Trust and Internet Identity Meeting Europe
2013 - 2020: Workshops and Unconference

Monday, 17.Feb.: User groups and co-located events

Time           Title Contents
09:00-18:00 FIM4R Federated Identity Management for Research
11:00-17:30 IdPy IdentityPython User Group
09:00-18:00 midPoint midPoint User Group Meeting
10:00-16:00 Gluu Gluu User Group Meeting

Track Agenda

Federated Identity Management for Research 15th Workshop

Please refer to the linked FIM4R agenda.

IdentityPython User Group

IdentityPython is a set of projects that provide implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc – all implemented in Python. The meeting will have an agenda with the various technical, management and policy items that have not been solved with conference calls.

MidPoint User Group Meeting

Community meeting for all midPoint users, engineers, architects and enthusiasts. We will discuss the new and hot topics in midPoint development. This is also the chance to meet midPoint developers and talk about the experiences and issues during midPoint deployments. There is an opportunity to actively participate in the discussions, demonstrating your contributions, success stories or overall experience with midPoint deployment in a community environment.



  • "The state of midPoint" by Radovan Semancik. Summarizing recent releases, development works and plans for next releases.
  • "What's hot in midPoint" by Katarina Valalikova. Introduction to new midPoint features and preview of recent development work.
  • Setting agenda for afternoon.


  • Ad-hoc discussions and demonstrations in a micro-unconference style.
  • Community feedback, suggestions and discussions with midPoint developers.

Gluu User Group Meeting

For Gluu users, engineers, architects, from curious to enthusiastic.

Time           Title
10:00-12:00 Intro to Gluu Platform: Gluu Server, Gluu Gateway, Casa, oxd, Super Gluu
12:00-13:00 Lunch
16:00-16:00 Gluu Gateway Live Training: bring your laptop!

Monday evening

Tables (for all groups) have been reserved at Zwölfapostel-Keller.

Address: Sonnenfelsgasse 3, 1010 Wien

We will go as a group with public transport after FIM4R ends.

You need to register in the morning or per email if you arrive in the afternoon.

Tuesday, 18.Feb., Workshops and Presentations

Track Time Room Contents
IGA 9:00-17:00 From Best Practice to Good Practice in Identity Governance and Administration
OSS IAM 9:00-17:15 Open Source Identity & Access Management Projects

Track Agenda

From Best Practice to Good Practice in Identity Governance and Administration

Decades of best practice. Identity and Access Management (IAM) is a core IT security discipline, going with the proverbial definition that it "enables the right individuals to access the right resources at the right times for the right reasons". While best practices for IAM have been available and growing in number for at least two decades, a canonical good practice is still emerging. Industry standards and sector regulations such as from central banks provide certain building blocks and baselines, but the overall size of the IAM discipline is still not trivial to manage. As auditors are increasingly drilling down in depth and achieving breadth, and incidents and damages are growing, it became important to be good enough from both risk and compliance perspectives.

Highlighting best practice. As long as there is no well-established "Good IAM Practice" standards have to be escorted with best practices. This track selects a couple of important aspects of IGA and presents best practices, new trends and lessons learned. There will be opportunities to discuss challenges of IGA with respect to policies, products, implementation other aspects.

Preliminary agenda:

Time           Title              Contents Contribution
09:00-09:15 Intro Session Introduction session, agenda of the day Chairman
09:15-09:30 A CISO's Perspective A CISO's perspective on IAM Governance Peter Gerdenitsch, RBI
09:30-10:15 SoD requirements and governance in SAP Regulatory requirements for segregation of duties including privileged accounts and best practices to enforce SoD in SAP systems Dominic Stommen, KPMG DE
10:15-11:00 Coffee Break    
11:00-11:30 AD Password Security A cleaned-up Active Directory is the foundation for a resilient IAM. We briefly discuss how malware and adversaries abuse wide-spread misconfigurations in Microsoft’s directory service to compromise organizations, but the focus will be the top security controls/configurations your Blue Team can deploy to thwart identity and trust related attacks. We look into old and new practices of password security, contrasting default AD policy with NIST-800-63B. Severin Winkler, KPMG AT
11:30-12:00 A world of privileges Automation and Intelligence are two of the most relevant topics in IT and Cybersecurity, but as faster as the digital environment is growing and offering new capabilities/benefits, the attack surface has become more undefined and complex. Get control over the keys of the kingdom is even more important now humans are not anymore the unique with high privileges. Juan Manuel Zarzuelo Díaz
12:00-12:30 Trusted B2B relationships When talking about electronic signatures, we normally think about people signing on some sort of obligation or contract. However, B2B signatures is getting more attention, and is essential to improving business to business communication. In this case, one or more people have to sign in behalf of an organization. There are several challenges, such as how to indicate that you are signing as yourself or on behalf of the organisation. As well as knowing who is authorized to sign on behalf of the organization. John Erik Setsaas, SIGNICAT
12:30-13:45 Lunch Break, Networking    
13:45-14:30 CIAM Project Story Lessons learnt: modernization of Customer IAM solution for multi-million user base Jukka Lauhia, KPMG FI
14:30-15:30 Coffee Break    
15:30-16:15 Legal Entity Identifiers: Intro, Use Cases and Business Value Following the financial crisis of 2008 the FSB/G20 advocated the creation and regulatory incorporation of a globally unique identity for any legal entity that engages in financial transactions. Today we find ourselves on the verge of large scale adoption of the LEI across numerous use cases. Delivering highly assured organisation identity, the LEI gives organisations the same abilities as individuals when it comes to being the subject of Identity Management. In this session we will explore the process behind the LEI, the current large scale use cases, and take a glimpse at a future that empowers legal entities to benefit in IAM processes as a natural person does today. Simon Wood, Ubisecure
16:15-17:00 Converging PAM in an IT/OT Environment Field experience in managing and reviewing controls for privileged access when both IT and OT/ICS-systems are in scope Andreas Reiter, Siemens; David Mayer, KPMG AT
17:00-17:15 Closing Session    

Open Source Identity and Access Management Projects

This conference track is for people working on and working with Open Source IAM to to discuss best practices, integration patterns and solution stories about Open Source IAM. For each slot there will be 2-3 short introductory presentations as input for discussions.

This track is chaired by Peter Gietz, DAASI International.

Time           Title              Contribution
09:00-09:30 Intro session, Agenda Bashing Chairman
09:30–10:15 Connector Frameworks, a good subject for cooperation:
- On the Future of ConnId
- ICF pros and cons

Radovan Semancik;
David Hübner
10:15–10:45 Standards for Interoperable OSS IdM
- Could SCIM become lingua franca of Identity Provisioning?
- Future of SCIM

Peter Gietz
10:45–11:00 Coffee break  
11:00–11:45 Standards for Interoperable OSS Access Management: SAML and OIDC Proxy based FIM architectures and solutions based on Open Source Software David Hübner
11:45–12:30 Interoperability in Testing Software: Methods used for midPoint and how they can be used in a broader context Oskar Butovič
12:30–13:30 Lunch break  
13:30–14:45 Current State of DIDs
Decentralized Identifiers (DIDs) are the foundational building block of emerging decentralized (or "self-sovereign") identity architectures. They are a new type of identifier that is independent of any central authority or intermediary, and that can be resolved in a way that is cryptographically verifiable. Other components such as Verifiable Credentials, agents, personal data stores, etc. can be built on top of DIDs. The DID specification is currently being written by the W3C Decentralized Identifier Working Group.
Markus Sabadello
14:45–15:30 Coffee break  
15:30–16:15 Governance and Challenges in OSS IAM Projects - how to establish a community, sustainable work models and choose the right licenses and protocols Benjamin Oshrin;
Ivan Kanakarakis
16:15-17:00 OSS Business Models
Pros and Cons of Specific OS Business Models

Billions or Bust? Open source is a great distributed development model. It’s a genius low-cost distribution model. But you need to think about how you're going to get paid! There is more nuance to this business challenge then many entrepeneurs initially appreciate. Luckily, we can learn from the pros. The Open Source Underdogs podcast sought to interview successful founders, to get out their stories about how they used open source as part of the whole business model--not just monetization, but also value proposition, customer segmentation, partner strategy, sales, marketing, and building the team. After talking to more thirty successful founders, some common themes emerge. If you are considering open sourcing your software, being prepared can save you years of learning the hard way!
Radovan Semancik;
Mike Schwartz
17:00-17:15 Closing session  


This track has been merged into track 1 after receiving complaints that people wanted to attend both tracks:-)

Time           Title Speakers
9:00-9:30 Welcome and Introduction Round Peter Gietz (DAASI International)
10:30-11:30 Coffee break
12:30-13:30 Lunch break
14:30-15:00 Coffee break

Evening event

Tables have been reserved at Stadtwirt.

Address: Marxergasse 3, 1030 Wien

We will go as a group with public transport after both tracks end.

You need to register in the morning (or per email) and choose from 1 of 2 menues. The evening event is not included in the conference ticket.

Wednesday and Thursday, 19.-20.Feb., Unconference

The unconference is using an agile format with participant-driven contents, covering the attendees' current interests. TIIME's format has been designed for solving trust and identity issues, developing and sharing new concepts and deepening your understanding of relevant topics. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!

To get an idea about the contents look at sessions that have been proposed already, or topics and proceedings from previous conferences.

Schedule Wednesday

Time Title
08:00 - 09:00 Coffee
09:00 - 10:30 Keynote (CIAM)
agenda creation
10:30 - 10:45 Coffee break
10:45 - 11:30 Sessions (1)
11:30 - 12:15 Sessions (2)
12:15 - 12:45 Plenary
12:45 - 14:00 Lunch
14:00 - 14:45 Session (3)
14:45 - 15:30 Sessions (4)
15:30 - 16:00 Coffee break
16:00 - 16:45 Sessions (5)
16:45 - 17:15 Plenary
18:30 ~ 21:45 Social dinner

Schedule Thursday

Time Title
08:00 - 09:00 Coffee
09:00 - 10:30 Keynotes (Cloud IGA, eID)
agenda creation
10:30 - 10:45 Coffee break
10:45 - 11:30 Sessions (6)
11:30 - 12:15 Sessions (7)
12:15 - 12:45 Plenary
12:45 - 14:00 Lunch
14:00 - 14:45 Sessions (8)
14:45 - 15:30 Sessions (9)
15:30 - 16:00 Plenary


CIAM – an Evolving and Converging World

Simon Wood (Ubisecure)

Profile Picture We live in an unprecedented time, hyper connected, hyper converged. But this doesn’t just apply to us; markets, businesses, platforms, all are converging, and the once distinct world of CIAM is no different. Customers, consumers, partners, suppliers, they are all external identities and all bring challenges and opportunities. From security to efficiency to experience to regulatory compliance, CIAM brings solutions that are a subset of the wider external identity management. For organisations embarking on a ‘digital transformation’ or refresh, the convergence applies to vendor products and suppliers as much as to the management of the ‘Customer Journey’. This presentation will provide insights into the CIAM domain, from technology to corporate development.

Cloud IGA in Practice - the Challenges and Successes

Edwin Sturrus (KPMG NL)

Profile Picture Since years there is an increasing adoption of cloud services in the market. This inherently has a strong effect on identity and access management (IAM) solutions, for both capabilities and delivery models. Authentication services from the cloud have become common practice or even the leading standard these days, identity governance and administration (IGA) services are now following the same transition. Established IGA solution providers are changing their core offerings to a SaaS model. This forces organizations into standardized processes and practices. This provides opportunities to adopt best practices and gain instant improvements to core processes quickly. During this presentation these developments and the impact on organisations will be explained. Supporting by a case-study of a SaaS IGA deployment and process integration, both its challenges and its success.

Update on Public Sector eID Initiatives and Trust Frameworks

Colin Wallis (Kantara Initiative)

Profile Picture This presentation overviews the current status of the most relevant efforts in CA, EU, UK and US, so that the audience can take away a holistic picture and compare and contrast understanding of government-initiated digital identity programmes globally. Why should you care? Even if you are not directly engaging, monitor public sector developments in all markets you operate in, to prepare for any potential policy, regulation or compliance requirements.