register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
Identiverse 2023 • Session
Bringing Continual Dynamic Authorization to COTS Applications
Deployments and Leading Practices
Back to Main Agenda
Ironwood 2
5:40 pm - 6:05 pm
CTO | CISO
ProofID
Session Abstract: So we’ve solved strong user authentication for employees and consumers. The next major identity challenge to solve is authorization as we decide whether a user has the proper permissions and authority to perform a specific task or transaction. Dynamic authorization moves us beyond static rulesets like RBAC to consideration of the whole context of each individual request, incorporating risk signals from inside and outside the organization – considering factors such as device profile, malware, geolocation, and previous transactions. By combining such signals from multiple sources we can make intelligent authorization decisions and fulfill defined obligations before processing a request (for instance, stepping up authentication). Indeed dynamic authorization like this is already starting to be mandated by regionals such as the EU's revised Payment Services Directive, or PSD2) and is a central tenet of zero trust architecture. Implementing dynamic authorization for in-house applications development is one thing; doing so for COTS (commercial off-the-shelf) software or SaaS applications is significantly harder. In this session we’ll learn how to apply transactional, risk-signal-driven dynamic authorization to COTS applications in policy-based, extensible, and easy to manage. This enables organizations to secure all transactions regardless application type or current state.
Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now