Impressions from European Identity & Cloud Conference 2017
No new standards, no protocol declared dead – but new compliance directives which have huge impact on business practices and deployed IAM services. The General Data Protection Regulation (GDPR) and the Revised Directive on Payment Services (PSD2) will be applied in 2018 after a two-years transition period.
From the importance of establishing a legal identity for developing countries as part of every person’s basic human rights and as a precondition for access to health and wealth services, via SSI (self-sovereign identity, aka decentralized blockchain based Identity, via Cognitive Security (AI, Machine Learning applied to security analytics), via Customer IAM (CIAM) to Security of the Connected Car: The European Identity Conference is definitely the one-stop in identity topics in Europe that you should not miss.
The KuppingerCole European Identity Conference (EIC) is definitely the one-stop in identity topics in Europe that you should not miss
The 11th KuppingerCole European Identity Conference took place in Munich from May 9th to 12th with a record breaking number of attendees of 700. From year to year the spectrum of the conference is getting wider and wider. And in fact, mirrors the impact of digitalization to everyone and everything. The KuppingerCole team again did a fantastic job by not only inviting representatives from IAM vendors and their customers, but also bringing speakers from NGOs, initiatives like Taqanu Bank (a bank for refugees), visionaries, lawyers and technical people together to discuss and share identity topics.
The morning of the first conference day is traditionally a forum for several organizations to present to a broader audience the project done in different working groups. This year workshops were held by Kantara Intitative, OpenID Foundation, OASIS Privacy Engineering and Forum Systems.
Some facts from the OpenID Workshop: Three OpenID Connect (OIDC) Logout Implementer’s Draft were approved in March 2017. OIDC certification for Relying Parties is available since December 2016. 34 profiles have been certified for 12 implementations and 11 organizations. Certification for OPs, which is available since 2015, was granted for 124 profiles to 39 implementations and 36 organizations. The certification is a self-certification available at $200 for members or $999 for non-members. Additional profile tests are planned: refresh token, logout, OP initiated login and self-issued tokens. Update on AccountChooser: Google donated the code of their project OpenYOLO – a password manager with Open API integrated as privileged app into Android OS.
The conference itself started in the afternoon as always with Martin Kuppinger’s keynote on “Can Artificial Intelligence close the gap between Cyber-Adversaries and their victims? Looking on solving the skills shortage in Cyber-Security by applying technology.” He described five axioms of Cyber Security which describe the state of cyber security:
- There is no 100% security
- Once a system, a device, or thing is connected, it is under attack
- Every individual and every organization is/has been attacked successfully
- There are backdoors to hardware, software and networks – your keys may already have been duplicated
- There are not enough sufficient skilled people out there to staff your Cyber Defense Center
He came to the conclusion that Cognitive Security can help to better defend against the attackers by minimizing unknown events and faster detecting and identifying incidents. Cognitive Security can provide tools to close the skill gap, but organizations should also invest in education of their existing teams and teams should not try to do everything themselves but should seek for help from managed security providers which benefit from the economies of scale.
Everything is called machine learning, even if the machine learns nothing
M.Kuppinger
Some excerpts from the keynotes and the break out sessions:
Ian Glazer gave an update on the IDPro.org, an upcoming professional organizations focused on identity management. The organization was proposed by him in last year’s EIC16. It is now an Kantara incubate and intends to open up in June for founding members. The organization will provide membership services, a body of knowledge and a code of practice for identity professionals.
There is no Identity Meetup in Germany – the 3rd largest economy in the world
Ian Glazer
Doc Searls presented CustomerCommons. Terms will be created to help with privacy issues similar to what CreativeCommons provided to overcome copyright issues.
Mike Jones on strong authentication using asymmetric keys in devices: The draft Web Authentication: An API for accessing Public Key Credentials WD-05 was published the Friday before the conference (May, 5th). The FIDO 2.0 CTAP (Client to authenticator protocol) is still private to the FIDO Alliance members. The IETF token binding specifications will be released as a final RFC in a few months.
Balazs Némethi gave an update on Taqanu Bank, whose story was started at last year’s EIC16. The bank tries to provide banking service to refugees by replacing the traditional KYC principle with an identity created on basis of the person’s digital footprint and blockchain technology.
Because most refugees have a smartphone, they have digital footprint
Balazs Némethi
Drummond Reed and Phil Windley presented on Self-Sovereign Identity (SSI), blockchain based decentralized identities: Sovrin which was discussed first in EIC16. It was built to solve the hard problems of SSI – governance, scalability, pseudonymity, data privacy and revocable attributes.
Oliver Naegele introduced his new Frankfurt-based FinTech startup Blockchain Helix which provides blockchain based identity and data services.
The highlight of the conference, as every year, was the award presentation ceremony moderated charmingly by Jennifer Haas and Rob McCabe. The winners were chosen by the KuppingerCole analysts from among outstanding projects, applications and ideas in IAM, GRC and Cloud Security.
The winners 2017 in several categories are:
Best approach to improving governance and mitigating risk: Mitsubishi UFJ Securities
Mitsubishi UFJ Securities implemented a program based on the RSA IdaaS solution to meet regulatory compliance.
Best consumer identity project: Moneyou (ABN AMRO Bank)
Moneyou used ForgeRock software to build a system for its new and innovative services treating identity as a key enabler and differentiator.
Best IAM project: Nestlé
Nestlé implemented an Identity and Access Governance solution called AMIGO based on One Identity with a 20 member team in 10 months.
Best IoT security project: Danfoss
The price for the category was rewarded for the first time. Danfoss and Nixu implemented a security framework for Danfoss Drives.
Future Technology Award: IBM Watson
“AI for the masses” – IBM Watson provides cognitive services that can be used to build leading-edge solutions.
The next European Identity Conference will be held at Munich from 15-18 May 2018. But note: KuppingerCole is hosting additional conferences: Consumer Identity World in Seattle, Paris and Singapore; The Next Generation Marketing Executive Summit and the Digital Finance World in Frankfurt.
Again, a great thanks to the KuppingerCole team for a well-organized conference.