register now
May 30 - June 2, 2023 | ARIA Resort & Casino, Las Vegas, NV
register now
Identiverse 2023 • Session
Securing Cross-Device Flows Using Zero Trust Principles
Identity for Security
Back to Main Agenda
Juniper 3
4:30 pm - 4:55 pm
Identity Standards Architect
Microsoft
Product Manager
Microsoft
Session Abstract: Initiating an action on one device, such as a Smart TV, and authorising access on another device, such as a mobile phone, is increasingly popular. These cross-device flows provide a convenient and cost effective way to use a personally trusted device to authorize access and enable multi-factor authentication, even if the device on which the service will be consumed has limited capability. It’s rise in popularity has not gone unnoticed, and a range of new “illicit consent grant” attacks have been observed in the wild, which was described at Identiverse 2022. In response, the OAuth working group is developing new security best practices and the academic community is using formal methods to analyse cross-device protocols for the first time. But what does this mean for practice for identity security practitioners? In this session we will discuss how practitioners can apply zero-trust principles and leverage the work underway in the standards community. The result is a defence in depth strategy that reduces risks and preserve the benefits of cross-device flows.
Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now