Manah Khalil

IT Director - Application Security; Verizon Communications, Inc.
Manah Khalil is the IT Director of Application Security and has over 20 years of experience in Software Development, Information Security, and Identity and Access Management. Prior to his role at Verizon, Manah was a Test Lead and Program Manager at Microsoft. Manah is currently responsible for the SSO services for the Verizon digital channel, and the roll-out of the DevSecOps practice across the IT portfolios. He is a strong advocate for application security awareness and a promoter of innovation in IT problem-solving. Manah has over 30 patent filings and grants covering software architecture, identity management and application security. Manah is a two-time recipient of the Verizon Credo Award and the Microsoft Gold Star.

Manah's Session


Tuesday, June 25
4:00 - 4:25 pm
Monroe
Federating FIDO through a Blockchain
The FIDO implementation addresses well the problem of having and managing multiple passwords. However current FIDO implementations are limited to one RP at a time, forcing the adoption of federated authentication through one IDP to handle auth for multiple RPs. The Facebook/Google sign-in issues in 2018 have demonstrated that a single IDP cannot be trusted to power the Internet. In my talk I will introduce a FIDO implementation model that leverages a permissioned and distributed blockchain as the repository of public keys. RPs that would like to use this blockchain would operate a lightweight FIDO service that can authenticate clients against it, and respond to a policy that can mix/match a combination of available factors from a pool of What I know, What I have and What I am. Currently FIDO allows users to enroll with one set of factors based on the RP's required policy. In the new model, users would enroll multiple times with one factor at a time (therefore acquiring multiple public keys). A custom orchestration flow would dynamically receive and enforce an RP policy that can mix/match the combination of number and types of required factors. Such an implementation would allow the reuse of existing enrollments without limiting the control of the public keys repository to a single entity, resulting in addressing concerns around privacy and scalability of the authentication services.

Enter your details to receive email updates from Identiverse