Impressions from European Identity & Cloud Conference 2018

English on May 22nd, 2018 No Comments

EIC18Technology meets Legal, Standards meets Best Practices, Vision meets Reality. All this happens when KuppingerCole Analysts calls together the Identity Community to meet at the 12th European Identity and Cloud Conference (EIC) in Munich from 15th-18th May 2018. It is the leading Identity and Access Management event in Europe and probably in the world with more than 800 participants and 60 exhibitors, attracting identity enthusiasts from all over the world even from Australia, New Zealand and Japan.

Not very surprisingly the big topics of the conference have been, on the one side fueled by the Cambridge Analytics scandal, the General Data Protection Regulation (GDPR) which will be effective at May, 25th and, on the other side, Blockchain Identity, also known as Self-Sovereign Identity, SSI. A new upcoming topic was actively discussed and most likely will be a major topic at EIC 2019: The impact of Microservices on Identity Management and vice versa.

Blockchains are here to stay – Blockchain might deliver the UNIVERSAL ID

Martin Kuppinger

Although Blockchain Identity is still in an early stage there is a controversial discussion about what problem it is actually solving. Martin Kuppinger stated in his Keynote: “Blockchains are here to stay – Blockchain might deliver the UNIVERSAL ID” but success depends on reaching the critical mass and achieving interoperability between legacy identity systems and other blockchains. Easy-to-use wallets, Privacy-by-Design, predictable and affordable costs are critical to broader adoption. Challenges remain as Blockchain Identity does not solve the privacy problem per se. Off-chain storage of PPI data and “the right to be forgotten” problem still require adequate solution.

GDPR is just one week away, but what exactly will happen after the effective date? Most participants expect that the authorities will start to chase the big ones (the Googles and Facebooks) – if at all. Implementation details are still unclear and actively discussed. Subject of one of the panels was: “How to decide between Consent and Contract as a Lawful basis for Processing under GDPR”. Allan Foster formulated the answer motivated by the use case described by someone from the audience in which a company processed employees private address data in order to create groups for a newly introduced carpooling: “When a User is surprised with what you do with his data, ask for consent”

When a User is surprised with what you do with his data, ask for consent

Allan Foster, Forgerock

The concept of the European Identity Conference is a mixture of keynotes, workshops, breakout sessions and panel discussions. In 2018 the panel discussions were very well received and successfully put together by KuppingerCole’s team. The panel “How will Authorization Look in Future? XACML, OAuth, Proprietary?” turned out to be an intense discussion on the differences between OAuth and XACML:

OAuth is not authorization, it is just access delegation

David Brossard, Axiomatics

Some things noteworthy to mention from the more practical day-to-day identity reality:
Mike Schwartz, GLUU, introduced the Open Trust Taxonomy for OAuth2 Kantara Workgroup (OTTO) which tries to define basic structures of multi-party federations like APIs and related data structures to manage trust between entities and to discover members and service details of federations (https://kantarainitiative.org/confluence/display/OTTO/Home)
Andrew Hughes and Corné van Rooij presented the Kantara Consent Management best practices Working group which will collect best practices fot management of privacy notices

Rainer Hörbe talked about Privacy by Design in Federated Identity Management: Tackling FIM related privacy risks: Observability of behavior by central instances, Linkability by introducing common identifiers and Impersonation by IDPs due to weakness in SSO mechanism by using approaches like late binding of user attributes, constrained logging proxies or blind proxies.

European Identity & Cloud Awards 2018: As always, the ceremony is a highlight of the conference. The following winners were presented:

  • Best IAM Project: Munich RE insurances for a mature IAM implementation
  • Best Consumer Identity Project: If P&C Insurance for developing an innovative Mobile App for Health Insurance
  • Best IoT Security Project: Hager Group implementing a Smarthome Operator Service via website and smartphone
  • Best IT Risk Management Project: Deutsche Bank for its IAM program in a complex, highly regulated environment
  • Best Innovation Award: OpenID Certfication Program for the successful introduction of self-certification of OpenID providers
  • The new Blockchain Identity Award: Taqanu Bank for a horizontally scalable Blockchain solution and its unique consensus algorithm

Concluding this post by thanking the unbelievable KuppingerCole team for putting together this challenging agenda and for the perfect event organization (as always). Looking forward to the 13th European Identity & Cloud Conference from May, 14th to 17th 2019

Some links and acronyms:
DIF: Decentralized Identity Foundation http://identity.foundation/
DLT: Distributed Ledger Technology (not Digital Linear Tape)
IDPro: The First-Ever Digital Identity Professionals Organization https://idpro.org

Tags: , , , , ,

No Responses to “Impressions from European Identity & Cloud Conference 2018”

Leave a Reply

You must be logged in to post a comment.