Monday, 17.Feb.: User groups and co-located events
|09:00-18:00||FIM4R||Federated Identity Management for Research 14th Workshop|
|11:00-17:30||IdPy||IdentityPython User Group (to be confirmed)|
|09:00-18:00||midPoint||midPoint User Group Meeting|
IdentityPython is a set of projects that provide implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc – all implemented in Python. The meeting will have an agenda with the various technical, management and policy items that have not been solved with conference calls.
Community meeting for all midPoint users, engineers, architects and enthusiasts. We will discuss the new and hot topics in midPoint development. This is also the chance to meet midPoint developers and talk about the experiences and issues during midPoint deployments. There is an opportunity to actively participate in the discussions, demonstrating your contributions, success stories or overall experience with midPoint deployment in a community environment.
Tables have been reserved at Zwölfapostel-Keller.
Address: Sonnenfelsgasse 3, 1010 Wien
We will go as a group with public transport after FIM4R ends.
You need to register in the morning or per email if you arrive in the afternoon.
Tuesday, 18.Feb., Workshops and Presentations
|IGA||9:00-17:00||From Best Practice to Good Practice in Identity Governance and Administration|
|OSS IAM||9:00-17:15||Open Source Identity & Access Management Projects|
Decades of best practice. Identity and Access Management (IAM) is a core IT security discipline, going with the proverbial definition that it "enables the right individuals to access the right resources at the right times for the right reasons". While best practices for IAM have been available and growing in number for at least two decades, a canonical good practice is still emerging. Industry standards and sector regulations such as from central banks provide certain building blocks and baselines, but the overall size of the IAM discipline is still not trivial to manage. As auditors are increasingly drilling down in depth and achieving breadth, and incidents and damages are growing, it became important to be good enough from both risk and compliance perspectives.
What is good enough? The practice of handling IAM with management systems began as a set of controls in ISMS. At the time the term IGA was introduced by Gartner the more IAM-specific approach to governance became prominent. Review cycles for identities, accounts, access rights and role schemes merged with plan-do-check-act style approaches. Unfortunately we still cannot claim "mission completed" in the IAM field. The practical implementations can be challenging and requires cooperative efforts between IT, business and security, such as: incomplete policies; complex role management; lack of standard interfaces; achieving effective controls without exuberant bureaucracy; catering for legacy systems.
Highlighting best practice. As long as there is no well-established "Good IAM Practice" standards have to be escorted with best practices. This track selects a couple of important aspects of IGA and presents best practices, new trends and lessons learned. There will be opportunities to discuss challenges of IGA with respect to policies, products, implementation other aspects.
|09:00-09:15||Intro Session||Introduction session, agenda of the day||Chairman|
|09:15-09:30||A CISO's Perspective||A CISO's perspective on IAM Governance||t.b.a.|
|09:30-10:15||SoD requirements; SoD governance in SAP||Regulatory requirements for segregation of duties including privileged accounts
Best practices to enforce SoD in SAP systems
|Linda Noak, KPMG Deutschland
Bastian Becelewski, KPMG DE
|11:00-11:30||AD Password Security||We discuss how configuration and legacy options impact password security, how to bring legacy policies up-to-date, and the related monitoring options and KPIs||Severin Winkler, KPMG AT|
|11:30-12:30||Architectural IAM Patterns||High-level IAM architectural patterns to improve agility||t.b.a.|
|12:00-12:30||Trusted B2B relationships||When talking about electronic signatures, we normally think about people signing on some sort of obligation or contract. However, B2B signatures is getting more attention, and is essential to improving business to business communication. In this case, one or more people have to sign in behalf of an organization. There are several challenges, such as how to indicate that you are signing as yourself or on behalf of the organisation. As well as knowing who is authorized to sign on behalf of the organization.||John Erik Setsaas, SIGNICAT|
|12:30-13:45||Lunch Break, Networking|
|13:45-14:30||CIAM Project Story||Lessons learnt: modernization of Customer IAM solution for multi-million user base||Jukka Lauhia, KPMG FI|
|15:30-16:15||Legal Entity Identifiers: Intro, Use Cases and Business Value||Following the financial crisis of 2008 the FSB/G20 advocated the creation and regulatory incorporation of a globally unique identity for any legal entity that engages in financial transactions. Today we find ourselves on the verge of large scale adoption of the LEI across numerous use cases. Delivering highly assured organisation identity, the LEI gives organisations the same abilities as individuals when it comes to being the subject of Identity Management. In this session we will explore the process behind the LEI, the current large scale use cases, and take a glimpse at a future that empowers legal entities to benefit in IAM processes as a natural person does today.||Simon Wood, Ubisecure|
|16:15-17:00||Converging PAM in an IT/OT Environment||Field experience in managing and reviewing controls for privileged access when both IT and OT/ICS-systems are in scope||Andreas Reiter, Siemens; David Mayer, KPMG AT|
This conference track is for people working on and working with Open Source IAM to to discuss best practices, integration patterns and solution stories about Open Source IAM. For each slot there will be 2-3 short introductory presentations as input for discussions.
This track is facilitated by Peter Gietz, DAASI International.
|09:10–10:00||Connector Frameworks, a good subject for cooperation:
- On the Future of ConnId
- ICF pros and cons
|10:00–10:45||Standards for Interoperable OSS IdM
- Could SCIM become lingua franca of Identity Provisioning?
- Future of SCIM
|11:00–11:45||Standards for Interoperable OSS Access Management: SAML and OIDC Proxy based FIM architectures and solutions based on Open Source Software||David Hübner|
|11:45–12:30||Interoperability in Testing Software: Methods used for midPoint and how they can be used in a broader context||Oskar Butovič|
|15:30–16:15||Business and cooperation models for OSS IAM|
|16:15-17:00||International OSS IAM Business Aliance, something we need?||Chairman|
This track has been merged into track 1 after receiving complaints that people wanted to attend both tracks:-)
|9:00-9:30||Welcome and Introduction Round||Peter Gietz (DAASI International)|
Tables have been reserved at Stadtwirt.
Address: Marxergasse 3, 1030 Wien
We will go as a group with public transport after both tracks end.
You need to register in the morning (or per email) and choose from 1 of 2 menues).
Wednesday and Thursday, 19.-20.Feb., Unconference
The unconference is using an agile format with participant-driven contents, covering the attendees' current interests. TIIME's format has been designed for solving trust and identity issues, developing and sharing new concepts and deepening your understanding of relevant topics. If you are looking for a substantial discussion on this subject it is likely that you will meet the right people here!
To get an idea about the contents look at Topics or into the proceedings from previous conferences.
|08:00 - 09:00||Coffee|
|09:00 - 10:30||Keynote (CIAM)
|10:30 - 10:45||Coffee break|
|10:45 - 11:30||Sessions (1)|
|11:30 - 12:15||Sessions (2)|
|12:15 - 12:45||Plenary|
|12:45 - 14:00||Lunch|
|14:00 - 14:45||Session (3)|
|14:45 - 15:30||Session (4)|
|15:30 - 16:00||Coffee break|
|16:00 - 16:45||Session (5)|
|16:45 - 17:15||Plenary|
|18:30 ~ 21:45||Social dinner|
|08:00 - 09:00||Coffee|
|09:00 - 10:30||Keynotes (Cloud IGA, eID)
|10:30 - 10:45||Coffee break|
|10:45 - 11:30||Sessions (6)|
|11:30 - 12:15||Sessions (7)|
|12:15 - 12:45||Plenary|
|12:45 - 14:00||Lunch|
|14:00 - 14:45||Session (8)|
|14:45 - 15:30||Session (9)|
|15:30 - 16:00||Plenary|
|We live in an unprecedented time, hyper connected, hyper converged. But this doesn’t just apply to us; markets, businesses, platforms, all are converging, and the once distinct world of CIAM is no different. Customers, consumers, partners, suppliers, they are all external identities and all bring challenges and opportunities. From security to efficiency to experience to regulatory compliance, CIAM brings solutions that are a subset of the wider external identity management. For organisations embarking on a ‘digital transformation’ or refresh, the convergence applies to vendor products and suppliers as much as to the management of the ‘Customer Journey’. This presentation will provide insights into the CIAM domain, from technology to corporate development.|
|Since years there is an increasing adoption of cloud services in the market. This inherently has a strong effect on identity and access management (IAM) solutions, for both capabilities and delivery models. Authentication services from the cloud have become common practice or even the leading standard these days, identity governance and administration (IGA) services are now following the same transition. Established IGA solution providers are changing their core offerings to a SaaS model. This forces organizations into standardized processes and practices. This provides opportunities to adopt best practices and gain instant improvements to core processes quickly. During this presentation these developments and the impact on organisations will be explained. Supporting by a case-study of a SaaS IGA deployment and process integration, both its challenges and its success.|
|This presentation overviews the current status of the most relevant efforts in CA, EU, UK and US, so that the audience can take away a holistic picture and compare and contrast understanding of government-initiated digital identity programmes globally. Why should you care? Even if you are not directly engaging, monitor public sector developments in all markets you operate in, to prepare for any potential policy, regulation or compliance requirements.|