European Identity & Cloud Conference 2013
14.05. – 17.05.2013, Munich/Germany


Cloud Computing, Mobile Computing and Social Computing – each of these trends have been around for some time. But what we see now, is the convergence of those forces, creating strong new business opportunities and changing the way we use information technology to interact with our customers and to run our enterprises. It is all about the shift of control into the hands of users, far beyond of what we used to call consumerization. Identity and access is the key element in this paradigm shift and there is no better place to get the right input for your strategy than EIC 2013. It is about protecting corporate information while enabling business agility.

Continuing Education Credits

Prerequisites: None
Advance Preparation: None
Learning Level: Intermediate
Field: Computer Science

After attending this block you will be able to:

  • Describe how Cloud Computing, Mobile Computing and Social Computing are creating new business opportunities but also new challenges to protect information
  • Explain the concepts behind the emerging approaches to managing identity and access to the cloud and when using mobile devices
  • Explain how to evaluate authentication methods in order to reduce security risks such as insider threats and external threats
  • Discuss the state of secure customer identities that work well for both customers and enterprises
  • Explain why IAM needs to change and why it will still be needed into the future
  • Describe the different ways IAM functionality can be provided as cloud services
  • Describe the strategies for moving existing IAM deployments to the cloud
  • Describe how to use IAM to protect you from Advanced Persistent Threats and Auditors
  • Discuss the impact of allowing employees to use third party identities (like Facebook) to access services
  • Discuss whether Identity as a Service will help to solve the problems of cloud, mobile and social computing

This block qualifies for up to 5 Group Learning based CPEs depending on the number of sessions you attend.

Moving from Confusion to Clarity:

15.05.2013 10:30-11:30

Next Generation Cloud and Mobile Identity Management

The „Identity Explosion“ – explained first time at EIC 2012 – as part of the “Cambrian Explosion of Everything” with more devices, more identities, and more involved parties requires new approaches which think far beyond the organization’s perimeter. However, what is it really what customers need to manage identities and access and protect their corporate information, wherever it resides? Is it an expansion of traditional IAM tools? Are it cloud-based incarnations of these tools? Are it fundamentally new concepts? Which of these approaches will work and which will fail? There are many different vendors and ideas around the next generation cloud and mobile identity management, but this leads more to confusion than clarity. The panelists will discuss these concepts and will help you moving from confusion to clarity.

Using existing Standards for Cloud-based Access Management across Organizations

15.05.2013 11:30-12:30

Using existing Standards for Cloud-based Access Management across Organizations

Cloud-based IAM is, to be honest, in most cases limited to Cloud-based authentication, which means to use the authentication of a customer or partner organization. A consequence thereof is that the authorization management architecture must be changed, since one can no longer assume that users will be present in the systems of the service provider (or in a specific identity provider) to manage authorizations upfront, e.g. by using role models or other (relatively) static information.

Especially in the last years, the externalization of identities from the applications – a healthy but also necessary step – has led to assembling all sorts of attributes of the user, encoding in some way or the other the authorizations/roles that this person has in the different to-be-used target systems, at the Identity Provider. But this approach, though widespread, has a number of disadvantages, especially in cross-organizational scenarios unless the challenge of dealing with distributed sources for authorization information at run-time has been solved.

This presentation describes an architectural approach to use claims-based authorization assertions for web-based applications in conjunction with SAML authentication delegated to an Identity Provider, where the authorization information is neither stored with the application, nor with the Identity Provider.

Typical Risks and Pitfalls in IAM/IAG Projects

How to deal with the Consumer: Will there ever be the single, secure Identity one could use?

These days, web application owners benefit from the fact that the world has moved online. People worldwide send out e-mails from their e-mail account(s), keep in contact with friends through social network accounts, perform payments with their online banking account and buy products online…. Because of the success of online services, they are becoming attractive targets to hackers. Today, most accounts are secured with static passwords, but considering the information people store online, static passwords are not enough anymore. Customers demand higher security. It is evident that when those static passwords are intercepted, consequences could be disastrous. The question now is how to keep the valuable information contained within these applications safe from virtual villains? How to create a safe online environment without compromising on user-convenience? Strong cloud-based authentication would be a perfect solution. But will this work? How about managing it? How about relying on hardware technology which has been widely deployed but seldom used? How about the initial verification?

The panelists will discuss the state of secure customer identities that work well for both customers and enterprises.

Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.