YOUR GUIDE IN TRUST SERVICES, DIGITAL IDENTITIES, ACCESS MANAGEMENT AND API SECURITY
The Digital Identity & Trust Conference 2024 promises an exceptional program that brings together Europe’s leading experts in security standards with compelling local stories from Belgium. This year’s event offers a unique blend of top-tier European speakers, including pioneers like Daniel Fett and Torsten Loddersted, alongside influential Belgian voices, making it an unmissable opportunity for professionals seeking to deepen their understanding of digital identity and trust. Attendees will gain invaluable insights into the latest trends, challenges, and innovations shaping the field, all within a dynamic and interactive setting tailored to the needs of the Belgian market.
Opening by chairman of the day
Erik van Zuuren, Chair of TrustCore
Chairman of the day Erik van Zuuren will open the programma and walk you trough what the day will bring.
Unlocking Identity and Access Management at Monumental Scale
Michiel Van Cauwenberge | Product Manager ACM-IDM-VMS & Wim Martens | Strategy Manager ICT | Digitaal Vlaanderen
In this session, we will delve into the intricate world of identity and access management (IAM), and, more specifically, how identity and access management systems can be leveraged within large organisations to cater to millions of users. The point of focus of this session will be two security building blocks from the Digitalization Agency of the Flemish Government: the Flemish Access Management System (ACM) and the Flemish Identity Management System (IDM). How has the Flemish Government managed to integrate over 2.000 applications with these building blocks and how do we manage to successfully authenticate over 15 million users every single month? Furthermore, how have we managed to achieve this feat within the well-known constraints of the public sector, i.e. with a small, dedicated team and limited resources? Join us as we uncover the origins, history and evolution of our building blocks, along with the various challenges we encountered along the way.
Lessons learned with respect to API access authorization
Tom Bruggeman, Area Manager, DPG Media
As an international media company we’ve been dealing with rapid digital transformation for a bunch of years now. One of the cornerstones of our strategy is authorization management in order to control access to our customer identity services for millions of users and customers. Over the last 6 years we’ve gone through many iterations of our customer identity authorization management platform; from a fully managed SaaS platform to our own custom-built solution. In this talk we’ll share our journey with you and highlight some of the challenges we’ve faced, how we’ve dealt with them and why we believe our homegrown platform has been the right choice for our company.
Coffee Break with In-Person Meetings
At the network plaza you can meet the partners of this conference while enjoying a cup of coffee or tea. In-person meetings also take place here.
Transitioning to Decentralized Identity
Jochen Raymaekers, Principal Solution Architect, Ping Identity
In a world increasingly plagued by data breaches and identity theft, giving users—including employees and customers—the power to independently manage and share their personal information is transforming the landscape of identity management.
Join us to delve into the principles of decentralized identity, where we will:
Enable users to securely manage and control their personal data, make anonymous identity claims without unnecessary exposure, and selectively authorize data access based on necessity.
Decrease vulnerabilities and reduce the risk of breaches associated with centralized systems, thereby enhancing organizational privacy and security.
How to Successfully Manage Access for External Identities
Kurt Berghs, VP Product Management, TrustBuilder Corporation N.V.
Dive into practical examples of using advanced access control and identity management for external users. External users go beyond the extended enterprise and cover employees of customers, outsourcers, suppliers, distributors, brokers, and business partners as well as consumers. Learn how managing user lifecycles in an intuitive way streamlines access governance, and improves user experience. This session, aimed at CIOs and Product Managers, shows how to balance policy-based IAM with dynamic, business-focused CIAM.
Hackers don’t Hack In – They Log In. How to Combat the threat of Credential Theft
Matt Sturman, Sr Solutions Engineer of BeyondTrust
The world of cyber security is changing, with more dynamic highly connected systems than ever. With an explosion of apps, accounts and access, the battleground has shifted from traditional perimeter and endpoint security into the world of identity security, effectively meaning the hacker has been replaced by the credentials thief.
With Identity compromise common to almost every cyber-attack, distinguishing between how a legitimate user is leveraging an identity and the misuse of that identity by an unauthorized user is difficult. This leaves the door open for threat actors to use impersonated identities to access resources, compromise systems, move laterally and achieve their illicit objectives. Today this is effectively making identity the new security perimeter.
Join this discussion as Matt shares what is driving this paradigm shift, and how attackers are successfully exploiting the gaps in visibility between IAM and security tools.
Achieving NIS 2 Compliance: Key Identity Security Strategies
Alan Radford, Field Strategist EMEA, One Identity Software Netherlands
The updated Network and Information Systems (NIS 2) directive demands stringent cybersecurity measures. This session will focus on practical strategies for achieving NIS 2 compliance through a unified identity security approach.
What you will learn:
- The role of identity security in NIS 2 compliance
- Risk management controls that impact NIS 2
- Planning your identity roadmap to save costs and boost ROI
We will cover four key areas:
- Identity Governance (IGA): Managing identities to ensure compliance
- Privileged Access Management (PAM): Securing privileged accounts
- Active Directory (AD) Management: Maintaining a secure identity infrastructure
- Access Management (AM): Controlling and monitoring access to critical systems.
Join us for actionable insights and clear examples to implement these strategies in your organisation.
Lunch Break with In-Person Meetings
Lunch is waiting for you at the network plaza. While enjoying a sandwich, you can discuss the morning program with fellow participants or obtain information about your issues from partners. The in-person meetings also take place here.
A ‘converged’ approach to IAM, IGA and PAM, how and why?
Martijn Morshuis, Senior Solutions Engineer of Okta, Inc.
Gartner predicts that by 2025, 70% of access management, identity governance, and privileged access implementations will be so-called ‘converged’ IAM platforms. But:
- What does a ‘converged’ approach to Identity Management look like?
- What are the benefits?
- Where do you start if you already have certain IAM point solutions in place?
- And how can you combine PAM, IAM, and IGA functionalities to prevent a fragmented identity management environment?
Join this session to get answers to these questions.
How not to use OAuth
Daniel Fett | Lead Author OAuth 2.0 Security Best Current Practice | IETF
Daniel Fett is co-authoring the new security recommendations RFC for OAuth 2.0 in the IETF OAuth Working Group. In this talk, he will walk you through the MUSTs, MUST NOTs, and SHOULDs of the new recommendations.
OAuth is the most important framework for federated authorization on the web. It also serves as the foundation for federated authentication using OpenID Connect. While RFC6749 and RFC6819 give advice on securing OAuth deployments, many subtle and not-so-subtle ways to shoot yourself in the foot remain. One reason for this situation is that OAuth today is used in much more dynamic setups than originally anticipated. Another challenge is that OAuth today is used in high-stakes environments like financial APIs and strong identity proving.
To address these challenges, the IETF OAuth working group is working towards a new Security Best Current Practice (BCP) RFC that aims to weed out insecure implementation patterns based on lessons learned in practice and from formal security analyses of OAuth and OpenID Connect. The BCP gives concrete advice to defend against attacks discovered recently (like the AS mix-up attack) and discourages the use of less-secure grant types such as the Implicit Grant.
This talk will outline the challenges faced by OAuth in dynamic and high-stakes environments and go into the details of the MUSTs, MUST NOTs, and SHOULDs in the new Security BCP.
Running successful IGA projects – How to reach 100% of your application scope with an IGA solution?
Jacques Forster, CTO, OPNS
Most IGA projects start with a limited scope, focussing on only critical applications in an initial phase. Once that project phase is closed out, the deployed IGA solution is facing several challenges, including scope expansion to gradually cover 100% of the application landscape. More applications, more use cases, non-production scopes, special accounts, extended role catalogue and/or extra populations are waiting for their on-boarding… This session is about tips and techniques to both simplify & accelerate the way IGA can cover more scope, faster.
Coffee Break with In-Person Meetings
At the network plaza you can meet the partners of this conference while enjoying a cup of coffee or tea. In-person meetings also take place here.
Honey, I shrunk the Trust
Philippe Fransolet | Security Architect | BNP Paribas Fortis
Trust is vital in the digital world, and certificates and so-called Qualified Trust Services seem to be the golden standard. Let’s learn from experiences of the banking world where certificates are widely used for secure communications, Open Banking, PSD2 etc. Do all certificates provide the same trust level? To what extent do they live up to their security promises? What are the potential setbacks, and what can be done to mitigate them?
Demystifying the architecture of the EUDI Wallet
Torsten Lodderstedt | Lead Architect German EUDI Wallet Project | Federal Agency for Disruptive Innovation SPRIND
The EUDI Wallet will change the way we interact digitally. It will allow users to securely keep their credentials (e.g. for identity, professional and educational achievements, entitlements as well as prescriptions) and use them at their discretion in a privacy preserving manner in digital and physical processes with public and private entities and other users. This will be the basis for seamless digitization and enables disruptive innovations. However, the EUDI Wallet is an ambitious and complex undertaking and the „how?” might not be as transparent as it should be. This talk will make an attempt to demystify the EUDI Wallet by shedding light on its fundamental concepts and explaining its architecture and the technical standards being employed.
Network drinks
At the network plaza you can discuss the sessions with fellow participants while enjoying a drink or discuss your problems with one of the partners. The in-person meetings also take place here.
Who will be speaking?
View our confirmed experts
Curious as to who will speak and what experience they bring? Quickly view our complete expert overview!