Trust and Internet Identity Meeting Europe
17.-20. Feb 2020: Workshops and Unconference

Monday, 17.Feb.: User groups and co-located events

Time           Title Contents
09:00-18:00 FIM4R Federated Identity Management for Research 14th Workshop
11:00-17:30 IdPy IdentityPython User Group (to be confirmed)
09:00-18:00 midPoint midPoint User Group Meeting

Track Agenda

IdentityPython User Group

IdentityPython is a set of projects that provide implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc – all implemented in Python. The meeting will have an agenda with the various technical, management and policy items that have not been solved with conference calls.

MidPoint User Group Meeting

Community meeting for all midPoint users, engineers, architects and enthusiasts. We will discuss the new and hot topics in midPoint development. This is also the chance to meet midPoint developers and talk about the experiences and issues during midPoint deployments. There is an opportunity to actively participate in the discussions, demonstrating your contributions, success stories or overall experience with midPoint deployment in a community environment.



  • "The state of midPoint" by Radovan Semancik. Summarizing recent releases, development works and plans for next releases.
  • "What's hot in midPoint" by Katarina Valalikova. Introduction to new midPoint features and preview of recent development work.
  • Setting agenda for afternoon.


  • Ad-hoc discussions and demonstrations in a micro-unconference style.
  • Community feedback, suggestions and discussions with midPoint developers.

Monday evening

Tables have been reserved at Zwölfapostel-Keller.

Address: Sonnenfelsgasse 3, 1010 Wien

We will go as a group with public transport after FIM4R ends.

You need to register in the morning or per email if you arrive in the afternoon.

Tuesday, 18.Feb., Workshops and Presentations

(preliminary schedule)

Track Time Room Contents
IGA 9:00-17:00 From Best Practice to Good Practice in Identity Governance and Administration
OSS IAM 9:00-17:15 Open Source Identity & Access Management Projects

Track Agenda

From Best Practice to Good Practice in Identity Governance and Administration

Decades of best practice. Identity and Access Management (IAM) is a core IT security discipline, going with the proverbial definition that it "enables the right individuals to access the right resources at the right times for the right reasons". While best practices for IAM have been available and growing in number for at least two decades, a canonical good practice is still emerging. Industry standards and sector regulations such as from central banks provide certain building blocks and baselines, but the overall size of the IAM discipline is still not trivial to manage. As auditors are increasingly drilling down in depth and achieving breadth, and incidents and damages are growing, it became important to be good enough from both risk and compliance perspectives.

What is good enough? The practice of handling IAM with management systems began as a set of controls in ISMS. At the time the term IGA was introduced by Gartner the more IAM-specific approach to governance became prominent. Review cycles for identities, accounts, access rights and role schemes merged with plan-do-check-act style approaches. Unfortunately we still cannot claim "mission completed" in the IAM field. The practical implementations can be challenging and requires cooperative efforts between IT, business and security, such as: incomplete policies; complex role management; lack of standard interfaces; achieving effective controls without exuberant bureaucracy; catering for legacy systems.

Highlighting best practice. As long as there is no well-established "Good IAM Practice" standards have to be escorted with best practices. This track selects a couple of important aspects of IGA and presents best practices, new trends and lessons learned. There will be opportunities to discuss challenges of IGA with respect to policies, products, implementation other aspects.

Preliminary agenda:

Time           Title              Contents Contribution
09:00-09:15 Intro Session Introduction session, agenda of the day Chairman
09:15-09:30 A CISO's Perspective A CISO's perspective on IAM Governance t.b.a.
09:30-10:15 SoD requirements; SoD governance in SAP Regulatory requirements for segregation of duties including privileged accounts
Best practices to enforce SoD in SAP systems
Linda Noak, KPMG Deutschland
Bastian Becelewski, KPMG DE
10:15-11:00 Coffee Break    
11:00-11:30 AD Password Security We discuss how configuration and legacy options impact password security, how to bring legacy policies up-to-date, and the related monitoring options and KPIs Severin Winkler, KPMG AT
11:30-12:30 Architectural IAM Patterns High-level IAM architectural patterns to improve agility t.b.a.
12:00-12:30 Trusted B2B relationships When talking about electronic signatures, we normally think about people signing on some sort of obligation or contract. However, B2B signatures is getting more attention, and is essential to improving business to business communication. In this case, one or more people have to sign in behalf of an organization. There are several challenges, such as how to indicate that you are signing as yourself or on behalf of the organisation. As well as knowing who is authorized to sign on behalf of the organization. John Erik Setsaas, SIGNICAT
12:30-13:45 Lunch Break, Networking    
13:45-14:30 CIAM Project Story Lessons learnt: modernization of Customer IAM solution for multi-million user base Jukka Lauhia, KPMG FI
14:30-15:30 Coffee Break    
15:30-16:15 Legal Entity Identifiers: Intro, Use Cases and Business Value Following the financial crisis of 2008 the FSB/G20 advocated the creation and regulatory incorporation of a globally unique identity for any legal entity that engages in financial transactions. Today we find ourselves on the verge of large scale adoption of the LEI across numerous use cases. Delivering highly assured organisation identity, the LEI gives organisations the same abilities as individuals when it comes to being the subject of Identity Management. In this session we will explore the process behind the LEI, the current large scale use cases, and take a glimpse at a future that empowers legal entities to benefit in IAM processes as a natural person does today. Simon Wood, Ubisecure
16:15-17:00 Converging PAM in an IT/OT Environment Field experience in managing and reviewing controls for privileged access when both IT and OT/ICS-systems are in scope Andreas Reiter, Siemens; David Mayer, KPMG AT
17:00-17:15 Closing Session    

Open Source Identity and Access Management Projects

This conference track is for people working on and working with Open Source IAM to to discuss best practices, integration patterns and solution stories about Open Source IAM. For each slot there will be 2-3 short introductory presentations as input for discussions.

This track is facilitated by Peter Gietz, DAASI International.

Preliminary agenda:

Time           Title              Contribution
09:00-09:10 Intro session Chairman
09:10–10:00 Connector Frameworks, a good subject for cooperation:
- On the Future of ConnId
- ICF pros and cons

Radovan Semancik;
10:00–10:45 Standards for Interoperable OSS IdM
- Could SCIM become lingua franca of Identity Provisioning?
- Future of SCIM

Peter Gietz;
10:45–11:00 Coffee break  
11:00–11:45 Standards for Interoperable OSS Access Management: SAML and OIDC Proxy based FIM architectures and solutions based on Open Source Software David Hübner
11:45–12:30 Interoperability in Testing Software: Methods used for midPoint and how they can be used in a broader context Oskar Butovič
12:30–13:30 Lunch break  
13:30–14:45 t.b.a.  
14:45–15:30 Coffee break  
15:30–16:15 Business and cooperation models for OSS IAM  
16:15-17:00 International OSS IAM Business Aliance, something we need? Chairman
17:00-17:15 Closing session  


This track has been merged into track 1 after receiving complaints that people wanted to attend both tracks:-)

Time           Title Speakers
9:00-9:30 Welcome and Introduction Round Peter Gietz (DAASI International)
10:30-11:30 Coffee break
12:30-13:30 Lunch break
14:30-15:00 Coffee break

Evening event

Tables have been reserved at Stadtwirt.

Address: Marxergasse 3, 1030 Wien

We will go as a group with public transport after both tracks end.

You need to register in the morning (or per email) and choose from 1 of 2 menues).

Wednesday and Thursday, 19.-20.Feb., Unconference

The unconference is using an agile format with participant-driven contents, covering the attendees' current interests. TIIME's format has been designed for solving trust and identity issues, developing and sharing new concepts and deepening your understanding of relevant topics. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!

To get an idea about the contents look at Topics or into the proceedings from previous conferences.

Schedule Wednesday

Time Title
08:00 - 09:00 Coffee
09:00 - 10:30 Keynote (CIAM)
agenda creation
10:30 - 10:45 Coffee break
10:45 - 11:30 Sessions (1)
11:30 - 12:15 Sessions (2)
12:15 - 12:45 Plenary
12:45 - 14:00 Lunch
14:00 - 14:45 Session (3)
14:45 - 15:30 Session (4)
15:30 - 16:00 Coffee break
16:00 - 16:45 Session (5)
16:45 - 17:15 Plenary
18:30 ~ 21:45 Social dinner

Schedule Thursday

Time Title
08:00 - 09:00 Coffee
09:00 - 10:30 Keynotes (Cloud IGA, eID)
agenda creation
10:30 - 10:45 Coffee break
10:45 - 11:30 Sessions (6)
11:30 - 12:15 Sessions (7)
12:15 - 12:45 Plenary
12:45 - 14:00 Lunch
14:00 - 14:45 Session (8)
14:45 - 15:30 Session (9)
15:30 - 16:00 Plenary


CIAM – an Evolving and Converging World

Simon Wood (Ubisecure)

Profile Picture We live in an unprecedented time, hyper connected, hyper converged. But this doesn’t just apply to us; markets, businesses, platforms, all are converging, and the once distinct world of CIAM is no different. Customers, consumers, partners, suppliers, they are all external identities and all bring challenges and opportunities. From security to efficiency to experience to regulatory compliance, CIAM brings solutions that are a subset of the wider external identity management. For organisations embarking on a ‘digital transformation’ or refresh, the convergence applies to vendor products and suppliers as much as to the management of the ‘Customer Journey’. This presentation will provide insights into the CIAM domain, from technology to corporate development.

Cloud IGA in Practice - the Challenges and Successes

Edwin Sturrus (KPMG NL)

Profile Picture Since years there is an increasing adoption of cloud services in the market. This inherently has a strong effect on identity and access management (IAM) solutions, for both capabilities and delivery models. Authentication services from the cloud have become common practice or even the leading standard these days, identity governance and administration (IGA) services are now following the same transition. Established IGA solution providers are changing their core offerings to a SaaS model. This forces organizations into standardized processes and practices. This provides opportunities to adopt best practices and gain instant improvements to core processes quickly. During this presentation these developments and the impact on organisations will be explained. Supporting by a case-study of a SaaS IGA deployment and process integration, both its challenges and its success.

Update on Public Sector eID Initiatives and Trust Frameworks

Colin Wallis (Kantara Initiative)

Profile Picture This presentation overviews the current status of the most relevant efforts in CA, EU, UK and US, so that the audience can take away a holistic picture and compare and contrast understanding of government-initiated digital identity programmes globally. Why should you care? Even if you are not directly engaging, monitor public sector developments in all markets you operate in, to prepare for any potential policy, regulation or compliance requirements.