Identerati Office Hours Episode
Building a new ecosystem is not for a faint hearted but it is possible if you work with the industry, international standards bodies, and global identity community. The conversation will cover what worked and what didn’t; what is next for ConnectID?
SPIFFE is a framework to generate identities for software systems in dynamic and heterogeneous environments. SPIFFE Verifiable Identity Documents (SVIDs) enable us to be explicit about the trust we place in systems. However, the degree of trust we can place in SVIDs relies heavily on the soundness of the data gathering and verification process during node attestation. By leveraging confidential computing technologies, specifically Confidential Virtual Machines (CVMs) we can track platform information directly in hardware, including firmware, boot loader, and kernel images, which are then signed with a key rooted inside the CPU itself. By incorporating hardware-protected platform information directly into the SVID generation process, we can significantly enhance the confidence placed in the resulting identity documents. Additionally, consumers of these SVIDs will be able to assert these properties before placing trust in a system.
The UN sees public sector adoption of open source software as playing a key role in governments’ digital transformation. The OpenWallet Forum, building on the success of the OpenWallet Foundation, will offer a platform for multistakeholder cooperation to integrate wide-ranging requirements from governments and companies into coordinated policies and technical standards for digital wallets. The forum will also be supported by the UN International Computing Centre (UNICC) and the Government of Switzerland.
Traditionally, identity security has primarily focused on addressing three of the six Ws – Who, What, and Why. However, ObserveID takes identity security to the next level by delving into the When’s, the Where’s, and the What’s. By considering not just “Who” has access and “What” actions they perform, but also “When” these actions occur and “Where” they take place, ObserveID employs a comprehensive approach that significantly reduces the surface attack area and enhances overall security. This thorough examination of the timing, location, and specific activities associated with user identities enables a more precise and dynamic implementation of access control and monitoring, strengthening an organization’s defenses against both external and internal threats, and ensuring a more resilient and adaptive security posture.
In today’s digital landscape, the rise of Cloud, SaaS, Generative AI, and data-driven automation has led to the proliferation of Non-Human Identities (NHIs) within organizations. These digital entities—such as service accounts, access keys, and API tokens—play a crucial role in driving business operations, but also introduce a growing attack vector. Mismanaged NHIs have contributed to 85% of security breaches, including ransomware attacks, where weak NHIs are exploited to access critical data. Organizations need an enterprise-wide Non-Human Identity strategy, without which they risk exposing themselves to security breaches or outages originating from inefficient administration of NHIs. Join the conversation to discuss best practices for discovering, securing, and managing the Non-Human Identities in your environment.
Identerati are excited about the potential for EU identity wallets. But less obvious is what the proponents intend to do to enable PAYMENTS. Identity and payments have different functional requirements, making it challenging creating a “unified” standard without ending up with an unimplementable “frankenwallet”. This episode will discuss an idea for a different kind of Payment Authorization Wallet, uniquely targeting payments, that it is based on Deterministically Encoded CBOR rather than JSON.
Amazon released Cedar as an open source project on May 10, 2023. Why? The open source strategy will shed light on what AWS is expecting to accomplish with Cedar. Are they expecting open source contributions? Does AWS believe open source will increase the rate of developer adoption? Why did AWS chose to open source both the policy syntax and the Engines (Rust, Java, Go). Why choose the Apache 2.0 license? What was the business case the Cedar team made to AWS management? What are some of the metrics that AWS will use to measure the success of Cedar adoption? What other open source projects does Cedar resemble at AWS? Join this episode for a deep dive into the Cedar open source strategy!
Heather Vescent takes us beyond the endless game of reactive cybersecurity—whack-a-mole style—to understand how strategic foresight can future-proof against tomorrow’s threats. Discover how to shift from a defensive stance to an anticipatory strategy that stays ahead of emerging dangers. Learn how to outsmart future threats before they hit your systems.
What were passkeys before 2022? What are the passkeys today? What is missing?
When it comes to preventing bad actions on online platforms, the goals are different. Priorities are set… and then change. And measuring success is often “inverted”. What are tactics that accomodate these differences to enable trust and safety issues on a platform? How can product owners or similar leadership roles support these differences?
Will your future business leverage decentralized identities to issue credentials to authorize its workforce to transact? Is federated identity enough, or is this a use case for decentralized identity? How does a business even assert a legal identity? What new tools and rules are needed to minimize the transaction costs of inter-domain trust? In this episode, we’ll discuss if a “Corporate Wallet” is a key enabler for digital transformation for both an organization’s workforce and its end-users.
Decentralied Identifiers (DIDs) are being used in numerous digital identity projects around the world and serve as the basis for Verifiable Credentials (VC) and many other technical specifications and protocols. At W3C, a new DID Working Group has been launched to update and expand on the existing DID standard. Let’s take a look at the current state and recent developments around DIDs!