO
ID.me
Ryan Howells
Principal
Leavitt Partners / CARIN Alliance
Catherine Schulten
VP of Product Management
LifeMed ID

The CARIN Alliance is a non-partisan, multi-sector alliance formed in 2016 to unite health-care leaders in advancing the adoption of consumer-directed exchange across the U.S. Working collaboratively with government leaders, the group seeks to rapidly advance the ability for patient consumers and their authorized caregivers to easily get, use, and share their digital health information when, where, and how they want to achieve their goals.

The CARIN Alliance is seeking to answer 5 core questions to resolve ID proofing and authentication in health care:

  1. How do we user proof individuals outside of a provider's patient portal using a federated identity structure and open standards?
  2. How do we securely authenticate individuals using multi-factor authentication without the need for a UN/PW?
  3. How do we record electronic informed patient consent in a consistent way to facilitate the delivery of patient health information to a third-party application of the patient’s choosing?
  4. Once we ID proof an individual, how do we match their health records to their certified credential both within and across systems?
  5. How do we create a trust framework that allows for a marketplace of credentialing organizations, application endorsements, and application endorsing organizations?

This panel will address these questions, why recent public and private sector efforts have caused the health care industry to focus on these questions, and what the industry is doing to help solve these problems. We will also actively seek input from the audience as to what might be leveraged from other industries to help solve specific use cases in the health care industry 

Room 304
2:00pm - 2:25pm
SSO as both a Security AND Business tool
SSO as both a Security AND Business tool
Grant Reveal
Manager, Information Security - IAM
Alliance Data Card Services
Single Sign On (SSO) has been leveraged for years to provide users with the ability to access sites without having to remember multiple, separate usernames and passwords. As a security tool it can be leveraged to ensure appropriate authentication and even access but as a business tool it can be used to shorten logon times and improve productivity. This presentation provides an overview of how SSO can be leveraged within an organization not only as a security control to assist with meeting regulatory compliance (think SOX) but also as a business tool to provide a more streamlined end user experience while providing quantifiable cost savings within the business. The purpose of this session is to show how risk crosses business and IT lines and that is it possible to leverage a security tool to deliver both risk reduction, provide security controls and deliver business value all at the same time. This presentation will pull together the various ways SSO can be viewed and presented as a value proposition for executives and will include real world examples of cost savings and deployment of SSO as a security control.
2:35pm - 3:00pm
Best Practices for IAM Assessments, Blueprints & Roadmaps
Best Practices for IAM Assessments, Blueprints & Roadmaps
Todd Rossin
CEO & Chief Strategist
IDMWORKS
Organizations process and store huge volumes of sensitive information that belong to their customers and employees – from financial information to medical records to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of this data, and non-compliance issues. But you cannot correct what you don't know, so the first step in any IAM program is Assessment. IDMWORKS CEO & Chief Strategist, Todd Rossin, will address the most common questions around IAM Assessments & Roadmaps - Why Should We Assess? What Should We Assess? and When Should We Reassess?
3:10pm - 3:35pm
IDMWorks Presents: Similarity Cracks the code on Black Box AI with Explainable Machine Learning
IDMWorks Presents: Similarity Cracks the code on Black Box AI with Explainable Machine Learning
Paul Bedi
CEO
IDMWORKS
David Jakopac
Chief Customer Officer and Data Scientist
simMachines
Imagine it's January in Chicago and you have a meeting at 9:00 am downtown and when you turn the ignition to start your car the “Check Engine” light comes on. A series of questions comes to mind: Why? Where is the problem? How urgent is the problem? What needs to be fixed? and How much time do I have? Wouldn’t it be great if your car console could tell you if the car is safe to drive and what the problem was? This is exactly what Explainable Machine Learning does. It explains the “Why.” In Identity Management there are many “Check Engine” light moments, such as identity anomaly detection, account vulnerability detection, identity reconciliation, access rule/role rationalization, GDPR transparency, stack overflows, and many others that can be resolved with similarity and explainable ML. Identity Management with Explainable AI gives organizations a lens to classify and identify their IDM challenges.
3:50pm - 4:15pm
Mobile Identity
Mobile Identity
Andy Zmolek
Android Enterprise Evangelist
Google
Mobile devices bake mobile identity more directly into the user experience in ways that aren't always obvious from the outside. Android, iOS, and other mobile operating systems each have different capabilities when it comes to the identity protocols that are supported and solutions which are possible in each. Understanding the tools, libraries, and considerations for mobile identity can be challenging, and getting it right can require mastery of several subtle and complex concepts. This session will tackle the current state of mobile identity, provide updates on major initiatives like AppAuth that help developers make better OAuth-based single sign-on experiences in native mobile apps and related cross-platform efforts like AppConfig, and highlight key concepts needed for building successful mobile identity solutions in 2018.
4:25pm - 4:50pm
Identity considerations for shared and dedicated mobile devices
Identity considerations for shared and dedicated mobile devices
Andy Zmolek
Android Enterprise Evangelist
Google
Mobile devices are increasingly being utilized far beyond the traditional consumer and knowledge worker use cases that drove their initial success and the identity models that drove their initial success often prove to be problematic when a device is shared among an arbitrary number of users, whether for use during a shift or a few minutes at a time. In fact, there are few obvious ways for native apps to handle coordinated logout (which can be harder than single sign-on), shift user context, and show user state, and often the concept of OS login doesn't exist like it does on the desktop. We'll review the current state of standards, best practices, and real-world considerations of shared device identity on mobile, look at what's solved and what work remains to be done across the identity, mobility, security and device management ecosystems that will all play a role in enabling the sophisticated mobile solutions that are now required for verticals like retail, transportation and logistics, public safety, and others who are discovering just how much of a departure mobile platform identity is from the desktop when a device is shared among multiple users.
5:00pm - 5:25pm
SMS Vulnerabilities in Identity Management
SMS Vulnerabilities in Identity Management
Rod Soto
Director of Security Research
JASK
This presentation will show how malicious actors are actively taking advantage of the use of SMS as second authentication factor to prove identity. These vulnerabilities enable malicious actors to obtain SMS messages, then proceed to reset and take over all users’ accounts, starting with email accounts with access to financial, social media and corporate accounts. SMS should be discarded as a second form of authentication. This presentation will also provide alternative authentication methods to compensate SMS deprecation.
Room 306
2:00pm - 2:25pm
Building the NextGen Customer Experience at General Motors
Building the NextGen Customer Experience at General Motors
Andrew Cameron
Enterprise Architect IAM
GM
The Customer IAM (CIAM) platform at General Motors is the core element in building a common set of user experiences across all customer touch points. Join this session to learn 1) how the company selected its CIAM platform; 2) the importance of building the platform based on industry standards and cloud technologies; and 3) how GM has addressed some of the key challenges in enabling solutions for customer identification, customer interaction and preference management.
2:35pm - 3:00pm
Designing Identity Solutions Customers Will Love and Use
Designing Identity Solutions Customers Will Love and Use
Frank Villavicencio
CPO, Access and Identity Management
ADP
Matthew Thompson
Director of Business Development
Capital One
The quest to increase security and confidence in the identity and access solution at many organizations has often shifted the focus away from usability and user experience. While there are foundational tenets in terms of privacy and security that need to be met for the identity solution to be effective, these should not be met at the expense of the end user. Through a joint effort aimed at streamlining employee identity verification during registration for ADP, ADP and Capital One conducted substantial user research to innovatively simplify and reduce the friction we place on our customers. This session will cover insights from our research, our collaboration and share strategies for enabling higher trust identity proofing while reducing the impact on customers.
3:10pm - 3:35pm
Privacy-Preserving Authentication: Another Reason to Care about Zero-Knowledge Proofs
Privacy-Preserving Authentication: Another Reason to Care about Zero-Knowledge Proofs
Clare Nelson
CEO
ClearMark Consulting
If the concept of privacy-preserving authentication is new to you, come learn about solutions that rely on a breakthrough in cryptography that garnered the Turing Award, including a female recipient, Shafi Goldwasser. In the words of Johns Hopkins professor, Martin Green, "Zero-Knowledge Proofs are one of the most powerful tools cryptographers have ever devised."
3:50pm - 4:15pm
Dissecting Blockchain for the Practical Application to Identity
Dissecting Blockchain for the Practical Application to Identity
David Thomas
CEO & Founder
Evident
Damian Starosielsky
Co-Founder & Chief Technology Officer
Evident
Distributed ledgers are a revolutionary approach for the peer-to-peer management of digital assets. As their application has grown and the excitement around cryptocurrencies has skyrocketed, many believe that a digital identity is the ultimate asset to be managed on a distributed ledger. In this session, we will descend from the stratosphere to look at the details of distributed ledgers for identity. We will dissect digital ledger technology into core aspects and examine how each of these benefits specific identity use cases. We will also look at the areas of digital ledgers that present challenges and discuss workarounds. Finally, we will review practical customer use cases where ledger technology and identity information have been productively combined. We will walk through real world applications of distributed ledger technologies solving identity problems, shifting the discussion of the pros and cons of blockchain from theoretical to actual.
4:25pm - 4:50pm
A Holistic Risk Assessment of Blockchain for Identity
A Holistic Risk Assessment of Blockchain for Identity
Dave Fields

Patrick Harding
SVP Products
Hedera Hashgraph
Adam Migus
Owner and Principal
The Migus Group
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
Don Thibeau
President and Chairman
Open Identity Exchange
Blockchains for identity use cases have been a hot topic across many sectors. This panel of experts will present a holistic assessment of the business, privacy and security risks associated with using blockchain techology for identity.
5:00pm - 5:25pm
Identity and the Blockchain
Identity and the Blockchain
Dan Ellis
Founder
Clear.me
How can the blockchain and cryptographic zero-knowledge proofs solve individual’s privacy concerns and mitigate corporate risk? 'Identity' can commonly be confused with ‘identifiers’ used in technology to authenticate the same ‘persona’ or ‘user’. However, your Identity is you, and you have many attributes that define you, and 3rd parties who can agree and validate those attributes. Requestors of your identity don’t need to know everything about you, nor want to inherit the risk associated with holding or transferring a lot of PII data. I’ll explore how blockchains and a cryptographic technology called zero-knowledge proofs can change the way we think about permissions in data, and can prove your identity to a 3rd party without disclosing the underlying data.
Room 309
2:00pm - 2:25pm
Making Open Banking a Reality
Making Open Banking a Reality
Chris Michael
Head of Technology
Open Banking Limited
Open Banking holds great promise for consumers and businesses alike... but needs the right technical underpinnings providing strong security and privacy protection to become a reality. In this session, Chris Michael, Head of Technology at Open Banking Limited, will provide an introduction to the key standards and architectures that play a role in this new financial services landscape.
2:35pm - 3:35pm
Panel: The Technology of Open Banking
Panel: The Technology of Open Banking
Nat Sakimura
Research Fellow
Nomura Research Institute, Ltd.
Joseph Heenan
CTO
FinTechLabs.io
Wayne Blacklock
Senior Solution Architect
Forgerock
Chris Michael
Head of Technology
Open Banking Limited
Maciej Machulak
Global Technical Product Manager, Secure Access
HSBC
Moderated by Nat Sakimura of the Nomura Research Institute, this panel will focus on the technical aspects of how standards like OpenID Connect and new Financial APls are informing and enabling global Open Banking initiatives. The panel will discuss the ongoing development of business cases, technical standards, self-certification and trust frameworks; and explored how proposed standards, like the Financial API, leverage OpenID Connect and may impact the PSD2 and other global banking regulations.
3:50pm - 4:15pm
IAM in Higher Education - A Different Kind of Enterprise
IAM in Higher Education - A Different Kind of Enterprise
Dedra Chamberlin
CEO
Cirrus Identity, Inc.
Identity Management leads at colleges and universities have unique challenges that are often not understood by commercial identity management vendors or by CISOs that have an enterprise background. This presentation will be of interest to: 1) IAM vendors interested in learning how to better serve the higher education market, 2) Higher Ed IAM leads who can use more ammunition for conversations with managers who come from the private sector and who don't understand why identity isn't managed the way it was at their previous corporation, 3) University CISOs and audit leads who think their IAM leads are speaking a foreign language The presentation will cover key characteristics of Higher Education identity management, such as: an emphasis on openness and collaboration as opposed to competition, users who come and go over many lifecycles, multiple Systems of Record, multiple simultaneous affiliations, and Identity Federation leveraging SAML metadata aggregates. The presenter will include common higher ed identity governance issues, user scenarios, business use cases, and architectural integration patterns. Attendees will leave the session better prepared to tackle IAM challenges in the Higher Ed space.
4:25pm - 4:50pm
IDaaS in Higher Ed: Is the cloud ready?
IDaaS in Higher Ed: Is the cloud ready?
Scott Weyandt Ph.D.
Director, IT Security & Infrastructure
Moran Technology Consulting
Jim VanLandeghem
Sr. Consultant
Moran Technology Consulting
The cloud presents new challenges and new opportunities for identity governance. Higher education (higher-ed) is a unique environment with its own set of complexities. In this presentation, the authors will examine current cloud vendors and options for identity services (IDaaS) to determine the readiness of these services to meet the needs of higher-ed. Approach: Today’s identity governance market provides a diverse range of solutions and services. While many vendors claim to provide a complete identity and access management cloud solution they differ dramatically with regards to core service offerings, maturity, and costs. The first step will be to review the current IDaaS vendor landscape. Second, we develop a classification of higher-ed institutions into several categories based upon their size, needs, and budgets. While many institutions share core business requirements, they differ significantly regarding scale, complexity, budgets, proficiency, as well as compliance requirements. In the final section, we will examine the readiness of IDaaS (in its various service offerings) to meet the needs of each higher-ed category. Drawing on case studies, the authors will use recent client experience assisting institutions with selecting identity solutions at: a small private college; a large Tier 3 state university; and a leading private research university.
5:00pm - 5:25pm
Case Study: IAM in Higher Ed, One Year Later
Case Study: IAM in Higher Ed, One Year Later
Dave Shields
Senior Information Security Architect - IAM
DST Systems Inc.
Starting a new IAM Program is great, but what's it like after a year in the trenches? Come join me as I give you a look at the ups (and downs) of building IAM in higher education. Learn from our mistakes and build off our successes!
Room 310
2:00pm - 2:25pm
The Cake Is Not a Lie – Using Cloud Services to Improve Your Security Posture
The Cake Is Not a Lie – Using Cloud Services to Improve Your Security Posture
Laura Hunter
Principal Program Manager
Microsoft
For security-conscious organizations, a move to adopting cloud services is often met with trepidation and skepticism. How can we secure a service that we don’t operate? How can we maintain visibility into the security of the platform? How can we be sure that our data is safe? As cloud services have matured, Cloud Service Providers have begun to focus extensively on the security of their offerings, including creating new services that can help you to increase the security of your organization’s data, not just struggle to maintain parity with on-prem mechanisms. In this talk, we’ll hear some real-world examples of how Cloud Computing can act as a true security differentiator for an organization who are in the process of, or perhaps even still considering how to begin, moving towards Cloud adoption.
2:35pm - 3:00pm
Building MFA/SSO Into Your IaaS Services and Apps
Building MFA/SSO Into Your IaaS Services and Apps
Mark Diodati
Research Vice President
Gartner
As organizations accelerate the migration of crucial workloads to AWS and Azure, they are looking to integrate single sign-on and MFA. With hundreds of services in a typical IaaS, integration can be a challenging endeavor. We will explore the MFA options of each platform; how OAuth, SAML and OpenID Connect integrate into IaaS services; the role of API gateways in an IaaS, and how on-premises Windows Active Directory can be extended into the cloud. We will wrap up the session with proven guidance on implementing MFA and SSO with your IaaS.
3:10pm - 3:35pm
Intelligent Authorization-Risk mitigation in real time
Intelligent Authorization-Risk mitigation in real time
Nathanael Coffing
CEO
Cloudentity
Authorization has come along way since setting bits in the file system. With the advancements in Machine learning, big data and behavioral profiling its time for authorization to take its next generational leap and move into a flexible risk based access control model that works in concert with legacy access control policies. Cloud Authorization engines must focus on adding intelligence to the authorization process with validators that query external platforms for consensus during transactional processing and merry that with emerging threats to any of the entities (users, services, things, locations, etc) present within the transaction. Threat mitigation options must be designed to rebuild the trust within the transaction or to mitigate the emerging risk by providing consensus via the leveraging of traditional methods ABAC, RBAC, entitlements, scope and respond during the transaction with transactional step-up Auth, degradation of Entitlements, reduction in data attributes returned, etc. Learn how to create architectures and UX flows that support real time threat mitigation for transactions involving any user, service or thing.
3:50pm - 4:15pm
Radiant Logic Presents: A Seamless Experience for Discover Financial's Employees & Business Partners
Radiant Logic Presents: A Seamless Experience for Discover Financial's Employees & Business Partners
Kevin Wuebbles
Senior Manager, Security Infrastructure
Discover Financial Services
Dieter Schuller
VP, Sales and Business Development
Radiant Logic

Discover Financial needed to provide access to critical Banking Applications for both employees and business partners. Requirements included the need for multiple users types, authentication levels (including federation) and sources of user information.

Kevin Wuebbles, Senior Manager, Security Infrastructure at Discover Financial, will discuss how the Discover Financial identity team streamlined its authentication process and modernized its system using an integration of Federated Identity Service (FID) and WebSSO systems. Developed using Agile methodologies and a constant stream of new features, the new architecture virtualizes and integrates identity from several identity sources.

In order to utilize MFA tokens and passwords on a single form, the team used the CA SSO Authentication form to concatenate passwords and token, which RadiantOne FID parses and routes back to the appropriate authentication sources.

With this new federated identity system, Discover Financial is able keep up with the constantly changing requirements of the business while leveraging its existing investments.

4:25pm - 4:50pm
Radiant Logic Presents: Seamless & Secure User Access to Increase Encana's Competitive Advantage
Radiant Logic Presents: Seamless & Secure User Access to Increase Encana's Competitive Advantage
Dieter Schuller
VP, Sales and Business Development
Radiant Logic
Chris Wallace
Senior IT Architect
Encana Corporation

Encana needed to become more resilient to operational risk and focus on higher margin production. They quickly realized that to achieve these goals they needed to make technology a competitive advantage. The foundation was identity and the reality is hybrid identity to support the relentless demands of organizational digital transformation.

In order to provide seamless access to their users across environments and devices, they needed to build an abstraction layer to decouple the applications and systems from the underlying legacy identity sources. This strategy offered the opportunity to consolidate—and potentially decommission—legacy systems, as well as create a predictable and repeatable process for M&A and divestiture activity.

The foundational architecture included an access management/federation layer, and a Federated Identity Service. This infrastructure needed to serve legacy on-prem applications, while supporting the move to cloud and Microsoft Azure and needed to intentionally reduce the duplication of user profile data.

Chris Wallace, Senior IT Architect at Encana, will discuss how the identity team created a modern identity infrastructure that leverages their existing investments while setting them up for future initiatives.

5:00pm - 5:25pm
ProofID Presents: Preserving the diversity of life on earth through federation
ProofID Presents: Preserving the diversity of life on earth through federation
Linda Humphrey
CIO
WWF International
Paul Heaney
CISO
ProofID

WWF International operates in over 100 countries with the key goal of conserving nature and reducing the most pressing threats to the diversity of life on Earth. WWF achieves these goals through a network of regional and field offices.

WWF’s IT infrastructure is provided both locally by individual regions and by WWF international which provides global services including Google Apps, intranet and collaboration services.

In this session we will show how, by implementing a federated architecture across local and centrally provided services, WWF was able to reduce the number of credentials held be staff from many to one, enhance security and significantly improve the user experience whilst freeing up WWF staff to focus on their core mission to preserve the diversity of life on Earth (and how an elephant nearly stopped the go live!).

Room 311
2:00pm - 2:25pm
GEs IoT Use-cases & Platforms
GEs IoT Use-cases & Platforms
Phil Schneider

GE
Details coming soon!
2:35pm - 3:00pm
Applying Digital Identity in the IoT world of Automotive New mobility
Applying Digital Identity in the IoT world of Automotive New mobility
Ashley Stevenson
Identity Technology Director
ForgeRock
The rapidly growing world of the connected vehicle has yet to realize the business advantages that digital identity can bring to its vast ecosystem; but that’s about to change. The new mobility paradigm includes monetizing new services through connected vehicles, including vehicle sharing, in-vehicle commerce, fleet management, autonomous driving, vehicle-to-Infrastructure, and many others. To provide the necessary levels of security, privacy and user experience required by these use cases, the digital identities of people, and of the vehicle itself must be managed and integrated. Establishing trusted identities of the vehicles themselves is also at the core of securing vehicle connections to clouds, other vehicles, and connected infrastructure, such as smart parking, and other smart city or smart home devices, and is a critical piece of ensuring end-to-end data security and privacy. Within the vehicle, devices that manage critical safety systems, such as engine control, braking and steering--even the software modules that control these devices--must also have trusted identities and be authenticated in order to secure use case like autonomous driving. Join this talk to learn how modern digital identity can meet the broad spectrum of new requirements for connected vehicles, including a live demo of in-vehicle authentication for personalization and vehicle authentication with real-time authorization for vehicle-to-cloud data management.
3:10pm - 3:35pm
Innovation: Lord Admiral Nelson, Identity, and the Internet of Things
Innovation: Lord Admiral Nelson, Identity, and the Internet of Things
Mike Kiser
Senior Security Strategist
SailPoint Technologies
Admiral Nelson's innovative use of identity in his strategy at the Battle of Trafalgar provides the foundation for a new identity model to empower and govern the Internet of Things. This presentation takes its cues from the events of October 21, 1805. At the Battle of Trafalgar, British Admiral Horatio Nelson introduced a new identity-based strategy for naval warfare that enabled his entire fleet—every ship, every sailor—to act instantly and independently in the pursuit of victory. The British Navy won a decisive victory, and naval warfare would never be the same. (Along with the retelling of this narrative, historical maps of the battle will be used to illustrate the tactics used.) The talk then applies Nelson's identity-based strategy to governing the looming Internet of Things (IoT). A stock identity architecture and identity model is used to describe modifications made as part of the application of this new strategy.
3:50pm - 4:15pm
Auth0 Presents: The Critical Role of Identity in CX for ATB Financial
Auth0 Presents: The Critical Role of Identity in CX for ATB Financial
Martin Lapointe
Director - Customer Identity and Access
ATB
In the financial sector, a poor customer experience means revenue losses of million and billions. ATB understood the importance of CX and put their customers in the central focus of their recent digital transformation efforts. Through that process they realized that the transition to a next-generation CIAM platform was the critical first step to meeting their goals. Join ATB, as they share their identity transformation story, including: *Creating a single, cross-organizational view of customer identity *Implementing SSO across all digital properties *Improving the multi-factor security and experience *And more
4:25pm - 4:50pm
Auth0 Presents: The Wheel, Reinvented. Or not.
Auth0 Presents: The Wheel, Reinvented. Or not.
Michael Fitzbaxter
Head of Content
Auth0
The Wheel, Reinvented. Or not. We've all lived this. In order to move fast your company throws a quick and dirty login form on their new SaaS application. And then they do it again for the next application. And again. And again. And it works! Or at least is kinda works. But what happens when you need to change configurations in your identity platform? How do you do it for all the spread login implementations? And what about when there's a new security bug you need to fix? And what happens when your customers require to update their profile, delete their account, configure multifactor or when they demand extra security because of all the recent breaches? Game over. Or not. These are the same questions and problems I had at Atlassian. Join me in this talk where I'll discuss the journey we went through, from writing multiple individual login forms for each apps, to buying an identity platform to support all of our needs.
5:00pm - 5:25pm
Login.gov - Scaling delivery with feds and industry!
Login.gov - Scaling delivery with feds and industry!
Joel Minton
Executive Director
login.gov
Jonathan Prisby
Product Lead
18F
It is common in government circles to see all contractor or all fed solutions. Both of these one sided approaches frequently ends up in failure for various reasons. Login.gov would like to share our approach, which is a strong partnership between federal employees and the best of industry, delivering a great solution for federal agencies and millions of Americans.
Room 312
2:00pm - 2:25pm
Digital Transformation Enabled by Security Matrix
Digital Transformation Enabled by Security Matrix
Thomas DeFelice
Executive Director - Advisory Services
Optiv
As organizations quickly evolve into a more digital economy, DevOps teams spin applications and workloads at a pace that traditional security teams struggle to keep up with. Organizations can solve for this challenge by building secure-by-default solutions that leverage a matrix of secure reference architecture. This provides DevOps with a library of pre-approved and pre-validated solutions that are aligned to your data and workload classification. In this session, you will learn: * What a matrix of secure reference architecture entails
2:35pm - 3:00pm
Remaining Modern in a rapidly transformative world
Remaining Modern in a rapidly transformative world
Robert Block
SVP of Identity Strategy
SecureAuth
Long gone are the days of securing remote access and thinking you are covered. The path to digital transformation has brought to light even more challenges in securing organizations’ assets. Today’s attackers are focused on all your mission critical applications (O356, Portals, etc), many of which are main drivers to digital transformation, and not only has their focus increased but their tools and tactics continue to evolve as well. Whether it is brute force attacking, account fraud, and / or account takeover via password reset credentials are involved in almost every attack at some point. The buzzwords are bountiful when trying to solve these challenges, MFA, SSO, Adaptive, Least Privilege, Strong Auth, Conditional access, you name it. This discussion will focus on elements of a modern approach to solving these continually evolving challenges and how the industry must also evolve in order to most effectively protect.
3:10pm - 3:35pm
Modernizing UNH’s approach to Securing the Identity: UNH responds to “Identity is the new edge”
Modernizing UNH’s approach to Securing the Identity: UNH responds to “Identity is the new edge”
Matt Connors
Identity and Access Management Program Manager
University of New Hampshire
IAM in Higher Education can be a perplexing landscape with evolving business and technical requirements and we take on Digital Transformation initiatives. Session will cover UNH’s challenges and solutions to securing the Identity in a transformative environment.
3:50pm - 4:15pm
Optiv presents: The Personnel Behavioral Program: Link Governance, Risk & Insider Threat Mitigation
Optiv presents: The Personnel Behavioral Program: Link Governance, Risk & Insider Threat Mitigation
Jerry Chapman
Principal Security Architect
Optiv
Managing an insider threat program often times focuses on the technology that monitors and alerts security staff once an insider’s activities have already begun. But what actions does the security staff know/take in advance of those activities to set the thresholds and triggers within the technology components of the program? Or better yet, to decide that the risk of granting access and privilege has become too great, and that prevention and mitigation must occur before the insider ever has a chance to touch the keyboard? In this session, you will learn: • How an individual risk profile can inform your threat monitoring program • The benefits of infinity background checks • Using an insider threat working group to guide the personnel behavioral program
4:25pm - 4:50pm
Optiv Presents: Insider Threat Program Maturity
Optiv Presents: Insider Threat Program Maturity
Janel Schalk
Sr. Director, IAM
Optiv
Insider threat is the number one concern for many CIOs and CISOs. Whether maliciously intentional or accidentally harmful, the numerous vectors for insider threats make security professionals lose sleep at night. By understanding your organization’s maturity in your insider threat program, the response to insider threats, risks, vectors, and effects can become manageable, while continuous improvement activities can be identified and addressed both tactically and strategically. In this session you will learn: • Common insider threats, risks, and vectors • Potential effects of realized threats • How to evaluate your organizations maturity related to insider threat response
5:00pm - 5:25pm
Threat Mitigation Through Identity Intelligence
Threat Mitigation Through Identity Intelligence
Josh Davis
Solutions Catalyst
UberEther
As the risk profile of insiders are continuously evaluated and rescored, the identity-centric data generated has historical and behavioral significance in the organization's overall threat mitigation plan. What can be interpreted from the changing trend of an insider's score in regards to being an actual threat to the organization? Does the frequency of the change, higher or lower, matter? What can be gained from analyzing the decisions behind the rescoring? Did an insider we trust performing a legitimate action of their role too frenquently, from an undesired network segment, or in an undesired location in the office building? If these and related questions matter, or could matter to an organization, what can the organization do to realize the power of the data? One approach is to develop or procure an identity intelligence system, implementing it in such a way to provides the organization with nearer-realtime situational awareness and lends to their ability to act accordingly prior to, during, and following insider threat events. The information provided to the organization by the system is in the form of on-demand reports, OPSEC dashboards, triggers to reactive processes that mitigate threats, and alert messages. The identity-centric data leveraged by the system must be captured in raw form as it is generated, stored with integrity and access control measures, available for continuous analysis, and available for reanalysis during post threat investigations or as analytic strategies and capabilities of the intelligence system improve. An organization's leveraging of an identity intelligence system in their insider threat program avoids the organization being blind to their continuously changing threat posture. It alleviates the human element from being bogged down manually or reactively identifying risks, or only performing post incident analysis. Leveraging the right technical implementations for continuously analyzing, reassessing, alerting, blocking, or deprovisioning access and authorizations provides the organization with nominal assurances of their threat landscape.

Tuesday, June 26


9:00am - 12:00pm

Keynotes

The Unforeseen Forces Shaping Identity

8:00am - 9:00am | Ballroom

Andre Durand

Founder & CEO | Ping Identity

The Unforeseen Forces Shaping Identity

8:00am - 9:00am | Ballroom

Andre Durand

Founder & CEO | Ping Identity

The world’s digital ecosystem is in a constant state of evolution, and identity has evolved to meet every new challenge along the way. Thanks to innovation in the identity industry, the tradeoff between security and truly exceptional user experiences is vanishing. As the pace of change accelerates and everything becomes connected, identity will enable the digital transformation of businesses and governments everywhere. Will you be a part of it? Five unforeseen forces are shaping the future of identity, and they’re outlining requirements for the coming decades at this very moment. Join us to learn about the five undeniable forces driving Ping’s strategic vision, and hear from special guests who are already leveraging these forces to break new ground and prepare for the future.

Sessions

Cafeteria - Plaza Level
11:15am - 12:15pm
Women in Identity Lunch & Networking Event
Women in Identity Lunch & Networking Event

No Speakers Assigned

Launched in 2017 at Cloud Identity Summit (Chicago), the mission of Women in Identity is to enable growth for women working in the Identity space.

At this informal lunch and networking event, you'll hear about the progress that the WiD group has made in the last 12 months, discuss plans for the future, and have the opportunity to network with others across the Identity industry.

All are welcome!

Expo Hall
7:00am - 8:00am
Breakfast
Breakfast

No Speakers Assigned

Day 2 breakfast in the Expo Hall!
8:05am - 11:00am
Exhibit Hall 6.26 AM
Exhibit Hall 6.26 AM

No Speakers Assigned

11:05am - 1:15pm
Lunch & Expo
Lunch & Expo

No Speakers Assigned

Join our sponsors & exhibitors for lunch in the Expo hall!
Hilton Lobby
6:00am - 7:30am
Identiverse Bootcamp!
Identiverse Bootcamp!

No Speakers Assigned

A Cloud Identity Summit tradition - and now at Identiverse too! Meet in the Lobby of the Hilton on Dalton Street for an early morning workout with Jon and Rodrhi from Rogue Consulting Group.
Room 302
9:30am - 9:55am
Ping Identity Presents: Cyber Security for APIs, and a Special Announcement
Ping Identity Presents: Cyber Security for APIs, and a Special Announcement

No Speakers Assigned

This session will go in-depth regarding a special announcement from Ping Identity that will be revealed during the Tuesday keynote. If your organization leverages APIs and has an interest in API access control and cybersecurity, you won't want to miss this session.
10:05am - 10:30am
Ping Identity Presents: Enabling "Open Business" with API, Customer Consent and MFA
Ping Identity Presents: Enabling "Open Business" with API, Customer Consent and MFA
Baber Amin
CTO West
Ping Identity
OpenBanking/PSD2 is all about opening up secure API access to customer accounts and data to enable new business models. This movement is already expanding beyond financial services and is spreading across the globe. Learn how Ping Identity is helping enable the "OpenBusiness" movement with capabilities to secure access to APIs, manage customer consent, enforce strong authentication, govern data access, and improve customer engagement.
10:40am - 11:05am
Ping Identity Presents: Going Beyond SSO to Global Authentication Authority
Ping Identity Presents: Going Beyond SSO to Global Authentication Authority
Eric Fazendin
Sr. Product Manager
Ping Identity
PingFederate has long been a leader in federated SSO and adaptive authentication. With PingFederate v9.1, the role of global authentication authority has now expanded with a range of new features to support multiple identity types.... workforce, customers, and partners. Learn how you can leverage PingFederate for a range of new use cases such as social account linking, self-service profile management, and much more.
11:15am - 11:40am
Ping Identity Presents: Automate and Simplify PingAccess Deployments to AWS
Ping Identity Presents: Automate and Simplify PingAccess Deployments to AWS
Mark Bostley
Senior Technical Product Manager
Ping Identity
Provide federated SSO with PingFed, and control access to your hybrid IT environment with Ping Access in AWS: performance tuning, scaling tips in AWS and enabling automation and developer self service.
Room 304
9:30am - 9:55am
Google Presents: Extending identity in your app to customers and partners
Google Presents: Extending identity in your app to customers and partners
Marc Jordan
Product Manager, Identity
Google
Whether you want to know your customers or prevent your company ending up on the front page of the New York Times, identity is a critical ingredient in the success of your application or service. Join this session to see how easy it is to add a scalable, flexible and secure authentication system to any piece of software using Google Cloud Identity. It will enable you to simply drop-in a complete authentication solution, so that you can go back to work on your next set of amazing features.
10:05am - 10:30am
Google Presents: The convergence of identity and device management
Google Presents: The convergence of identity and device management
Brad Meador
Product Manager, Mobile Device Management
Google
With mobile devices and SaaS apps re-shaping where and how people work, identity management is a critical component to not only provide awesome end user experiences but also to manage access and protect company data. So is device management. Join this session to understand how Google approaches identity and device management and how both can be used to create a tiered access to company data based on risk.
10:40am - 11:05am
Google Presents: Cloud Application and Directory Lifecycle Management
Google Presents: Cloud Application and Directory Lifecycle Management
Scott Kriz
Product Manager, Identity
Google
As organizations deploy applications to their employees, it becomes increasingly important to automate and track the application lifecycle. Organizations are looking to automate this through integrations with their core systems of record and in many cases are using multiple directories to coordinate this. This session will cover the current state of application and directory lifecycle management and examine what these means for organizations as they continue to embrace cloud based solutions.
Room 306
9:30am - 9:55am
IDMWORKS Presents: Stop Wrestling With Your Identity Management
IDMWORKS Presents: Stop Wrestling With Your Identity Management
Sean Harris
VP
IDMWORKS
For more than two decades, organizations have been wrestling with Identity Management. The ever-changing landscape of requirements, identity providers, and product features and functions only complicate the issue. By understanding some basic realities and then making clear decisions, it is possible to streamline your identity management plans and stop wrestling with the challenges created by the tools meant to simplify your identity program.
10:05am - 10:30am
IDMWORKS Presents: How To Make Your IAM Program A Success - Lessons Learned From The Field
IDMWORKS Presents: How To Make Your IAM Program A Success - Lessons Learned From The Field
Paul Bedi
CEO
IDMWORKS
After 650+ IAM engagements, IDMWORKS has compiled what organizations need to know before, during and after implementing an IAM program. We polled our 150 IAM engineers, architects, and PMs to draw from what they see on the job every day and boiled that down to a series of lessons learned. Every organization in any stage of IAM maturity will find value in these highly-accessible, technical jargon-less, universal rules-to-live-by to make your IAM program successful.
10:40am - 11:05am
IDMWORKS Presents: Seamless Migration from Legacy IAM Systems
IDMWORKS Presents: Seamless Migration from Legacy IAM Systems
Todd Rossin
CEO & Chief Strategist
IDMWORKS
As legacy IAM solutions persist in the market there is a lot of anxiety among customers as to whether their current IAM tools are, or will remain, sustainable. The biggest question that arises is how to migrate from the current, legacy, vendor solution into a new, modern, vendor solution. In order to do this we must have a plan and a proper strategy.
Room 309
9:30am - 9:55am
Microsoft Presents: Changing the Game with Machine Learning
Microsoft Presents: Changing the Game with Machine Learning
Maria Puertas Calvo
Senior Data Scientist
Microsoft
Microsoft's Identity Security and Protection team is chartered with protecting identities from compromise and abuse across all Microsoft's user base: consumer and enterprise. In our defense in depth approach, machine learning is used at every level to ensure rapid response and adaptation to new attack patterns. Applying ML in adversarial and rapid changing environments has many challenges: lack of available labeled data, necessity to adapt fast to an ever-changing environment, model evaluation SLAs for real time systems... This talk will cover how Microsoft overcomes those challenges and successfully applies machine learning at every defense level (prevention, detection and remediation) to keep the bad guys out and our customers safe.
10:05am - 10:30am
Microsoft Presents: Securing administrators across Azure and Office 365
Microsoft Presents: Securing administrators across Azure and Office 365
Steve Lieberman
Senior Program Manager
Microsoft
Securing administration is critical to every organization. Learn how to protect administrators in Azure AD, Exchange Online, and roles critical for production resources (IaaS).
10:40am - 11:05am
Microsoft Presents: Taking the next step in hybrid identity
Microsoft Presents: Taking the next step in hybrid identity
Keith Britzenhofe
Group Program Manager, Identity Division
Microsoft

Many organizations are beginning their journey to the cloud. It is no longer about “if” or “when” they should move to the cloud, but “how” each organization moves their applications and workflows to the cloud. And in a way that makes the most business sense to them. In this presentation, we will outline a hybrid identity transformation framework to help organizations create successful roadmaps to the cloud. This framework, built from years of data on successful partnerships between organizations and Microsoft, will list key business outcomes and trade-offs that each organization needs to consider. Furthermore, we will discuss how organizations can migrate from the traditional federated authentication model to a more modern, cloud authentication approach. We will also discuss:

  • The various authentication methods available in Azure AD, and how to choose the right method for your organization.
  • Migrating applications directly federated with an on-premises identity provider to Azure AD, and the benefits of doing so.
  • The advantages of moving to a purely cloud-based multi-factor authentication solution. How to secure identities and authorize applications in the cloud era.
11:15am - 11:40am
How Hearst Media’s modern IAM strategy improved security and helped set the pace for business
How Hearst Media’s modern IAM strategy improved security and helped set the pace for business
Chris Suozzi
Executive Director, AD/Messaging and Identity Management
Hearst
Setting a fiery fast pace in the newsroom is a necessity at Hearst and this pace can only be sustained when it's true both inside and out! Come to this session to learn how Hearst leveraged Azure Active Directory to jetpack their employees into a modern cloud based identity and access management environment and staying secure at the same time. Learn also about Hearst’s learnings and the reasons why they made the transition, what has gone well, what challenges they’ve faced and what they still have left to go.
Room 310
9:30am - 9:55am
MFA 2.0
MFA 2.0
Jeremy Palenchar
Principle
Orcas Consulting
Multifactor Authentication by using email or SMS is now table stakes in most Enterprise, Financial, and SaaS solutions. Unfortunately, these patterns provide the bare-minimum protection for users and solution providers. You will learn why most MFA solutions only provide the lowest level of Authenticator Assurance and completely fail to address Identity Assurance Levels. Attendees will be provided with a solid methodology to evaluate current and future MFA solutions and will provide strategies to increase the security in any MFA implementation. This will be a vendor-agnostic session providing tools and strategies to evaluate and improve MFA implementations based on any MFA product suite.
10:05am - 10:30am
Practical W3C Web Authentication
Practical W3C Web Authentication
Jerrod Chong
Vice President, Products
Yubico, Inc.
This session will explore the practical applications of the W3C Web Authn API, which allows modern web applications to create and use public key-based strong authentication. We’ll test the demo gods with some live looks at WebAuthn in action from app dev, to what happens behind the curtain, to simple, strong user authentication. What does Web Authn do? How do relying parties and developers make use of this API? Which browsers are adapting to these new strong authentication options and how are they accessed? After a through development process, including all the major browser vendors, there are now strong, attested, scoped, public key-based credentials for web applications. Goodbye phishing, hello secured web-based access.
10:40am - 11:05am
The future of identity standards
The future of identity standards
Paul Grassi
SVP of Cybersecurity and Identity
Easy Dynamics Corp
The release of 800-63-3 in the summer of 2017 marked a significant shift in federal guidance. Yet, this revision was just the beginning, and is certainly not the 'only game in town' given great work being performed in other countries and standards organizations. This session will explore: - Current state/landscape of identity standards - Level setting on the scope of 800-63-3 - Gaps in USG and other competing/complementary standards - Can/should the private sector take ownership of 800-63?
Room 311
9:30am - 9:55am
Revisiting Privileged Access in Today's Threat Landscape
Revisiting Privileged Access in Today's Threat Landscape
Lance Peterman
IAM Strategy & Platform Lead
Merck
If identity is indeed the new perimeter, then privileged access is its primary attack vector. Weak credentials and privilege misuse are consistently identified as the dominant pattern in data breach reports. Approaches to managing privileged access are struggling to keep pace with the changing threats. In this session, we'll examine recent attacks that exploit privilege misuse, analyze some of the specific methods used (like mimikatz), then examine new approaches that can mitigate this risk to the enterprise. Emphasis here will be vendor agnostic, but we will discuss specific technical approaches as well as some technologies that can assist in managing privileged access and adopting a program of least privilege. In addition, we’ll explore differences in approach between on-prem PAM approaches compared with various cloud technologies. We'll also discuss common roadblocks in PAM programs and potential methods to resolve them. Finally, we’ll look at the role that identity & user behavior analytics (UBA/UEBA) can play in providing an active defense against privilege misuse.
10:05am - 10:30am
I’m sorry Dave, I’m afraid I can’t do that: a harm-reduction plan for cloud applications
I’m sorry Dave, I’m afraid I can’t do that: a harm-reduction plan for cloud applications
Sarah Squire
Senior Technical Architect
Ping Identity
Unlike traditional local network applications, cloud applications are both more powerful and easier to compromise. Fortunately, many emerging technologies and standards are focused on allowing applications to access only what they need, and only when they need it. This reduces the amount of harm a compromised application can do without reducing its power to help your team get work done. Take home an actionable game plan for the next six months, the next year, and beyond. With great cloudiness comes great responsibility.
10:40am - 11:05am
Learning Machine Learning's Place in Identity & Security
Learning Machine Learning's Place in Identity & Security
Jonathan Sander
CTO
STEALTHbits Technologies
Machine Learning is the latest in a long line of technologies offered as the “savior” for security teams flooded with events and data. We have watched many organizations – our customers, our technical alliance partners, and even ourselves – struggle with the place where Machine Learning can have the most effective and practical impact. It seems that now there are architectures emerging that use it well. It moved from the top of the pyramid to become a part of several layers below. In this session, we will explore the journey Machine Learning has taken from messiah to workhorse. We will discuss the ways it has and is now being applied in security and identity use cases, and we will illustrate those with examples from real world deployments. The audience will leave with a basic understanding of how Machine Learning works, how it is applied to Identity and Security, and starting points for applying that knowledge in their own organizations.
Room 312
9:30am - 9:55am
Privacy: the next frontier for Identity
Privacy: the next frontier for Identity
Giles Watkins
CEO
Pridium
If you are wondering where Identity goes after dominating security, then come along and get a glimpse into the future. This session will get you thinking about an eclectic variety of subjects from your career, to ethics and discarded gum ! Seriously though, if you want to build solutions that are both compliant and acceptable to your users and customers then come along and join in the debate.
10:05am - 10:30am
Rendering the Value while Demonetizing Identity
Rendering the Value while Demonetizing Identity
Adam Migus
Owner and Principal
The Migus Group
Jenn Behrens
Partner/EVP Privacy
Kuma
Identity is a commodity. The data attributes, the claim sets, the authentications and the authorized access are increasingly valued for organizational transactions, for company market position, to maximize performance and efficiencies, for network effects. Simultaneously, the currency of identity information is escalating on the black market and for malicious actors. Organizations are increasingly required to negotiate risks based on the business rationale for collecting and processing PII with the likelihood of exfiltration or other nefarious acts to harness the monetary value of the data used to perform, in addition to black market subterfuge. This session will compare and contrast the business and monetary values of identity, and provide tactical lessons on utilizing privacy and security controls in both the policy and technology stacks to make the value of the data used by the company as close as null as possible to any malicious actor without rendering the information useless by the company.
10:40am - 11:05am
Spotlight on Europe: What PSD2 and GDPR Mean for Strong Authentication Adoption
Spotlight on Europe: What PSD2 and GDPR Mean for Strong Authentication Adoption
Brett McDowell
Executive Director
FIDO Alliance
New policies in Europe are having a notable impact on the authentication market - in some cases imposing new requirements for use of authentication; in other cases, influencing what kinds of authentication should and should not be used. In this session, FIDO Alliance executive director Brett McDowell will look at two new regulations -- the EU General Data Protection Regulation (GDPR) and Payment Services Directive 2 (PSD2) -- that are having significant impacts on the adoption of modern strong authentication. He will detail the kinds of modern authentication methods (like phishing-resistant security keys and on-device biometrics) that these regulations are embracing and how they can help organizations achieve the right balance of security and usability in their compliance programs. The session will cover: - The evolution of strong authentication - GDPR and PSD2 and their requirements for personal data privacy and strong authentication, respectively - GDPR requirements concerning biometrics - The role of FIDO authentication standards in GDPR and PSD2 compliance - How PSD2 requirements can be met in a user-friendly way by leveraging a rapidly growing install base of laptops, mobile phones and security keys - How standards-based modern strong authentication solutions can help organizations comply with the data minimization goals of GDPR

Keynotes

The Privacy Conundrum: Rights or Rewards?

1:15pm - 1:45pm | Ballroom

Jonathan Zittrain

George Bemis Professor of International Law | Harvard Law School

The Privacy Conundrum: Rights or Rewards?

1:15pm - 1:45pm | Ballroom

Jonathan Zittrain

George Bemis Professor of International Law | Harvard Law School

The 'open' internet is under threat like never before. On the one hand, a growing pressure for surveillance and restriction; on the other, a push by governments and individuals to protect privacy as much in the digital world as the physical. Jonathan Zittrain helps us navigate this changing landscape - and points to a path that might lead to a better outcome for everyone.

The Insecurity of Things: Identity to the Rescue!

1:45pm - 2:15pm | Ballroom

Ken Munro

Partner & Founder | Pen Test Partners LLP

The Insecurity of Things: Identity to the Rescue!

1:45pm - 2:15pm | Ballroom

Ken Munro

Partner & Founder | Pen Test Partners LLP

Car hijacking? Building takeovers? Revenge attacks? The bad guys used to have to be physically present to do physical harm - but in our increasingly connected world, that's no longer true. Device manufactures lack in-depth understanding of security and identity; and the identity industry needs to understand how work within the limitations of the device. In this compelling talk, Ken Munro of PenTest partners will describe - and demonstrate - the woeful insecurity of connected devices and explore how the identity industry can help make things better.

Government for the Digital Age: Lessons Learned and Futures Explored

5:30pm - 6:00pm | Ballroom

Taavi Kotka

Entrepreneur; former CIO, Estonian Government |

Government for the Digital Age: Lessons Learned and Futures Explored

5:30pm - 6:00pm | Ballroom

Taavi Kotka

Entrepreneur; former CIO, Estonian Government |

Our interaction with public services is becoming increasingly digital. Healthcare, social services, individual and company tax, new business registration.... all these services are shifting to the digital sphere, and identity is at the core of that journey. As CIO for the Estonian Government, Taavi Kotka led their pioneering journey of transformation. In this entertaining and engaging keynote, Taavi will draw out key lessons from his experiences that we can all apply to our digital transformation efforts. Taavi will then be joined by Wade Roush for a brief exploration of what happens next in our digital identity journey.

Sessions

Expo Hall
1:20pm - 6:00pm
Exhibit Hall 6.26 PM
Exhibit Hall 6.26 PM

No Speakers Assigned

Room 302
2:30pm - 3:20pm
The Architecture of Identity Automation – To Deliver Brilliant Customer Experiences
The Architecture of Identity Automation – To Deliver Brilliant Customer Experiences
Melinda Buxton

Telstra
Ewan Thomas

Versent
Thor Essman

Versent
Jacob Higgs

Versent
Millions of identities, thousands of services, and numerous legacy silos. This year Telstra, Australia’s largest telecommunications and technology company, embarked on a journey to improve the identity experience for their customers, developers and partners. Onboarding millions of identities and devices and reducing call centre friction are just a few items in the grand scheme of changing the way people interact with their telecom provider. Identity is at the core of this quest to create a cross channel, rapidly evolving, frictionless customer ecosystem. Join us to learn how Telstra leveraged Versent’s expertise in automating identity and access management in the cloud to transform their digital experience.
3:30pm - 4:20pm
Ping Identity Masterclass: PingID Demo: Offline MFA and SDK Enhancements
Ping Identity Masterclass: PingID Demo: Offline MFA and SDK Enhancements
Dana Weinbaum
Technical Product Manager, Mobile
Ping Identity
This session will help you to understand how you can use PingID in different offline use cases. You'll get a close look at the newest features and SDK capabilities that were introduced over the past year. Our live demo will show you what PingID looks like from the user side as well as the administrator side.
4:30pm - 5:20pm
Ping Identity Masterclass: PSD2 & Open Banking with Ping Identity: a Live Demonstration
Ping Identity Masterclass: PSD2 & Open Banking with Ping Identity: a Live Demonstration
Federico Carbone
Regional Solutions Architect
Ping Identity
In 2018, PSD2 and GDPR come into force across the European Union. These regulations will define and govern the use of open banking APIs to enable third parties to access a Banks' customer account information, when the customer has given their explicit consent. In the session we will demonstrate how Ping Identity can address the technical challenges of securing access through open APIs to process financial information and transactions and discuss the technical configurations needed on the Ping products. The demonstration will step through both the Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) use case, showing how the Ping Identity Platform: Utilises OAuth 2 and OpenID Connect token services to support financial institutions and third parties to complete a direct payment transaction and account information aggregation. Gathers, manages and enforces customer-driven consent. Enforces Strong Customer Authentication (SCA).
Room 304
2:30pm - 3:20pm
Google Masterclass: WebAuthn and Security Keys = Unlocking the key to authentication
Google Masterclass: WebAuthn and Security Keys = Unlocking the key to authentication
Christiaan Brand
Product Manager, Security and Privacy
Google
Phishing is the #1 security problem on the web: 81% of account breaches last year were because of weak or stolen passwords. The industry’s collective response to this problem has been multi-factor authentication, but implementations are fragmented and most still don’t adequately address phishing. Google has been working with the FIDO Alliance since 2013 and, more recently, with the W3C to implement a standardized phishing-resistant protocol that can be used by any Web application. This session will demystify the new protocol and run through new, exciting user journeys enabled by these protocols.
3:30pm - 4:20pm
Google Masterclass: Unifying identity, access and device management
Google Masterclass: Unifying identity, access and device management
Scott Kriz
Product Manager, Identity
Google
Jonathan Hurd
Engineering Manager - Identity & Access
Netflix
It is no secret that many companies use SaaS apps and allow employees to access company email, apps and files on their mobile devices to improve productivity, become more agile, and stay competitive. With the network-based perimeter being no-longer effective, join this session to learn how you can leverage Google’s model and cloud services to simplify access to SaaS apps with single sign-on (SSO), protect user identities, secure mobile devices, and more using one admin console and one platform.
4:30pm - 5:20pm
Google Masterclass: Leveraging Google's BeyondCorp vision to protect applications
Google Masterclass: Leveraging Google's BeyondCorp vision to protect applications
Ameet Jani
Product Manager, Security and Privacy
Google
Grant Dasher
Senior Staff Software Engineer
Google
Join this session to learn about the vision behind BeyondCorp, what it is, how Google implemented the model across 80,000 of its employees, and how you can rollout BeyondCorp in your own company today.
Room 306
2:30pm - 3:20pm
IDMWORKS Masterclass: Managed Services - Hosting vs. Support
IDMWORKS Masterclass: Managed Services - Hosting vs. Support
Paul Bedi
CEO
IDMWORKS
IDMWORKS will highlight the differences, advantages, pitfalls and financials between On-Prem Managed Support, Hosted Private Cloud & Data Center, Public Cloud Hosting (i.e. AWS, MS Azure and others) and Hybrid Public/Private Hosting offerings
3:30pm - 4:20pm
IDMWORKS Masterclass: Controlling Your Non-Employee Identities
IDMWORKS Masterclass: Controlling Your Non-Employee Identities
Todd Rossin
CEO & Chief Strategist
IDMWORKS
Inadequate control of non-employee identities can lead to the exposure of personal identifiers or financial information, which can result in identity theft and credit card fraud. IDMWORKS CEO, Todd Rossin, discusses how to lock down your data and applications while providing the necessary access to non-employees.
4:30pm - 5:20pm
IDMWorks Masterclass: 3 Steps for Designing a Cloud IAM Blueprint
IDMWorks Masterclass: 3 Steps for Designing a Cloud IAM Blueprint
Paul Bedi
CEO
IDMWORKS
Todd Rossin
CEO & Chief Strategist
IDMWORKS

Organizations have a growing need to move applications to the cloud, but the enterprise has considerations that need to be taken into account before, during and after making the move.

Successful migrations to the cloud require proper planning and analysis to determine which applications should be moved, the right cloud provider, and the best pricing model, whether you're considering public, private or hybrid cloud.

We'll discuss moving to the cloud and what to do, what not to do and how to leverage the power of identity in the process.

Room 309
2:30pm - 3:20pm
Microsoft Masterclass: Identity is your control plane
Microsoft Masterclass: Identity is your control plane
Dana Kaufman
Principal PM Manager – Identity Security and Protection Team
Microsoft
Nitika Gupta
Senior Program Manager
Microsoft
Your employee is using dropbox from their favorite café using their smartphone for corporate data. You don’t own the device, control the network, or deploy the app. Welcome to the modern mobile workforce! Learn how identity is at the center of your strategy to enable the new age of productivity while ensuring that data remains secure at the point of access, on the device, and even in transit.
3:30pm - 4:20pm
Microsoft Masterclass: To sign-in and beyond
Microsoft Masterclass: To sign-in and beyond
Kyle Marsh
Principal Program Manager
Microsoft
Modern enterprise solutions need to be able to connect disparate resources, quickly and securely. Every resource can be a source of insight, and your ability to access it at the right time can be the difference between success and failure. Come to this session to learn how Azure AD helps you connecting users to apps and API, providing… programmatic access to accounts, Microsoft Cloud API such as the Microsoft Graph and Azure and your own API. Learn about supported topologies, protocols and developer tools that can accelerate your app development tasks, no matter what OS or programming language you choose.
4:30pm - 5:20pm
Microsoft Masterclass: Working with External Identities
Microsoft Masterclass: Working with External Identities
Sarat Subramaniam
Principal PM Manager
Microsoft
Jose Rojas
Principal Program Manager
Microsoft
Every modern enterprise on the planet needs to connect with external partners and customers to be successful. Come have a look at how you can create experiences to onboard your partners and customers and give them access to the apps and digital resources that they need. Use the best products, tools, and capabilities Microsoft has to offer across Office365 (Groups, Teams, SharePoint),  Azure, Microsoft Graph and Azure Active Directory (Azure AD B2B and B2C) to digitally transform your organization. ​
Room 310
2:30pm - 3:20pm
Radiant Logic Masterclass: Federating Identity to improve Web Access Management
Radiant Logic Masterclass: Federating Identity to improve Web Access Management
Wade Ellery
Senior Solutions Architect
Radiant Logic

In this workshop, Radiant Logic will demonstrate how to use a Federated Identity Service to optimize your identity infrastructure boost the performance of your portal, and improve federated access.

  • How to streamline authentication, deliver SSO and enrich authorization by combining federated access and federated identity;
  • Point WAM authentication and authorization to a federated identity hub, speeding up performance dramatically.
  • Create an attribute-rich and more flexible policy server for authorization.
  • Evolve without disrupting your existing identity environment—you will never have to modify underlying sources, or extend their schemas to accommodate WAM requirements, all of the heavy lifting is done seamlessly in the integration layer.
  • How federation enables more contextual attribute-based policies through the support of keyword search across enterprise identity and data.
3:30pm - 4:20pm
Radiant Logic Masterclass: Thriving in a Hybrid World
Radiant Logic Masterclass: Thriving in a Hybrid World
Wade Ellery
Senior Solutions Architect
Radiant Logic

The Cloud may promise the beautiful future everyone is moving towards, but a hybrid ecosystem blending cloud and on-premise will be the reality for most enterprises for years to come. In this session, Radiant Logic will discuss how a Federated Identity Service creates flexibility in your infrastructure to address today’s immediate needs while setting you up for tomorrow’s future identity initiatives, including syncing and provisioning to cloud directories.

  • Clean up, Normalize, and Correlate your data before you move to the Cloud.
  • Create a single logical place to authenticate users and retrieve a global view of attributes and group information that spans on premise and cloud applications.
  • Provision to cloud applications and directories by syncing a global reference image.  
  • Save time and frustration by simplifying the management of users and groups.
  • Seamlessly incorporate Partners, Vendors, and Contractors into your hybrid environment
  • Extend your infrastructure to support Customer Digital Transformation and CIAM
  • Optimize your current infrastructure for a hybrid and Cloud world without breaking your legacy systems
4:30pm - 5:20pm
Straightforward authorization using AppAuth
Straightforward authorization using AppAuth
Iain McGinniss
Staff Software Engineer, Identity Platform
WeWork

This masterclass will cover how to use AppAuth to authenticate a user, and authorize your app to interact with APIs on behalf of that user. The session will be technical and code-oriented, demonstrating:

  • How to express and perform an authorization request.
  • How to handle success and failure.
  • How to use the resultant tokens to interact with an API.
  • A discussion of what AppAuth does not, and will not, do.
Room 311
2:30pm - 3:20pm
Auth0 Masterclass: Architecture & Identity: 3 IAM Examples to Support Digital Transformation
Auth0 Masterclass: Architecture & Identity: 3 IAM Examples to Support Digital Transformation
Jared Hanson
Creator of Passport JS and Auth0 Chief Architect
Auth0
Jared Hanson, Creator of Passport JS and Auth0 Chief Architect, will walk through 3 Identity Access Management (IAM) architecture examples and discuss the specific pros and cons of each in supporting digital transformation efforts. Companies that have traditionally viewed IAM as a function of IT — limited to things like user provisioning, Single Sign On and password management — are now coming to terms with the much larger role identity plays, both as a risk and differentiator. Join this session where Jared will dissect the architectures of common, but difficult identity practices.
3:30pm - 4:20pm
Auth0 Masterclass: The curse of knowledge: designing a developer friendly IdaaS
Auth0 Masterclass: The curse of knowledge: designing a developer friendly IdaaS
Vittorio Bertocci
Principal Architect
Auth0
In our zeal to keep everyone secure and address every use case, we identirati sometimes forget that the solutions we design will have to be used and implemented by humans- people without the time or inclination to gain deep knowledge of identity concepts and terminology before they can get their job done. Come to this session to catch a glimpse of what happens when an IdaaS provider puts developer usability front and center, and how you can apply the same design to make your offering more accessible.
4:30pm - 5:20pm
ProofID Masterclass: Opening your Mind to OpenX - IAM architecture for secure open access
ProofID Masterclass: Opening your Mind to OpenX - IAM architecture for secure open access
Tom Eggleston
CIO
ProofID
Eric Uythoven
CTO
ProofID
Paul Heaney
CISO
ProofID

The rise of Open Banking has shown us that the modern consumer demands access to their data, so organisations will increasingly need to provide open access to it.

This new business paradigm – OpenX – has wide implications for how we securely broker data between customers, the supplier and intermediaries.

In this session, ProofID will walk through the building blocks required to establish a secure OpenX architecture in your organisation. We will step through some of the common use cases found in Open Banking and explain how they can be applied to wider business applications in other industries, and demonstrate how an OpenX architecture creates a virtuous circle of value for the whole ecosystem.

Room 312
2:30pm - 3:20pm
KPMG Presents: Driving Efficient PingFederate and PingAccess platform and automation management
KPMG Presents: Driving Efficient PingFederate and PingAccess platform and automation management
Kevin Shanley
Director, Cyber Security Services
KPMG LLP
Subhodeep Ghosh
Lead Specialist
KPMG LLP
The creation and management of secure, well-named, portable, and flexible policies in PingFederate and PingAccess can be very challenging. This process involves two administrative UIs and a series of disconnected steps that may result in poorly formed policies, inconsistent policy nomenclature, accumulation of orphaned objects, an overall difficulty to automate, higher operating costs, and higher risks of incorrect configurations and incorrect access grants.Learn how the KPMG Access Management Orchestration Suite (KAMOS) can automate and accelerate all PingFederate and PingAccess DevOps policy management and operations, including migration from legacy WAM solutions.
3:30pm - 4:20pm
KPMG Presents: How to approach privileged account access governance and IAG integration
KPMG Presents: How to approach privileged account access governance and IAG integration
Matthew Cydzik
Manager, Cyber Security Services
KPMG
Than Khar Chin
Specialist Director, Cyber Security Services
KPMG LLP
Privileged accounts have historically been managed separately and distinctly from an organizations other access governance processes. Hear KPMG’s approach to holistic privileged access governance and demonstration of leading practices for IAG solution integration.KPMG will demonstrate integration between SailPoint IdentityIQ and CyberArk for access governance processes over privileged access, as well as protecting the privileged accounts that an IAG tool uses.
4:30pm - 5:20pm
SecureAuth Presents: Using the tools of Identity to solve the problems of Security
SecureAuth Presents: Using the tools of Identity to solve the problems of Security
Robert Block
SVP of Identity Strategy
SecureAuth

Today’s attackers are focused on all your mission critical applications (O356, Portals, etc) and not only has their focused increased but their tools and tactics continue to evolve. Whether it is brute force attacking, account fraud, and / or account takeover via password reset, credentials are involved in almost every attack at some point. Are you intelligently detecting credential anomalies? Are your current cyber security investments intersecting effectively to strengthen your ability to combat these problems effectively?

This discussion will focus on elements of a modern approach to solving these continually evolving challenges and how the industry must begin to create intelligent intersections in order to be proactive and more effective.

Wednesday - June 27


9:00am - 12:00pm

Keynotes

Out Gunned, Out Manned, Out Maneuvered: Why Identity-Centric Security Is The Only Way to Win

8:00am - 8:30am | Ballroom

Richard Bird

Client Director | Optiv

Out Gunned, Out Manned, Out Maneuvered: Why Identity-Centric Security Is The Only Way to Win

8:00am - 8:30am | Ballroom

Richard Bird

Client Director | Optiv

Corporations have spent millions, and collectively, billions of dollars on security programs in the last decade. Hackers, with far less money and far fewer resources routinely defeat these defenses. Not because the solutions are bad, but because companies refuse to put identity in the core of their security framework. We aren't being out-spent; so why are we always a step or several behind our enemies? Identity-centric security is the only way to win in a world where every information security organization is already out-manned, out-gunned and out-maneuvered by the enemy. It is critical to understand that while we are out-spending the enemy every single year, money is not solving the problem. Only re-establishing the core principle of identity as security in your organization will give you a fighting chance. Richard Bird is a widely recognized expert in identity management and control. In this presentation, he will address not just technology solutions for identity, but the changes and improvements you must make in governance, process, design and architecture to truly make identity the center of your secured enterprise.

An Identity Journey at GE

8:30am - 9:00am | Ballroom

Nasrin Rezai

Global Chief Information and Product Cyber Security Officer | GE

An Identity Journey at GE

8:30am - 9:00am | Ballroom

Nasrin Rezai

Global Chief Information and Product Cyber Security Officer | GE

Informed by her personal experience, Nasrin Rezai charts the evolution and increasing strategic importance of Digital Identity at GE.

Sessions

Cafeteria - Plaza Level
11:15am - 12:15pm
IDSA Lunch and Learn - The Case for Identity Centric Security: Adobe’s Path to ZEN
IDSA Lunch and Learn - The Case for Identity Centric Security: Adobe’s Path to ZEN
Den Jones
Director of Enterprise Security
Adobe
Carlos Martinez
Security Engineer
Adobe

Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. User authentication has become increasingly complex over the years, blending usernames and passwords with second factor authentication, like One Time Passwords (OTP). In many cases users need to re-authenticate many times a day depending on the applications or devices they use. For many users extremely long and complex passwords blend across work and personal accounts which reduce security and increase frustration and confusion. Is it even possible to balance heightened security and enhance the overall user experience? Using the concepts of an identity centric approach to security from the Identity Defined Security Alliance (IDSA), Adobe has developed a Zero-Trust framework for achieving this balance, through “ZEN.” The Zero-Trust Enterprise Network (or ZEN) project from Adobe is an initiative based upon numerous best practices and principles from various digital workspaces, including the IDSA. In this session you will learn the drivers behind the ZEN initiative and how it accomplishes the following:

  • Remove the need for VPN and replace usernames/passwords with a certificate-based authentication and multiple options for second factor authentication (2FA). 2FA will only be required as needed based security policies.
  • Leverage existing device management and network controls combined with machine learning to control access.
  • Help prevent unwanted lateral movement within the network during an incident or breach scenario.
  • Better automate management of access to internal applications to streamline the overall user experience while also tightening security controls.
  • Deploy a “trust score engine” that will better automate access rules based upon real-time data.
Expo Hall
7:00am - 8:00am
Breakfast
Breakfast

No Speakers Assigned

Join us for Breakfast in the Expo hall!
8:05am - 11:00am
Exhibit Hall 6.27 AM
Exhibit Hall 6.27 AM

No Speakers Assigned

11:05am - 1:15pm
Lunch & Expo
Lunch & Expo

No Speakers Assigned

Last chance to join our Sponsors and Exhibitors for Lunch in the Expo hall!
Room 302
9:30am - 9:55am
Ping Identity Presents: Extend Microsoft Azure AD to Everything On-prem with Ping Identity
Ping Identity Presents: Extend Microsoft Azure AD to Everything On-prem with Ping Identity
Mark Bostley
Senior Technical Product Manager
Ping Identity
Eric Fazendin
Sr. Product Manager
Ping Identity
Learn how to extend SSO and Access Security from Azure AD to on-premises applications using PingAccess for Azure AD, and more recently PingFederate as a Microsoft supported alternative to ADFS. Today's mobile workforce demands tools for greater productivity including access to all their apps on-prem and in the cloud. PingAccess extends Azure AD to the legacy on-premises world, and PingFederate provides many value added features beyond ADFS.
10:05am - 10:30am
Ping Identity Presents: Faster Application Development with Identity and Developer Self-Service
Ping Identity Presents: Faster Application Development with Identity and Developer Self-Service
Ishan Kumar
Director, Product Management
Ping Identity
As organizations increase the pace and frequency of application releases, a more agile approach is needed to embed cloud-based identity services into applications. Engineering teams want the convenience of developer self-service, while IT teams need a platform that can provide centralized security and control. Learn how Ping can help you overcome both these challenges and speed up the process for engineers to onboard and maintain applications.
10:40am - 11:05am
Ping Identity Presents: From SSO to PingAccess - Journey to the Center of the Identiverse
Ping Identity Presents: From SSO to PingAccess - Journey to the Center of the Identiverse
Rob Davis
Director, Security Services
TIAA
The session will cover TIAA's journey migrating from SiteMinder to PingAccess and the lessons learned along the way. I will discuss: - Why TIAA made the switch to PingAccess - Challenges of the legacy environment - Defining the appropriate migration process - Lessons learned and feedback/enhancements recommended - Timeline from initiation to completion - Q & A
Room 304
9:30am - 9:55am
FIDO and Mobile Connect - Integration of FIDO and Mobile Connect to deliver authentication globally
FIDO and Mobile Connect - Integration of FIDO and Mobile Connect to deliver authentication globally
Bjorn Hjelm
DMTS
Verizon
This presentation outlines how the FIDO standards can be integrated with Mobile Connect to offer authentication services within the Mobile Connect framework. This presentation is an output of the collaboration between FIDO Alliance and GSMA and covers an overview of the architecture, FIDO authentication, handling of assurance levels, authentication context for an OpenID Connect profile, and security guidelines.
10:05am - 10:30am
Panel: Mobile-based Identity and Access Management - A NSTIC Pilot
Panel: Mobile-based Identity and Access Management - A NSTIC Pilot
Bjorn Hjelm
DMTS
Verizon
Peter Graham
Co-founder and Managing Partner
PSG Solutions, LLC
Brian Kuwahara
Sr. Director, Corporate Venture
Visa Ventures
Ray Kimble
Founder and CEO
Kuma
Mobile-based Identity and Access Management is a newly completed the NSTIC pilot that demonstrated a common approach to enable consumers and businesses to use mobile devices for secure, privacy-enhancing identity and access management. By allowing relying parties (RPs) to more easily accept identity solutions from Mobile Network Operators (MNO), the solution is intended to reduce a significant barrier to online service providers accepting mobile-based credentials. The pilot included the four major U.S MNOs, GSMA, and several Service Providers (SPs). This panel session will provide the background the pilot, architecture and pilot setup, describe the use cases, experience (from both MNO and SP perspective), and lessons learned.
10:40am - 11:05am
Mobile Driver Licenses - Not just in a galaxy far, far away
Mobile Driver Licenses - Not just in a galaxy far, far away
Geoff Slagle
Director, Identity Management
American Association of Motor Vehicle Administrators
The topic of “putting a driver license on a cellphone” has enjoyed much attention in the recent past. Various initiatives are being undertaken in this area. At this time most appear to be proof-of-concept or exploratory in nature. Interest is being expressed by a variety of stakeholders, including driver license administrators, legislators, vendors, and the general public. AAMVA, through its members, are pursuing the implementation of this with great vigor. The actual entities leading this within AAMVA are the AAMVA Card Design Standard (CDS) committee, supported by the AAMVA Electronic Identity (eID) WG. Working with the ANSI and ISO committees responsible for driver license standardization they identified what are these committees’ understanding of the conceptual framework and functional requirements associated with a “driver license on a cellphone”, or mobile driver license (mDL). The work also explores ancillary topics stakeholders may want to consider in connection with mDLs. This work states requirements, but also formulates questions on issues that require further investigation, analysis and discussion. In addition to standards AAMVA has also done work on model legislation for mDL.
Room 306
9:30am - 9:55am
KPMG Presents: Solving the customer identity data challenges associated with digital transformation
KPMG Presents: Solving the customer identity data challenges associated with digital transformation
Joshua McKibben
Director, Cyber Security Services
KPMG LLP
Kristina Williams
Senior Manager
Cisco
Cisco develops and supports products and services in the area of collaboration, security, networking, IoT, Cloud, and infrastructure. Cisco has grown through organic and inorganic growth. Cisco is in the middle of a transformation from largely a hardware-based product and services company to a subscription–based business model. IAM plays a critical and strategic role in enabling this business transformation. The IAM team has designed and implemented innovative organization tenancy data and functional concepts to support subscription-based business models and digital experience expectations of customers and partners. This talk outlines the key requirements for customer digital identity, the implications those requirements had on traditional IAM consumer data models and operations, and what we’ve done to address them via the Cisco OneIdentity program.
10:05am - 10:30am
KPMG Presents: Technical pillars of a customer IAM solution
KPMG Presents: Technical pillars of a customer IAM solution
Santosh Haranath
Specialist Director, Cyber Security Services
KPMG LLP
Makesh Rao
Solution Architect
Cisco
Cisco, the network company of the 2000s, has evolved itself into a diverse IT company through organic growth and inorganic acquisitions. Cisco has products in the area of collaboration, security, networking, IoT, Cloud, and infrastructure. Building a customer IAM platform for a diverse organization with various risk profiles requires a very scalable and flexible platform, while conforming to IAM standards to ease business adoption. This session will cover about how we leverage industry standards, APIs and WebSDKs to meet our business adoption requirements.
10:40am - 11:05am
Domains of Identity
Domains of Identity
Kaliya Young
Super Hero
Identity Woman

In December 2017, Kaliya Young graduated with a Master of Science in Identity Management from the University of Texas at Austin in the first cohort. Identiverse is pleased to be the first public presentation of her masters report: The Domains of Identity. The objective of this paper is to eliminate this confusion and enable clearer conversations about identity management problems and solutions. The paper outlines sixteen key categories of transactions which cause personally identifiable information to be stored in databases. After the presentation the paper can be found at https://identitywoman.net/domains-of-identity/

11:15am - 11:40am
SecureAuth Presents: Secure Third-Part Access with Risk-based Authentication
SecureAuth Presents: Secure Third-Part Access with Risk-based Authentication
Javed Ikbal
CISO
Bright Horizons
Bright Horizons, a leading early education provider, needed to secure access to its portal which is utilized by over 250,000 families. Bright Horizons CISO Javed Ikbal will share how his organization used SecureAuth risk-based authentication to secure third-party access to their portal to detect the use of compromised credentials while providing a smooth user experience for their clients.
Room 309
9:30am - 9:55am
Don't Pave Privacy Cow Paths: Retool Consent for the New Mobility
Don't Pave Privacy Cow Paths: Retool Consent for the New Mobility
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
As the world has headed towards "Privmas" -- the date of GDPR enforcement -- we've all seen examples of how consent doesn't scale for the requirements of email, laptops, and browsers, never mind mobile devices and applications. How much worse is the situation going to get as connected vehicles become an ever bigger part of consumers' lives and an ever more significant integration point for every industry? In this session we'll use the New Mobility as a critical scenario for examining consumer requirements for trust, regulatory requirements for privacy, how consent experiences and consent management must adapt, and how we can begin to meet these challenges.
10:05am - 10:30am
Legal rules that regulate identity systems; their role in facilitating trust and interoperability
Legal rules that regulate identity systems; their role in facilitating trust and interoperability
Thomas Smedinghoff
Of Counsel
Locke Lord LLP
What are the legal rules that regulate identity systems, where do they come from, and how do they affect the IdPs, RPs, and other participants in the system? This session will begin by addressing those threshold questions to provide a basic overview of the law governing identity systems, the manner in which it operates, and its impact on the liability of the parties. From there, the session will examine how applicable law does, or in some cases does not, facilitate trust and interoperability between identity systems. The session will also examine existing and newly emerging laws and legal initiatives at a global level, the directions they are taking, and the impact they are likely to have on shaping the identity ecosystem.
10:40am - 11:05am
When Identity Attacks – A Tale of Two Breaches
When Identity Attacks – A Tale of Two Breaches
Josh Alexander
Director of Product Management
Salesforce
With the confluence of more sophisticated attackers, more valuable data, greater consequences, and additional regulation increasing both access and responsiveness to breaches, the inevitability and quality of a response to a breach has never been higher. From this practical, not nihilist, point of view, we will explore the case study of two modern breaches. While both attacks occurred within the same year and in the same industry, the two outcomes could not have been more different. We will study the key drivers that resulted in economic, reputational, and personal consequences. *KEY TAKEAWAYS* * What are the reasons that drive the need for a high-quality data breach response plan in 2018? * What are the variables that lead to a good or poor data breach response? * What can you do today to ensure your enterprise is positioned to respond well to a data breach?
Room 310
9:30am - 9:55am
A Digital Identity Journey in the Life Sciences: Through the Horse’s Ears
A Digital Identity Journey in the Life Sciences: Through the Horse’s Ears
Lance Peterman
IAM Strategy & Platform Lead
Merck
This is not your average identity talk. Lance will walk the audience through Merck’s Digital Identity Journey from an historical perspective, but with a slight twist by marrying it to the journey he took learning horsemanship during roughly the same time. You’ll learn a lot about Merck’s IAM journey and maturation over nearly 10 years and take a crash course in horsemanship at the same time!
10:05am - 10:30am
Using IoT and Identity to Restore Freedom
Using IoT and Identity to Restore Freedom
Matt Topper
President
UberEther
With the continuous lowering of hardware costs, it’s becoming more and more cost effective to use contextual factors to increase the security of our facilities and applications. In an unusual way, we applied the same contextual concepts we deploy in the enterprise to give the freedom back to residents of a retirement home. This presentation will demonstrate how our team built a Bluetooth Low Energy (BLE) network to help the care personnel to keep track of the residents. Most importantly, our solution allowed the residents to be reminded and directed to their daily activities independently without the assistance of the staff. This presentation will cover how we planned the network, the registration and management of staff and patients, the technologies we used and policies that were put in place. We will expand upon this use case and how it’s extension can be directly applied to every enterprise’s identity and access management platform to provide some of the most powerful factors in contextual based authentication and use this as another approach to their organization’s digital transformation.
10:40am - 11:05am
Emerging Identity Standards in Healthcare
Emerging Identity Standards in Healthcare
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
One of the most exciting movements in recent times is consumer- and patient-directed exchange of health data. With modern technology and willing participants in health ecosystems, this goal can become a reality. This session will describe use cases and the available standards and technology for achieving them, focusing particularly on Health Relationship Trust (HEART). HEART is a set of open specifications from the OpenID Foundation that allows patients to control the secure sharing of their clinical data. It defines the interoperable process for systems to exchange clinical data as authorized by the patient and consistent with other open standards, specifically FHIR, OpenID Connect, OAuth, and UMA.
Room 311
9:30am - 9:55am
Sailpoint Presents: Advancing Automation Confidence via Identity-defined Security
Sailpoint Presents: Advancing Automation Confidence via Identity-defined Security
Joe Gottlieb
SVP, Corporate Development
SailPoint

Traditional security technologies aren’t going away, but they continue to challenge the enterprise with their cost, complexity, and drain on scarce resources. Meanwhile, identity management is enjoying a timely resurgence as a more predictable set of controls in the effort to reduce cyber risk. Once they are in place, identity controls can increase the precision of security policies, leading to reduced risk and greater returns from existing security investments. This presentation will identify how to:

  • Combine identity and security context to maximize situational awareness
  • Leverage serialized identity to increase the precision of security analytics and enforcement
  • Execute workflows across the organizational hierarchy to verify business context and accelerate automation confidence
10:05am - 10:30am
Saviynt Presents: Balancing Agility and Security in a Hybrid World
Saviynt Presents: Balancing Agility and Security in a Hybrid World
Nabeel Nizar
SVP - Solutions & Strategy
Saviynt

Enterprises are going through significant transformation to meet the demands in a rapidly changing world. Securing critical assets across cloud and on-premises environments (and multitude of new systems) is a common impediment in this journey. Traditional approaches to security are inadequate and point solutions are not enough when the need is to consolidate and correlate for improved security.

The need of the hour is to offer interoperable solutions that work across environments, on- premise and in cloud, to ultimately ensure secure access and protection of assets regardless of where it resides. The session will cover the following topics:

  • Top considerations for securing Hybrid IT
  • Need for convergence of various Identity Management & Cloud Security approaches
  • How to improve security of SaaS, IaaS and PaaS services with contextual Identity data
  • Protect against threats with an integrated approach
10:40am - 11:05am
Tuebora Presents: Some real world use cases of IAM Automation through Machine Learning
Tuebora Presents: Some real world use cases of IAM Automation through Machine Learning
Iranna Hurakadli
VP Customer Engagements
Tuebora
Businesses today struggle to answer who should have access to what and what are users doing with their access. Existing software falls short with only static representations of a dynamic problem: unending policy changes and administration around various IAM processes. This quickly becomes unmanageable and decreases the ability to automate IAM/IGA. The presentation will discuss how the coupling of Identity Access Life Cycle with Machine Learning reduces administration, improves user experience and simplifies governance.
11:15am - 11:40am
Tuebora Presents: IAM automation in a complex environment – journey of a global manufacturing firm
Tuebora Presents: IAM automation in a complex environment – journey of a global manufacturing firm
Neha Jain
Process Owner-Identity & Access Management
Bombardier
In this session, learn about our IAM journey and learnings from it - challenges, pitfalls and immediate benefits it brought to our complex environment. Our implementation was broken into multiple phases - first around developing automation and ensuring smooth life cycle management in our core applications. Next phase was to make this repeatable across rest of the complex environment. In the coming phase of implementation, we will use machine learning and analytics capabilities of the IAM platform to simplify administration and governance activities.
Room 312
9:30am - 9:55am
Optiv Presents: Identity, Data and GDPR
Optiv Presents: Identity, Data and GDPR
Ralph Martino
Senior Director
Optiv

According to IDC, Gartner, Forester and IDC by 2022, over 90% of an organizations data will be unstructured. This data has been protected by traditional IAM practices, but it is getting exported, duplicated and manipulated on a daily basis, and losing access and privacy controls. Regulations such as GDPR, SOX, SSAE, HIPAA and others require organizations to have the appropriate technology, people and process to minimize risk, retain customer loyalty, and ensure these business assets are protected. In this session you will learn:

  • Steps for getting control of the data mayhem
  • Who are the key stakeholders and where to start
  • The key components of a data access governance program
10:05am - 10:30am
Optiv Presents: Reverse Engineering the Data Utopia
Optiv Presents: Reverse Engineering the Data Utopia
Stephen Frethem
Senior Engineer
Varonis
Describing the ideal state for unstructured data is easy for companies, but putting it into practice is much harder. The Varonis 2018 Global Data Risk Report revealed 41% of all organizations had at least 1,000 sensitive files open to every employee. Organizations use terms like “least privileged model” and “entitlement reviews” a lot, but after throwing thousands of consulting hours at it they are still not achieving their data security goals. Join the data security experts from Varonis as they work backwards, step-by-step, from data nirvana to your company’s present state, demonstrating their proven methodology for securing data from insider threats and cyberattacks.
10:40am - 11:05am
Optiv Presents: Observations from a data cleanup project
Optiv Presents: Observations from a data cleanup project
Brendan Casey
Security Engineer
Medica Insurance
Come hear Security Engineer Brendan Casey of Medica Insurance run through the wins and losses of an unstructured data cleanup project. Brendan will talk about how to narrow your data focus to the most important and sensitive, tracking data activity to see growth and usage trends, and how to create policies to reduce your overall risk footprint in your data environments.

12:00pm - 6:00pm

Keynotes

Basics and Black Magic: Defending against Current and Emerging Threats

1:15pm - 1:45pm | Ballroom

Alex Weinert

Group Program Manager, Identity Security and Protection | Microsoft

Basics and Black Magic: Defending against Current and Emerging Threats

1:15pm - 1:45pm | Ballroom

Alex Weinert

Group Program Manager, Identity Security and Protection | Microsoft

Microsoft’s Identity Security & Protection team protects 800M unique users a day across many millions of organizations in B2E, B2B, and B2C scenarios. We will look at how solid identity basics such as single sign on, provisioning and adaptive authentication provide the foundation of security today, and catch up with the latest innovations in signal synthesis, standards, credentials, compliance and privacy improve productivity and security for internal and external identities.

The CISO Conversation

1:45pm - 2:15pm | Ballroom

Robb Reck

CISO | Ping Identity

Kurt Lieber

VP, CISO IT Infrastructure | Aetna

Ron Miller

Enterprise Reporter | TechCrunch

Kathy Orner

Vice President, Chief Risk Officer | Carlson Wagonlit Travel

The CISO Conversation

1:45pm - 2:15pm | Ballroom

Robb Reck

CISO | Ping Identity

Kurt Lieber

VP, CISO IT Infrastructure | Aetna

Ron Miller

Enterprise Reporter | TechCrunch

Kathy Orner

Vice President, Chief Risk Officer | Carlson Wagonlit Travel

Our panel of CISOs, moderated by Ron Miller of TechChrunch , discuss the role of Identity in Security.

Identity, Diversity and Artificial Intelligence

5:30pm - 6:00pm | Ballroom

Pam Dingle

Director of Identity Standards | Microsoft

Kriti Sharma

VP, Artificial Intelligence | Sage

Identity, Diversity and Artificial Intelligence

5:30pm - 6:00pm | Ballroom

Pam Dingle

Director of Identity Standards | Microsoft

Kriti Sharma

VP, Artificial Intelligence | Sage

Artificial Intelligence applications play an increasing role in our world... but these applications have significant challenges identifying and interacting correctly with the full range of individuals that need to use them. Join Pamela Dingle and Kriti Sharma as they explore how these problems have arisen, and what we might be able to do to solve them.

Closing Address

6:00pm - 6:15pm | Ballroom

Andre Durand

Founder & CEO | Ping Identity

Closing Address

6:00pm - 6:15pm | Ballroom

Andre Durand

Founder & CEO | Ping Identity

Your conference chair and host Andre Durand brings Identiverse 2018 to a close.

Sessions

House of Blues
6:30pm - 10:00pm
CLOSING PARTY!
CLOSING PARTY!

No Speakers Assigned

This year's legendary closing party is brought to you by Host Sponsor Ping Identity and Founding Security Sponsor Optiv. Join us at the House of Blues for great food and exciting entertainment, and celebrate a week of learning and networking in true Identiverse style!
Room 302
2:30pm - 3:20pm
Ping Identity Masterclass: Directory Migration: a Use Case
Ping Identity Masterclass: Directory Migration: a Use Case
Greg Coonrod
Senior Software Engineer
Ping Identity
Daniel Ricke
Cyber Security Solutions Architect – Team Lead
Blue Cross Blue Shield of Tennessee
Tim Skinner
Information Security Manager
BlueCross BlueShield of Tennessee
In this session you will here the challenges for migrating from one directory to PingDirectory and how those challenge were addressed by Blue Cross Blue Shield of Tennessee followed by a demonstration of an actual migration. The presentation will focus on the steps to minimize business disruption by successfully migrating identify information without require a force reset of user passwords. The goal was to provide a seamless move of data with no disruption, users would not even be aware that there identity information was moved.
3:30pm - 4:20pm
Ping Identity Masterclass: Scalable Identity: Deep Dive into Ping AWS Deployments
Ping Identity Masterclass: Scalable Identity: Deep Dive into Ping AWS Deployments
Mark Bostley
Senior Technical Product Manager
Ping Identity
Dan McNulty
Principal Engineer
Ping Identity
Learn how to use AWS Services and Ping Identity Automation to implement a production-ready scalable deployment of PingAccess to secure your APIs and Applications. This Masterclass will go into detail on the process, tools, and scripts provided by Ping Identity to deploy and elastically scale your PingAccess cluster in AWS. We will demonstrate the ability to integrate an automated deployment of PingAccess with an existing PingFederate solution as well as how to customize Ping Identity Automation to meet your specific architecture and environmental requirements. We’ll show how to troubleshoot your deployment and monitor your solution utilizing AWS CloudWatch and answer questions from the audience.
4:30pm - 5:20pm
Ping Identity Masterclass: Use PingOne Enterprise to Federate Partners to Your SaaS Applications
Ping Identity Masterclass: Use PingOne Enterprise to Federate Partners to Your SaaS Applications
Kirk Hamilton
Senior Technical Support Engineer
Ping Identity
Mark Dorey
Product Manager, PingOne
Ping Identity
John DaSilva
Professional Services Consultant
Ping Identity
This session will cover how you as a SaaS provider can leverage PingOne for Enterprise to help your partners/customers Federate into your SaaS offering. You will be given the opportunity to setup a PingOne environment and walk through the configuration of enabling a SAML SaaS application to be integrated into PingOne Enterprise. In the process you will learn how you can assist your partners/customers in their efforts to leverage the latest in secure Single-Sign On. This session is a hands-on session where you will be walked through the configuration steps of setting up PingOne or if you wish you can watch, learn and do it at a later time.
Room 304
2:25pm - 2:50pm
Access Management Verifies Enterprise Mobility Management Status of Mobile Device
Access Management Verifies Enterprise Mobility Management Status of Mobile Device
Chris Price
Solutions Architect
Ping Identity
Vikas Jain
Director, Product Management
VMware
Ping Identity and VMWare integrate to secure access to resources based on the managed status of a mobile device and whether it has been compromised.
2:55pm - 3:20pm
Complete Security for your AWS deployment
Complete Security for your AWS deployment
Stephen Lee
Senior Director, Business & Partner Solutions
Okta
Matt Clarke

Netskope
Edward Nunez
Alliances Technology Expert
CyberArk
This integration shows an example of protecting your AWS environment with Okta as the identity administration and access management engine, CyberArk providing privileged account management to resources created in AWS, Netskope providing runtime security and data loss prevention around AWS access, and LogRhythm as a SIEM platform for AWS and the other security products.
3:25pm - 3:50pm
Adaptive Access Management for Enterprises
Adaptive Access Management for Enterprises
Ian Barnett
Technical Director, Alliances
SecureAuth
SecureAuth is able to leverage its native Pre-Authentication Risk Analysis layers, Netskope’s Threat score and Risk Score provided by LogRhythm CloudAI to determine whether user should be granted access, challenged for MFA, Hard-stopped or stepped-down (no 2FA).
4:00pm - 4:25pm
Delegation of access management and trust elevation for privileged access
Delegation of access management and trust elevation for privileged access
Chris Price
Solutions Architect
Ping Identity
Asad Ali
Principal Researcher
Gemalto
This integration demonstrates how different components from different IDSA member companies can work together to offer SSO->AM->2FA->PAM chain of service to customers
4:30pm - 4:55pm
Access Management checks for Cloud Access Security Broker
Access Management checks for Cloud Access Security Broker
Chris Price
Solutions Architect
Ping Identity
Matt Clarke

Netskope
Jerry Chapman
Principal Security Architect
Optiv
Ping Identity and Netskope integrate to secure access to cloud resources and check for compromised credentials.
5:00pm - 5:25pm
Identity Governance Attestation of Privileged Account Management
Identity Governance Attestation of Privileged Account Management
Adam Creaney
Senior Integration Architect
Sailpoint
Privileged accounts have been proven to be the main attack vector for most data breaches. As such, provisioning of these accounts should be governed by a lifecycle management system and recertified on an ongoing basis according to the policies and compliance/audit requirements of an organization.
Room 306
2:30pm - 3:20pm
Sailpoint Masterclass: Identity’s Next Frontier: Securing the Other 80% of Your Corporate Data
Sailpoint Masterclass: Identity’s Next Frontier: Securing the Other 80% of Your Corporate Data
Mike Kiser
Senior Security Strategist
SailPoint Technologies
Since the beginning of the space exploration, humanity has launched objects into earth orbit. Some of this material provides a useful service to humanity, but the majority of it does not. The result is a cloud of dangerous material, posing a threat to humans (in orbit and on the Earth itself.) Businesses today find themselves in the same position — employees are launching data into orbit via network and cloud-based file sharing. How much of this data is sensitive, full of financial, user, or proprietary information? In this session, we will examine the threat that this sensitive data presents to today’s enterprises, particularly in a world where breaches make daily headlines, and then we apply lessons from space exploration to see how identity can help govern this new frontier of data.
3:30pm - 4:20pm
ForgeRock Masterclass: How CIAM and a Robust Ecosystem can Bridge the Digital and Physical World
ForgeRock Masterclass: How CIAM and a Robust Ecosystem can Bridge the Digital and Physical World
Ben Goodman
VP, Global Strategy and Innovation
ForgeRock, Inc.
Companies that want to better engage their customers need to find a way to give them a personalized, consent based​, digital experience. However, for companies who offer physical services such as traditional retail, hospitality, entertainment venues and more, being able to bring digital identity int​​​o the “real world” has been nearly impossible to date. Utilizing a comprehensive demo, ForgeRock’s Ecosystem Engineering team will show how a Customer Identity and Access Management system, when paired with a robust ecosystem of Software and Hardware partners c​an deliver previously impossible levels personalization in the real-world, all while respecting the end users privacy and security needs.
4:30pm - 5:20pm
Ping Identity Masterclass: What's New In PingFederate 9.1?
Ping Identity Masterclass: What's New In PingFederate 9.1?
Scott Tomilson
Director, PingFederate Product Development
Ping Identity
Eric Fazendin
Sr. Product Manager
Ping Identity
Love PingFederate? New to PingFederate? Either way - this session is for you! Hear directly from the PingFederate product team about the latest enhancements to the industry’s most powerful federation server. They’ll cover new capabilities that will help you deploy PingFederate for consumer facing applications (with account account registration and self-service profile management), get more out of modern identity protocols and take advantage of IaaS compatibility improvements (such as adaptive clustering) to lower deployment costs.
Room 309
2:30pm - 3:20pm
Saviynt Masterclass: Cloud IGA Is Ready for You. Are You Ready for Cloud IGA?
Saviynt Masterclass: Cloud IGA Is Ready for You. Are You Ready for Cloud IGA?
Nabeel Nizar
SVP - Solutions & Strategy
Saviynt

With organizations of all sizes adopting cloud-first approach, there is a need to upgrade on- premises Identity Governance and Administration (IGA) to meet current and future needs.

Cloud IGA offers cost effective, agile, secure, scalable approach to Identity Governance that allows for rapid deployment of upgrades and the reassignment of resources from the maintenance of an on-premises IGA, to the standardization and optimization of identity and access management processes across the enterprise.

The question is “Are you ready?”.  This session will examine key considerations while selecting the IGA solution, identifying priorities and demonstrating value to the business and justifying the move to the cloud.

3:30pm - 4:20pm
Tuebora Masterclass: Interacting with IAM Systems using a Natural-Language User Interface
Tuebora Masterclass: Interacting with IAM Systems using a Natural-Language User Interface
Sanjay Nadimpalli
Founder & CEO
Tuebora
IAM Administrators, Compliance officers, Security personnel, Application Owners and end-users – all play an important role in IAM Life Cycle Management. Their interaction requires significant knowledge and training of the IAM solution deployed. It is very common that some activities are delayed or even skipped due to the efforts required. What we need is a more natural way to interact with IAM solution. Interacting using language that best describes one’s intentions like ‘Create an Account in Azure for Fred Smith’ or ‘Approve Jane Marshall’s Request for Membership in Payroll Administrators” or ‘Generate Report of High Risk Users’ or ‘Run Access Review of Privileged Access’ or ‘Send Reminder Email to all Reviewers’ or even ‘Create a Workflow as follows..” is very highly desirable. This will result in significant productivity in the business. Learn how user actions and complex IAM processes can be easily handled using natural language constructs.
4:30pm - 5:20pm
Tuebora Masterclass: Simple, Intuitive and Standardized App. On-boarding into your IAM environment
Tuebora Masterclass: Simple, Intuitive and Standardized App. On-boarding into your IAM environment
Ashish Jhunjhunwala
Co-Founder and Principal Engineer
Tuebora

When it comes to Application Integration, there are several issues that IAM implementation teams constantly struggle with:

  1. Time taken to do Application Integration
  2. Having to learn vendor-specific or third-party frameworks
  3. Lack of portability of the integrations to other solutions

The use of standards for Application Integration coupled with visual tools helps reduce implementation time. We will discuss and demonstrate how you can plug-in and connect new IAM data sources faster than ever before irrespective of what IAM solution you have.

Room 310
2:30pm - 3:20pm
UMA 2.0 Deep Dive: Applying User-Managed Access
UMA 2.0 Deep Dive: Applying User-Managed Access
Eve Maler
VP Innovation & Emerging Technology
ForgeRock
Michael Schwartz
CEO
Gluu
User-Managed Access has important implications for those facing regulatory pressures around data protection, market pressures around consumer trust, and architectural pressures around API protection. This masterclass will explain the purpose, structure, and flows of the UMA 2.0 protocol, including its OAuth2 extension grant and its federated authorization API. We will demonstrate implementations, explore how UMA is being profiled and extended for different sectors and use cases, and answer your questions.
3:30pm - 4:20pm
Masterclass on the DID Universal Resolver
Masterclass on the DID Universal Resolver
Markus Sabadello
Founder/CEO
DanubeTech
The DID Universal Resolver is first major project of the 30+ members of the Decentralized Identity Foundation (DIF). DIDs (Decentralized Identifiers) are a foundational standard for decentralized, blockchain-based identity. A DID method is a spec that defines how DIDs are created, read, updated, and deleted (revoked) on a specific blockchain or distributed system. DID methods have been implemented for Bitcoin, Ethereum, Sovrin, IPFS, Veres One, and Blockstack. The Universal Resolver uses Docker-based modules to plug different DID methods into a single codebase. This session will cover the W3C DID specification, the architecture of the Universal Resolver, the primary features of different DID methods, and where the Universal Resolver fits in the fast-moving decentralized identity ecosystem.
4:30pm - 5:20pm
Panel: Risk Informed IAM, Compromised Credentials and the Future of Authentication
Panel: Risk Informed IAM, Compromised Credentials and the Future of Authentication
Alice Wang
Sr. Director, Cloud Security & Identity Customer Success
Oracle
Frank Villavicencio
CPO, Access and Identity Management
ADP
Gautam Chhawchharia
VP Security (Head of Identity & Auth)
Shape Security
Steve Tout
CEO
VeriClouds
For most organizations, the ability to detect and prevent logins using compromised credentials is a transformation which fills a huge gap left by low adoption of 2FA and MFA solutions. As an industry, we debate whether this will be the year we kill passwords, or if the eradication of "passworditis" may be a more effective approach to balancing security and user experience. What can be done despite the low adoption rate of 2FA? What is the impact of increasing mobile device adoption and cloud computing on modern authentication and access governance? This panel will look at current work and future designs for how to reduce identity fraud and deliver safer online experiences. You'll hear the experiences and challenges of experts from leading companies and how they are thinking about the future of strong authentication.
Room 311
2:25pm - 2:50pm
Identity: The Government has Arrived – and They’re Here to Help?!
Identity: The Government has Arrived – and They’re Here to Help?!
Jeremy Grant
Managing Director of Technology Business Strategy
Venable LLP
Identity is becoming top of mind for governments around the world. Policymakers are scrambling to update how they approach Identity in the wake of major breaches, with a focus on ensuring that digital Identity systems are secure. Government agencies see Identity as key to enabling the next-generation of high-value citizen-facing services. And in regulated industries like banking and healthcare, Identity is the lynchpin of new commercial offerings that allow consumers more privacy, choice and innovation. This session will provide an overview of how governments are engaging – through procurement, policy and regulation – around identity in the U.S. and abroad.
2:55pm - 3:50pm
Panel: Government Services to Citizens
Panel: Government Services to Citizens
Joel Minton
Executive Director
login.gov
Adam Cooper

Jeremy Grant
Managing Director of Technology Business Strategy
Venable LLP
Andre Boysen
Chief Identity Officer
SecureKey
Join our expert panel as they explore what's established, and what's changing, in the world of Government services.
4:00pm - 4:25pm
Addressing Emerging Trust Infrastuctures: LIGHTest and Blockchain Solutions
Addressing Emerging Trust Infrastuctures: LIGHTest and Blockchain Solutions
Rachelle Sellung
Senior Scientist
Fraunhofer IAO / University of Stuttgart IAT
As Trust Infrastrucrtures and finding a standardized way for processing electronic transactions have come into a focus of conversation, this talk will discuss some current research on how the market and industry has been trying to apply Blockchain and whether those applications could have potential alternatives that could address the same concerns. For example, the EU Horizon 2020 Project, LIGHTest, has a global Trust Infrastructure, that could address some of the potential weaknesses of Blockchain.
4:30pm - 5:25pm
Panel: The Emerging Cross Border Trust Services Market
Panel: The Emerging Cross Border Trust Services Market
Lauren Lee
Manager, Digital Integration
United States Postal Service
Dave Fields

Don Thibeau
President and Chairman
Open Identity Exchange
Martin Edwards
Managing Director, Identity Services
UK Post Office
Rachelle Sellung
Senior Scientist
Fraunhofer IAO / University of Stuttgart IAT
Join our expert panel as they explore the emergence of cross-border trusted identity services and investigate the opportunities - and the challenges - that this progress will introduce.
Room 312
2:25pm - 2:50pm
More than you think: Cyber supply chain risk management
More than you think: Cyber supply chain risk management
Ulrich Lang
CEO
ObjectSecurity LLC
Supply chain risks (SCRs) are a major source of IT vulnerabilities, and the different risks are highly interrelated, including cybersecurity risks. In this presentation, I will present a current case study of innovative solutions – based on data aggregation, data analytics & AI – we are researching (SBIR Phase II) for a defense agency around managing SCRs, incl. malicious intent by adversaries. SCR relates to identity in many ways, including identities of supply chain participants, identities of items, etc. Session flow: (1) SUPPLY CHAIN CYBERSECURITY: how SCRs and cybersecurity relate and impact each other (2) SUPPLY CHAIN DATA SOURCES: Data about the supply chain is the critical precondition for being able to determine supply chain risks. (3) RISK ANALYTICS: overview of the risk analysis approaches and tools, and identity challenges (4) RISK MANAGEMENT: overview of risk management approaches, including obvious - usually adopted - ones such as debarring vendors and/or shippers, and vendor management systems. (5) CASE STUDY: military case study where an advanced SCR analysis/management solution within the context of IT hardware/software and cybersecurity is currently being developed. (6) CONCLUSIONS & RECOMMENDATIONS: actionable recommendations to help them to cover this broader, cybersecurity relevant scope of SCR for their own organizations.
2:55pm - 3:50pm
User Behavioral Analytics & Identity Data Analytics – What works, what doesn’t; Lessons Learned
User Behavioral Analytics & Identity Data Analytics – What works, what doesn’t; Lessons Learned
Kurt Lieber
VP, CISO IT Infrastructure
Aetna
For decades, Identity & Access Management has been rooted in the creation, maintenance and deletion of usernames and passwords. However, with the emergence of User Behavioral Analytics and Identity Data Analytics, we are now seeing IAM be positioned as one of the cornerstone key controls for any security program, critical in both providing early detection of advanced threats and also preventing malicious behavior by both internal and external attackers. This presentation will focus on the reasons behind the shift and ways you can take advantage of the new capabilities offered by these emerging technologies to dramatically improve your security program. Specific examples will be shared, along with real-world lessons learned from implementing this program at a Fortune 100 company.
4:00pm - 4:25pm
Recognizing Customers At A Distance: An Industrial Age Company's Journey Toward Trusted Identity
Recognizing Customers At A Distance: An Industrial Age Company's Journey Toward Trusted Identity
George Dobbs
Architect
Massachusetts Mutual Life Insurance Company
This is the story of how a major life insurance company came to understand that the old ways of doing business are no longer sufficient to address the risks of the digital age. Decades-old processes using paper forms, web portals and call centers and even agent-mediated contacts are under attack. This talk will describe how the problem became known, how awareness spread through the organization and alignment was generated between various teams. We will discuss the techniques that will address call centers and portals as well as strategies for paper and agent-mediated encounters with customers. The journey is expected to be long. The talk will wrap up with a progress report.
4:30pm - 4:55pm
Identity Management … You keep using that word. I do not think it means what you think it means.
Identity Management … You keep using that word. I do not think it means what you think it means.
Andrew Nash
Managing VP Identity Services
CapitalOne
Most Identity and Access Management is really about managing user accounts … what would it look like if we managed Identities …
5:00pm - 5:25pm
Automated Identity Management with the Ping Admin API
Automated Identity Management with the Ping Admin API
Jack Hart
Identity Architect
Independent
Automated Identity Management with the Ping Admin API We will present our work using the PingFederate Admin API to manage identity configuration across 6 completely independent, continually used identity environments in the day to day operations of our business. In our customer facing environments we have the typical DEV, QA, UAT and PROD environments common to software development. As we've been bitten by sharing identity components in development before, these environments are completely autonomous. We also manage our own internal corporate identity for employees and have both a PROD (production) environment and a UAT or Test environment for trying out software from various vendors to be used internally. Our first goal was to be able to create a new environment via pushbutton control using an existing environment as a template, useful for standing up new environments quickly and also relevant for correcting broken identity configuration. Additional goals include more fine grained activities such as rolling out identity features like 2FA or a federation with a business partner. Once creating an environment with a specific configuration becomes pushbutton fast and easy we discovered new potential capabilities like taking a problem found in production, replicating the production configuration to an offline test environment and re-creating and resolving the problem away from live users. The solution is a lightweight python API that wraps and simplifies use of the more complex Ping Federate Admin API. As configuration objects in Ping Federate represent a dependency tree, the python API uses hypermedia to lead the client through the critically important sequence of API calls. ​As identity configuration demands a significant amount of systems work, the use of the ping federate admin API is interleaved with systems level infrastructure and file operations driven by SALT stack snd jenkins. ​ ​ The solution is deployable via a command line client integrated with jenkins, as well as various other front ends, easily accessible from various mobile and web apps via the API. Future work inlcudes development of more fine grained procedures, the addition of a NoSQL data store for use with canonical configuration management, audit trails and a variety of similar concerns and integration with jenkins automation and user interfaces.