Identiverse officially kicks-off this week and is an important event for IDPro, not only because IDPro was launched at Identiverse in 2017, but also because both organizations share a mutual goal of providing resources to digital identity professionals.
“A terrific example of this was the standing-room-only experience in the Introduction to Identity sessions held at last year’s conference in Washington D.C. IDPro helps enhance the overall experience for attendees at the conference and, in exchange, we get a terrific canvas upon which to share our mission to ‘globally foster ethics and excellence in the practice and profession of digital identity’, engage our members and stakeholders (and hopefully future members), and share our progress as an organization.” – Lance Peterman, IDPro treasurer and board member
This year, due to restrictions from the COVID-19 pandemic, Identiverse will be held virtually as a series of webinars timed to accommodate a global audience. Most presentations will offer a live Q&A and will also be available on-demand. This month, IDPro members will be presenting the following topics at Identiverse:
Week 1: June 15 – 19
- Monday, June 15, 10:15 – 11:05: Hearts, Minds and Wallets: The War Over Digital Identity
10 years ago no one was interested in the notion of “digital identity”. You had accounts and passwords and it was an irritating administrative function to manage all those accounts for customers, citizens and humans in general. In the last two years the war for the hearts, minds and wallets attached to a humans’ digital identity have set the stage for open warfare in 2020 and beyond by organizations and industries that see that value in being the creator and manager of a digital identity standard. What does it mean for the US and the world when champions for SSI and banks and payment processors and social media and governments and healthcare networks are all racing to create an operationally sustainable unique digital identity? Will there be tensions and challenges between these different actors when it comes time to recognize the credibility and authenticity of each other’s standards? Richard Bird regularly spends time across 5 continents working with governments and large companies, navigating the complexities of the rising interest and demand for true digital identities. He’ll share his observations in an effort to prepare you for the disruption this will create in our practices, designs and architectures for security, privacy and consumer and citizen rights.
- Speaker/s: Richard Bird
- Monday, June 15, 12:00 – 12:25: Stop Blaming the End User! Using Empathy and Understanding to Deliver Better Identity Experiences
As Digital Identity technologists, we’re used to rolling our eyes at onerous (and downright unfriendly) user experiences. But we know our SMS OTPs from our TOTPs. We’re experts at navigating complex password policies, for registration and resets. We know when to share our biometric and other sensitive data, and when to be more cautious. But spare a thought for the average user. They’re often described as the weakest link in security. We shouldn’t be blaming them. They’re bemused, confused, and sometimes livid about the hoops we make them jump through. This session will take you on an amusing and honest appraisal of Digital Identity Experience from the end user’s perspective, in their own words. Build empathy to connect with their problems by walking a mile in their shoes. We will cover user registration, authentication, password reset, account recovery and more. I’ll present a ToDo List for improving user experience, based on current industry recommendations. We owe it to society to protect end users and their data, and build trust. Cost-effective and user-friendly identity experiences are the ultimate goal. So let’s reflect on our shortcomings and get serious about improving the status quo!
- Speaker/s: Mark Perry
- Tuesday, June 16, 12:30 – 12:55: Maximizing Failover Efficiency & UX in Your Multi-Region Deployment
As the industry iterates beyond simple cloud deployments, application & identity architects confront new challenges in deploying and managing complex application instances which span the globe across multiple provider regions. Rapid failover from one region to another is a critical component for these distributed applications- but did you know how much your cloud DNS service and DNS architecture impact the speed that traffic can be rerouted from one region to another? In this talk, Jon Lehtinen shares his experiences testing several DNS architectures, and highlights how different resolution methods, failover policies, and other seemingly inconsequential components greatly impact how instantaneous- or not- your failover can be.
- Speaker/s: Jon Lehtinen
- Wednesday, June 17, 10:00 – 10:50: Identity: The Next Ten Years
The future of the standards and services we build is unwritten. We are curious about the future because we shape it. But from the works of our hands to a world 10 years hence is an unknown path. In this talk, Mr. Glazer will discuss what the future of identity could look like in 5 to 10 years: * What previous predictions about identity’s future got right and wrong * Where standards adoption will be * How associated technologies will impact our industry * What a discontinuous future might look like
- Speaker/s: Ian Glazer
- Wednesday, June 17, 11:00 – 11:25: Radiant Logic: How Verizon Media Navigated Acquisitions & Turned Identity Into a Business Enabler
Verizon Media reaches over one billion people around the world with a dynamic house of 50+ media and technology brands. After acquiring AOL and Yahoo’s businesses, the company now employs about 10,000 people. However, extensive firewalls made it difficult to collaborate across the newly merged entities in an increasingly cloud-first environment. This presentation will discuss how they enabled authentication in a zero trust environment by following the principles of least privilege. By federating identities and creating consolidated identity views, allowing over 1,000 applications to authenticate and get complete user profiles without any changes or customization to the applications.
- Speaker/s: David McCluskey, Bryan Meister
- Wednesday, June 17, 12:00 – 12:25: Browser Features vs Identity Protocols: An Arms Race?
In an attempt to protect users from excessive tracking and surveillance, the last couple of years have witnessed major browser vendors introducing increasingly restrictive anti-tracking measures. Identity protocols and features got caught in the crossfire, however, forcing identity software vendors and developers to hastily introduce changes to restore functionality that browser changes broke. Is this the new normal? What will we do when a change will break an identity feature beyond repair? This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict what the future will look like for identity customers and practitioners.
- Speaker/s: Vittorio Bertocci
Week 2: June 22 – 26
- Monday, June 22, 10:30 – 10:55: Beyond Bearer Tokens with HTTP Message Signatures
Digital signatures on HTTP messages? That aren’t broken by proxies, or TLS terminators, or gateways that reorder the headers just for fun? That’s exactly what you get with HTTP Message Signatures. This session dives into what they are, how they work, and how they can augment or replace existing API protection mechanisms such as bearer access tokens and cookies.
- Speaker/s: Annabelle Backman
- Monday, June 22, 12:00 – 12:25: The Blurring of Business Logic and Authorization
The idea of “fine grained authorization” has been around for several years now. Twenty years ago, there was a proposed standard, XACML that was focused on these fine grained decisions, and a language that could express the underlying policies. However, it never gained widespread acceptance. There is also a problem that the line between fine grained authorization, and business logic is a very hazy line. As consent and user managed access controls become more widespread, so the line between business logic and policy becomes even more blurred. I will talk about some of the reasons for the low acceptance of fine grained policy, as well as examining how the hazy line can be more easily defined. I will also address techniques that can be used to bring these different needs closer together.
- Speaker/s: Allan Foster
- Tuesday, June 23, 10:00 – 10:25: Customers and Partners – Seamless and Secure Experiences for Every Relationship
Organizations going through digital transformation need to manage and secure the identities of users beyond their organizational boundaries, including partners, customers, and citizens. They want a single solution that that is user-centric and flexible, secure, and scalable enough to support global users authenticating with any kind of identity, that doesn’t require deployment of multiple disconnected…read more »
- Speaker/s: Robin Goldstein
- Wednesday, June 24, 10:00 – 10:50: Fireside Chat: You Don’t Really Own Your Identity
You own and control your thoughts, your words and your actions. But in a modern society that’s intent on verifying everything in the midst of a global crisis like the COVID-19 pandemic, where your movements impact the health of others, what do you really control? Join Esther Dyson and Andre Durand as they explore this topic in a thought-provoking conversation.
- Speaker/s: Andre Durand, Esther Dyson
- Wednesday, June 24, 11:00 – 11:25: Ping Identity Presents: How to Measure the Unexpected Value of Customer Identity
Customer identity professionals speak in terms like IdPs, SPs and OIDC. Business leaders understand terms like customer acquisition, revenue, and customer lifetime value. This disconnect can make it difficult to convey the value customer identity investments can provide and get the resources you need. Join us in this session as we walk through a sophisticated business value calculator that translates customer identity enhancements into the results they’ll drive for your business. We’ll show you how to take inputs from your business—like login and registration abandonment rates, average customer expenditure, and profit margins—and use them to calculate the effect various customer identity enhancements will have. We’ll show example use cases from several industries and give you the opportunity to input numbers from your own enterprise to see what effect customer identity will have on your business. This session will arm you with a powerful conversation to have with your business that will convey the value of customer identity and raise your status within your organization.
- Speaker/s: Dustin Maxey, Vikas Mundada
- Friday, June 26, 10:00 – 10:50: Modern Identity for Developers 101
Modern identity promises to solve some of the thorniest problems that historically plagued handling authentication and access control in applications. That sounds great in theory, but how do things really look when the rubber hits the road – what does it take to incorporate modern identity in your applications development practice? Come to this session to learn the basis of modern identity development and be better equipped to understand and participate to more advanced developer themed sessions, at Identiverse and beyond.
- Speaker/s: Vittorio Bertocci
View the full Identiverse agenda here and register to attend . Also, join the IDPro Identiverse slack channel to discuss hot topics and network with digital identity professionals. If you need an invite, or if you’re not receiving the email list messages, contact firstname.lastname@example.org. Stay tuned for more information
Follow IDPro and Identiverse on Twitter for updates. There may be some surprise speakers planned, as well as some virtual social events (still to be announced). If you’ve never attended Identiverse in-person before, this is a great opportunity to learn from some of the best identity practitioners. We hope to “see” you at Identiverse!
The #IDPro #BodyofKnowledge is crucial to IDPro's mission to provide vendor-and technology-neutral guidance for #identity practitioners of all tenures in all industries. Check out our website for the status of articles, what's coming up in issue #3 & more: https://bit.ly/2RzcVdB
In an #IDPro blog, @GoneSecuring, explores #authorisation practices and the E-TERRA approach. Read more: https://bit.ly/31dHafy
Read #IDPro's blog to understand what we can learn from #GDPR and what impending privacy regulations - such as #CCPA or #LGPD - mean for the privacy landscape in general: https://bit.ly/2YihJrC
Recently, a bipartisan bill "Improving Digital Identity Act of 2020," was introduced in the House of Representatives to create #digitalidentity standards and address a range of security issues, such as theft and fraud. @BnkInfoSecurity shares more: https://bit.ly/2EbZlK6
#IDPro member @idsalliance is hosting a webinar on October 9 at 12 PM ET to discuss the role of attestation processes in a security risk management program, the key stakeholders involved and more. Register for the webinar: https://bit.ly/2EeJF8W
Who has access? Who granted it? Who approved it?
Key questions in the attestation process and critical questions in our disrupted work environment. Join us October 9th, 12pm ET to get the answers. @IdsecAndy @carderjames @ericuythoven and Allen Moffett.