Identiverse® is IDPro’s ‘home’ event – an opportunity to get together with colleagues across the industry and to learn from each other as well as get updates on new standards, technologies, solutions and products, and to hear from visionaries both inside and outside the industry about things that might affect us in the longer term.
It would be impossible to do justice to everything that happened during the week in a summary format. In due course, the Identiverse team will be making videos available of the various presentations, and that’s probably the best way to catch up on the details. Here, then, we’ll try to provide an overview of some of the key themes that emerged during the week, at least from our perspective. We’ll undoubtedly miss some things you thought were particularly noteworthy, and we encourage you to highlight your own high points in continued conversation on Slack!
After a few years of relative calm, it seems like the identity ecosystem is undergoing another period of rapid growth. Along with new product offerings from well-established vendors, we also saw a range of new vendors on the expo floor. Some of these are established vendors from adjacent sectors starting to make themselves more visible to the Identity sector – companies such as Feitian and Focal Point. Some were companies you wouldn’t immediately associate with the Identity industry – Capital One was perhaps the stand-out example. Identiverse also attracted an increased number of startups this year; this is a good trend to monitor since it gives some indication of the health of the overall market.
A number of sessions and keynote presentations also gave insight into new approaches to addressing identity challenges. We heard about emerging standards in areas including distributed identity, identity signalling, and access control. We saw developing success in implementation and real-world deployments of standards like FIDO and UMA. And there was plenty of healthy discussion of novel approaches to certain identity challenges based around distributed ledger technologies.
This was the first year that Identiverse has run a track dedicated to application developers – by all accounts this was a well-attended series of topics. This is an important audience to get on board in terms of embedding the use of modern identity protocols and standards such as OpenID Connect and OAuth; it was good to see those topics so well attended.
The GDPR appears to have kick-started a much broader conversation about Privacy. Several of the keynote speakers noted that with companies like Apple now making Privacy a competitive differentiator, many organisations are rethinking their approach to the protection and use of customer data. There was also plenty of discussion around identity verification (and not only in the context of know-your-customer and anti-money laundering regulations) and the use of high assurance attributes.
Questions around the ‘ethical’ use of Identity look set to be a significant thread for the next few years at least. Several presentations touched on the delicate balance between security, privacy, and usefulness. There are implications for standards development, technology choices, and systems design – and although the questions are sometimes simple, the answers are rarely obvious. That means this is also going to become a boardroom topic… and there were a few professional skills presentations that touched on how to improve C-level communication skills
Several initiatives are underway to help companies make smart choices and sensitive investments in identity technologies – the Better Identity Coalition and Omidyar Network’s GoodID project both provided some insight here.
Several of the keynote speakers observed that it’s hard to make lasting progress with improved identity – particularly with consumer- and/or citizen-focused identity – in the absence of real improvements in the user’s experience. This theme was picked up across a number of the tracks; in particular from a Consumer/Customer Identity Management perspective as well as in some of the government and healthcare topics.
It was gratifying to see the penetration the concept of “Zero Trust” has made in the industry; many of our sponsors on the expo floor were demonstrating how they can help us move the needle in this space. A number of vendors also announced new features in their products to continue the “passwordless” journey.
There was also a fair amount of discussion around how to ‘do’ identity in more challenging environments. Thin file KYC, identity for digitally disenfranchised communities, identity in the developing world where the technology landscape is fundamentally different… these are all important topics which will have an impact across the board.
Overall, it felt like we’re just getting started in this entire area, and there’s much more left to discuss: perhaps a significant area of focus for next year?
Several companies and standards bodies made announcements during the week. We’re picking out here the ones that we particularly noticed – again, we’re sure there were others, so do chime in on Slack if there’s anything you think the community as a whole should be paying attention to. In no particular order:
- Coming off the back of tangible success with the FIDO 2 standards, The FIDO Alliance announced a significant expansion of its remit, adding industry working groups focused on identity verification and authentication for IoT devices – both of which support FIDO’s singular mission of eliminating industry dependence on passwords.
- Microsoft previewed support for FIDO 2 and WebAuthn in Azure Active Directory and Windows Hello
- Omidyar Network provided an update on their GoodID initiative
- And finally, your very own IDPro formally launched the Body of Knowledge contribution process, and announced several new corporate members, including AWS.
To round out an amazing week, IDPro ran its very own track on Friday morning. In line with our mission, these sessions focused on what it takes to become an Identity Practitioner, managing change within your organization, active listening when gathering requirements, and the evolution of identity over the decades. The track culminated in an engaging session on becoming an Identity Jedi Master! The entire track was well attended and very well received. In case you missed it, keep an eye on YouTube for the sessions to be posted in the weeks to come.
On top of all of that, there were hundreds of conversations in the corridors and over drinks throughout the Identiverse week, all helping to accelerate our industry. There’ll be a lot to catch up on at Identiverse 2020 in Denver!
IDPro Editorial Committee
Are you preparing for the #CIDPRO exam? In addition to the #IDPro #BodyofKnowledge, view this list of sources for information relevant to the CIDPRO Foundations exam: https://bit.ly/3t8i6TD #IAM
#IDPro is hosting a members-only #virtual #meetup today at 1 pm Eastern / 6 pm GMT - details provided in the #general channel in IDPro’s Slack workspace. We hope to see you there!
In the #IDPro #BodyOfKnowledge, Mary McKee shares an overview of Policy-Based Access Control. Access control systems protect an organization’s mission through changes in users, personnel, responsibilities, organizational structure, and legal obligations: https://bit.ly/3eKTRUG
#Identity correlation is the process of mapping an account from an application or system back to its authoritative origination point. Review the steps outlined in this #IDPro newsletter article to better understand the Identity Correlation Framework: https://bit.ly/3yyQOXu #IAM
Do you have questions about the #CIDPRO certification? Explore the CIDPRO FAQ page to find exam logistics, available resources to help you prepare for the exam, scheduling and more: https://idpro.org/cidpro-faq/ #IAM #identity