Episode 55: X.509 Certificate Rotation: Why TLS is still a pain point
Anchor is a developer-friendly platform that provides private CAs for internal TLS encryption. Anchor strives to make HTTPS certificates easy to get on your servers and offers a seamless ACME flow, which allows developers to focus on building rather than managing security. In this livestream we’ll discuss:
How Anchor is changing the game for developers with its innovative approach to internal CA provisioning.
The evolution of certificate management and why internal TLS is still a pain point.
Insights from his days at GitHub, Cloudflare, and Heroku — from certificate rotations to back-end encryption.
How to integrate strong encryption and certificate management into your development workflow.
Episode 54: Jumping the Decentralized Identity S Curve
There are a lot of promises in the market around decentralized identities with enterprises beginning to embrace digital wallets, DIDs and VCs. But the challenge still exists for users moving to new or shared devices that they have not previously registered. How do we account for those scenarios – without bootstrapping trust based on another trusted device, token or password? This is the core challenge Dr. Tina Srivastava, Cofounder of privacy tech company Badge has been working on solving with a team of MIT cryptography PhDs at a privacy company called Badge. Dr. Srivastava is a serial cybersecurity entrepreneur and the former Chief Engineer at Raytheon. Dr. Srivastava is excited to discuss the blueprint for how identity vendors and enterprises can effectively jump the identity S curve.
Episode 53: ID Transformer: Okta to Ping in 45 Days
Migrating from one enterprise IDP to another is always a big challenge. Normally, its a project that takes months of planning. So when a renown boutique identity intergrator like Hub City says they’ve gotten such a migration down to 45 days… it’s worth it to hear how they accomplish this!
Episode 52: Canada’s 103-1 Digital Trust and Identity Certification
While identity and risk can be largely mitigated by default in the physical world through closed and fragmented systems, established standards, and regulatory safeguards, the same cannot be said in an online world. In the absence of a national standard, public and private sector organizations are continuing to rely on organization-specific, vendor-driven and ad-hoc document-based identity management processes, impacting integrity, security, privacy, trust, and service delivery
Canada’s 103-1 Digital Trust and Identity Standard specifies minimum requirements and a set of controls for developing, implementing, operating, monitoring, and governing trust in systems and services that consume and assert digital identity within and between organizations. The requirements in the standard ensure that digital systems and services are safe, secure, reliable, and protected. It has a super-detailed assessment process, and several juristications have been certified.
What is it? And how can those outside of Canada benefit from the work?
Episode 51: Digital Insanity: Flexibility of NIST Digital Identity Assurance Levels
NIST Special Publication 800-63-3 base volume is all about digital identity risk management including conducting a risk assessment. How do you conduct a digital identity risk assessment? Tune into this episode of the identerati office hours to learn everything you need to know.
Episode 50: Universal Online Identification
There is no safe haven of anonymity for internet users. Users are being universally identified for marketing purposes as a matter of practice. Identity resolution and customer data platforms are the evil twin of identity and access management. These are mature industries that are highly interconnected with hundreds of publishers (i.e. brands) AND amongst themselves. Moreover, nearly 40% of companies that perform identity resolution are registered data brokers. There’s insufficient awareness and regulatory oversight of these industries, and privacy policies are inadequate to explain the worldwide networks of marketing entities sharing and selling user data.
Why is privacy important, why is it so hard to be private in the digital world, what can you do to maintain a little privacy and how is AI making it even harder!
Episode 49: Latest News on EU Wallet Initiatives
Currently, the EU Digital Wallet Consortium (EWC) is testing digital wallets across four critical scenarios:
🔹 Payment Use Cases
🔹 Completing a Flight Online Check-In
🔹 Buying a Ticket for a Tourist Tour
🔹 Purchasing a Domestic Ferry Ticket
The idea is that citizens will present verifiable credentail presentation from their wallet, presumably online. Where does this effort fit into the other EU initiatives, pilots and organizations. What are the currently anticipated gaps in the technology, business and legal landscape that would present challenges to scale the EU wallet identity ecosystem? And where should identerati go to stay current on progress?
Episode 48: Apache Fortress: ANSI RBAC with OpenLDAP
RBAC is battle tested. Its properties and limitations are well understood. It aligns perfectly with existing enterprise security governance tools. Join us for a deep dive into Apache Fortress, a Java framework which implements ANSI RBAC and leverages OpenLDAP for persistence. In this livestream, we’ll explore the architecture of Apache Fortress and discuss how enterprises can use it develop applications that align with centralized access management controls. And we’ll consider RBAC’s history: what have we learned?
Episode 47: Is IAM asleep at the wheel?
In the past year AI has hit center stage – the tech world is talking about the future potential and organizations are implementing first projects. But the identity world…crickets! In this chat we will discuss the biggest opportunity no one is talking about – the importance of trustworthy and secure data for the AI revolution. Join us as we challenge the industry to think beyond their typical silos and become active participants in the future of enterprise.
Episode 46: Multi-layer authz? Yes please!
Q: Where should you enforce your authorization policy?
A: Everywhere you can!
There are four common scenarios and enforcement points for a defense-in-depth strategy:
⚡ during the authentication ceremony
⚡ in the resource server
⚡ at the API gateway
⚡ in service-to-service communication