Monday, 17.Feb.: User groups and co-located events
|09:00-18:00||FIM4R||Federated Identity Management for Research|
|11:00-17:30||IdPy||IdentityPython User Group|
|09:00-18:00||midPoint||midPoint User Group Meeting|
|10:00-16:00||Gluu||Gluu User Group Meeting|
Please refer to the linked FIM4R agenda.
IdentityPython is a set of projects that provide implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc – all implemented in Python. The meeting will have an agenda with the various technical, management and policy items that have not been solved with conference calls.
Community meeting for all midPoint users, engineers, architects and enthusiasts. We will discuss the new and hot topics in midPoint development. This is also the chance to meet midPoint developers and talk about the experiences and issues during midPoint deployments. There is an opportunity to actively participate in the discussions, demonstrating your contributions, success stories or overall experience with midPoint deployment in a community environment.
For Gluu users, engineers, architects, from curious to enthusiastic.
|10:00-12:00||Intro to Gluu Platform: Gluu Server, Gluu Gateway, Casa, oxd, Super Gluu|
|16:00-16:00||Gluu Gateway Live Training: bring your laptop!|
Tables (for all groups) have been reserved at Zwölfapostel-Keller.
Address: Sonnenfelsgasse 3, 1010 Wien
We will go as a group with public transport after FIM4R ends.
You need to register in the morning or per email if you arrive in the afternoon.
Tuesday, 18.Feb., Workshops and Presentations
|IGA||9:00-17:00||From Best Practice to Good Practice in Identity Governance and Administration|
|OSS IAM||9:00-17:15||Open Source Identity & Access Management Projects|
Decades of best practice. Identity and Access Management (IAM) is a core IT security discipline, going with the proverbial definition that it "enables the right individuals to access the right resources at the right times for the right reasons". While best practices for IAM have been available and growing in number for at least two decades, a canonical good practice is still emerging. Industry standards and sector regulations such as from central banks provide certain building blocks and baselines, but the overall size of the IAM discipline is still not trivial to manage. As auditors are increasingly drilling down in depth and achieving breadth, and incidents and damages are growing, it became important to be good enough from both risk and compliance perspectives.
Highlighting best practice. As long as there is no well-established "Good IAM Practice" standards have to be escorted with best practices. This track selects a couple of important aspects of IGA and presents best practices, new trends and lessons learned. There will be opportunities to discuss challenges of IGA with respect to policies, products, implementation other aspects.
|09:00-09:15||Intro Session||Introduction session, agenda of the day||Chairman|
|09:15-09:30||A CISO's Perspective||A CISO's perspective on IAM Governance||Peter Gerdenitsch, RBI|
|09:30-10:15||SoD requirements and governance in SAP||Regulatory requirements for segregation of duties including privileged accounts and best practices to enforce SoD in SAP systems||Dominic Stommen, KPMG DE|
|11:00-11:30||AD Password Security||A cleaned-up Active Directory is the foundation for a resilient IAM. We briefly discuss how malware and adversaries abuse wide-spread misconfigurations in Microsoft’s directory service to compromise organizations, but the focus will be the top security controls/configurations your Blue Team can deploy to thwart identity and trust related attacks. We look into old and new practices of password security, contrasting default AD policy with NIST-800-63B.||Severin Winkler, KPMG AT|
|11:30-12:00||A world of privileges||Automation and Intelligence are two of the most relevant topics in IT and Cybersecurity, but as faster as the digital environment is growing and offering new capabilities/benefits, the attack surface has become more undefined and complex. Get control over the keys of the kingdom is even more important now humans are not anymore the unique with high privileges.||Juan Manuel Zarzuelo Díaz|
|12:00-12:30||Trusted B2B relationships||When talking about electronic signatures, we normally think about people signing on some sort of obligation or contract. However, B2B signatures is getting more attention, and is essential to improving business to business communication. In this case, one or more people have to sign in behalf of an organization. There are several challenges, such as how to indicate that you are signing as yourself or on behalf of the organisation. As well as knowing who is authorized to sign on behalf of the organization.||John Erik Setsaas, SIGNICAT|
|12:30-13:45||Lunch Break, Networking|
|13:45-14:30||CIAM Project Story||Lessons learnt: modernization of Customer IAM solution for multi-million user base||Jukka Lauhia, KPMG FI|
|15:30-16:15||Legal Entity Identifiers: Intro, Use Cases and Business Value||Following the financial crisis of 2008 the FSB/G20 advocated the creation and regulatory incorporation of a globally unique identity for any legal entity that engages in financial transactions. Today we find ourselves on the verge of large scale adoption of the LEI across numerous use cases. Delivering highly assured organisation identity, the LEI gives organisations the same abilities as individuals when it comes to being the subject of Identity Management. In this session we will explore the process behind the LEI, the current large scale use cases, and take a glimpse at a future that empowers legal entities to benefit in IAM processes as a natural person does today.||Simon Wood, Ubisecure|
|16:15-17:00||Converging PAM in an IT/OT Environment||Field experience in managing and reviewing controls for privileged access when both IT and OT/ICS-systems are in scope||Andreas Reiter, Siemens; David Mayer, KPMG AT|
This conference track is for people working on and working with Open Source IAM to to discuss best practices, integration patterns and solution stories about Open Source IAM. For each slot there will be 2-3 short introductory presentations as input for discussions.
This track is chaired by Peter Gietz, DAASI International.
|09:00-09:30||Intro session, Agenda Bashing||Chairman|
|09:30–10:15||Connector Frameworks, a good subject for cooperation:
- On the Future of ConnId
- ICF pros and cons
|10:15–10:45||Standards for Interoperable OSS IdM
- Could SCIM become lingua franca of Identity Provisioning?
- Future of SCIM
|11:00–11:45||Standards for Interoperable OSS Access Management: SAML and OIDC Proxy based FIM architectures and solutions based on Open Source Software||David Hübner|
|11:45–12:30||Interoperability in Testing Software: Methods used for midPoint and how they can be used in a broader context||Oskar Butovič|
|13:30–14:45||Current State of DIDs
Decentralized Identifiers (DIDs) are the foundational building block of emerging decentralized (or "self-sovereign") identity architectures. They are a new type of identifier that is independent of any central authority or intermediary, and that can be resolved in a way that is cryptographically verifiable. Other components such as Verifiable Credentials, agents, personal data stores, etc. can be built on top of DIDs. The DID specification is currently being written by the W3C Decentralized Identifier Working Group.
|15:30–16:15||Governance and Challenges in OSS IAM Projects - how to establish a community, sustainable work models and choose the right licenses and protocols||Benjamin Oshrin;
|16:15-17:00||OSS Business Models
Pros and Cons of Specific OS Business Models
Billions or Bust? Open source is a great distributed development model. It’s a genius low-cost distribution model. But you need to think about how you're going to get paid! There is more nuance to this business challenge then many entrepeneurs initially appreciate. Luckily, we can learn from the pros. The Open Source Underdogs podcast sought to interview successful founders, to get out their stories about how they used open source as part of the whole business model--not just monetization, but also value proposition, customer segmentation, partner strategy, sales, marketing, and building the team. After talking to more thirty successful founders, some common themes emerge. If you are considering open sourcing your software, being prepared can save you years of learning the hard way!
This track has been merged into track 1 after receiving complaints that people wanted to attend both tracks:-)
|9:00-9:30||Welcome and Introduction Round||Peter Gietz (DAASI International)|
Tables have been reserved at Stadtwirt.
Address: Marxergasse 3, 1030 Wien
We will go as a group with public transport after both tracks end.
You need to register in the morning (or per email) and choose from 1 of 2 menues. The evening event is not included in the conference ticket.
Wednesday and Thursday, 19.-20.Feb., Unconference
The unconference is using an agile format with participant-driven contents, covering the attendees' current interests. TIIME's format has been designed for solving trust and identity issues, developing and sharing new concepts and deepening your understanding of relevant topics. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!
|08:00 - 09:00||Coffee|
|09:00 - 10:30||Keynote (CIAM)
|10:30 - 10:45||Coffee break|
|10:45 - 11:30||Sessions (1)|
|11:30 - 12:15||Sessions (2)|
|12:15 - 12:45||Plenary|
|12:45 - 14:00||Lunch|
|14:00 - 14:45||Session (3)|
|14:45 - 15:30||Sessions (4)|
|15:30 - 16:00||Coffee break|
|16:00 - 16:45||Sessions (5)|
|16:45 - 17:15||Plenary|
|18:30 ~ 21:45||Social dinner|
|08:00 - 09:00||Coffee|
|09:00 - 10:30||Keynotes (Cloud IGA, eID)
|10:30 - 10:45||Coffee break|
|10:45 - 11:30||Sessions (6)|
|11:30 - 12:15||Sessions (7)|
|12:15 - 12:45||Plenary|
|12:45 - 14:00||Lunch|
|14:00 - 14:45||Sessions (8)|
|14:45 - 15:30||Sessions (9)|
|15:30 - 16:00||Plenary|
|We live in an unprecedented time, hyper connected, hyper converged. But this doesn’t just apply to us; markets, businesses, platforms, all are converging, and the once distinct world of CIAM is no different. Customers, consumers, partners, suppliers, they are all external identities and all bring challenges and opportunities. From security to efficiency to experience to regulatory compliance, CIAM brings solutions that are a subset of the wider external identity management. For organisations embarking on a ‘digital transformation’ or refresh, the convergence applies to vendor products and suppliers as much as to the management of the ‘Customer Journey’. This presentation will provide insights into the CIAM domain, from technology to corporate development.|
|Since years there is an increasing adoption of cloud services in the market. This inherently has a strong effect on identity and access management (IAM) solutions, for both capabilities and delivery models. Authentication services from the cloud have become common practice or even the leading standard these days, identity governance and administration (IGA) services are now following the same transition. Established IGA solution providers are changing their core offerings to a SaaS model. This forces organizations into standardized processes and practices. This provides opportunities to adopt best practices and gain instant improvements to core processes quickly. During this presentation these developments and the impact on organisations will be explained. Supporting by a case-study of a SaaS IGA deployment and process integration, both its challenges and its success.|
|This presentation overviews the current status of the most relevant efforts in CA, EU, UK and US, so that the audience can take away a holistic picture and compare and contrast understanding of government-initiated digital identity programmes globally. Why should you care? Even if you are not directly engaging, monitor public sector developments in all markets you operate in, to prepare for any potential policy, regulation or compliance requirements.|