Around this time of year, we typically highlight the major digital identity conferences coming up. The value of these in-person get-togethers is manifold. We exchange ideas with our peers; we find solutions to vexing problems; we progress standards and architectures and designs. We generate new business or develop our careers. We build and renew professional and personal relationships. And we have fun! 

During the course of a normal year, a huge number of identity professionals, IDPro members and non-members alike, get the opportunity to attend conferences – and other less formal meet-ups – often just to attend, sometimes to speak or to participate actively in other ways. 

This year is decidedly not a normal year. 

Most events have either postponed until later in the year, in the hope that the situation will have resolved sufficiently to allow people to attend. Identity Week London, the new Authenticate conference, and Know Identity fall into this camp. Others, including the European Cloud and Identity Conference (a.k.a. “EIC”) and Identiverse ® , are moving to some form of virtual delivery. 

Much of my day job revolves around managing the agenda for Identiverse ® – one of the major events in the Identity conference season, and IDPro’s ‘home’ show. We announced back in March that we would switch to a virtual delivery model this year. In doing so, we spent some time thinking not only about how to preserve some of the core elements of Identiverse ® that long-time attendees will know make the show special, but also whether the online delivery model offered us any new opportunities. 

We’re still ironing out some details, but here’s a preview of what you can expect. 

First, we know that the main reason people come to Identiverse is for the content. We have over 80 hours of material, most of it carefully selected by the content committee from our open and public call for presentations. If you have ever put in a proposal to speak (whether at Identiverse or at some other event) you’ll know that quite a lot of work goes into it even before you start building out your deck… and it’s a real buzz to get selected, even for veteran presenters! We certainly wanted to make sure to maintain as much of this year’s published agenda as possible. 

However, we also recognise that no-one is going to be able to devote the same amount of time in a single sitting to an online event as they would to an in-person conference. So, instead of simply transplanting the original 4-day event directly online, we’re taking the original material and spreading it out across several weeks, in much shorter blocks of time. Starting in early June there will be a couple of broadcasts most days – many featuring live Q&A with the presenter. Most of the material will also be available after the event so that people can watch at their leisure.

We hope that this preserves much of the essence of Identiverse: quality content, peer-to-peer interaction, and flexibility of viewing. But in addition, by moving to a virtual setting, and by making the event free of charge, it means that many more people will be able to attend, no matter their location or their personal circumstances. And we’re looking at some other possibilities, including some virtual networking and socialising ideas. 

The detailed agenda is already on the Identiverse website (with new filtering capabilities) and the broadcast schedule will be coming soon. The agenda is, as usual, broad; and plenty of IDPro members – both individuals and companies – are represented! 

As noted, other events are taking similar approaches. All of which means that, in spite of all the challenges we face at home, and at work, it turns out that there are more opportunities than ever to deepen existing skills, learn new ones, and connect with our peers around the world. 

For me personally, I know that I will miss heading to Munich for EIC, with meet-ups in beer gardens, and pretzels, and vast platters of pork. And I will miss the intensity of Identiverse week, and the glass of scotch that I enjoy with a few friends as a treat at the end of a busy week.

But this year, I will actually get to watch all of the presentations at Identiverse; and I will make new connections with Identity professionals who I wouldn’t otherwise have a chance to get to know. And… I’m sure I’ll find a way to enjoy that end-of-show drink, even if we have to do it over a web conference

So make the most of the opportunities that this year’s conference season brings. It will certainly be a different experience… and sometimes, different can be better! 

Andrew Hindle 

Identiverse Content Chair, Independent Consultant, Board Member IDPro 

Let’s Play! Dating Strategy of Malware Technique 

1. Catfishing 
2. Dogfishing 
3. Sniffing 
4. Ghosting 
5. Rooting 
6. Benching 
7. Doppelgänging 
8. Roaching 
9. Pharming 
10. Haunting 
11. Kittenfishing 
12. Phreaking 
13. Orbiting 
14. Cracking 
15. Phubbing 
16. Breadcrumbing 
17. Stashing 
18. Spoofing 
19. Submarining 
20. Snooping 
21. Mooning 
22. Throning 
23. Wardriving 
24. Tindstagramming 
25. Vulturing 
26. Zombieing 
27. Piggybacking 
28. Social Engineering

Dating Strategy: 2 (really?), 4, 6 (my entire middle school experience both socially and athletically), 8 (is askmen.com the best source for dating advice?), 10 (cosmo is definitely the canonical source for this kind of info, and possibly originates most of it), 11 (rampant on linkedin, to be fair), 13, 15 (also useful in parenting), 17, 19 (I’m just as surprised as you that NPR covered this), 21 (again, a good portion of my middle school experience, but it had nothing to do with dating), 22 (do you need 12 steps to identify this?), 24 (just completely, completely wrong)

Malware Technique: 3, 5, 7, 9 (not the worst thing that can happen to your DNS), 18 (I’m setting a ringtone for “nuisance likely”), 23 (still one of my favorite techniques for the change of scenery alone), 27 (if you haven’t, do an internet search for Deviant Ollam’s youtube series to see an artist at work)

Both: 1 (and additional meanings as well: how is this even a thing?), 12 (Don’t Google this, trust me), 16 (old-school action – it’s what got Mitnick hooked), 20, 25 (if we’re counting media coverage), 27, and, not surprisingly, 28 

Scoring Rubric: 

1-10: You’re likely skilled in either the Mad Max Beyond Thunderdome that is the online dating scene, or you’re a highly sought-after security mercenary. As this simple quiz shows, the Venn diagram for those two categories resembles a map of two seas that lie on opposite sides of Asia. 

11-20: The sweet spot in the bell curve, also known as the normal or Gaussian or Laplace-Gauss distribution. (And yes, I may have been spending too much time looking at statistics and graphs during the last few weeks.) Bonus points will be awarded based on the number of these terms you can work into your next conference session or video call with your elderly parents, whichever comes first. 
20-28: While your achievement is laudable, please note that the authorities (and your Tinder / Bumble / FarmersOnly contacts) will be notified for their own safety and wellbeing.

The post IDPro Newsletter – April 2020 appeared first on IDPro.

“A terrific example of this was the standing-room-only experience in the Introduction to Identity sessions held at last year’s conference in Washington D.C. IDPro helps enhance the overall experience for attendees at the conference and, in exchange, we get a terrific canvas upon which to share our mission to ‘globally foster ethics and excellence in the practice and profession of digital identity’, engage our members and stakeholders (and hopefully future members), and share our progress as an organization.” – Lance Peterman, IDPro treasurer and board member 

This year, due to restrictions from the COVID-19 pandemic, Identiverse will be held virtually as a series of webinars timed to accommodate a global audience. Most presentations will offer a live Q&A and will also be available on-demand. This month, IDPro members will be presenting the following topics at Identiverse: 

Week 1: June 15 – 19 

• Monday, June 15, 10:15 – 11:05: Hearts, Minds and Wallets: The War Over Digital Identity

10 years ago no one was interested in the notion of “digital identity”. You had accounts and passwords and it was an irritating administrative function to manage all those accounts for customers, citizens and humans in general. In the last two years the war for the hearts, minds and wallets attached to a humans’ digital identity have set the stage for open warfare in 2020 and beyond by organizations and industries that see that value in being the creator and manager of a digital identity standard. What does it mean for the US and the world when champions for SSI and banks and payment processors and social media and governments and healthcare networks are all racing to create an operationally sustainable unique digital identity? Will there be tensions and challenges between these different actors when it comes time to recognize the credibility and authenticity of each other’s standards? Richard Bird regularly spends time across 5 continents working with governments and large companies, navigating the complexities of the rising interest and demand for true digital identities. He’ll share his observations in an effort to prepare you for the disruption this will create in our practices, designs and architectures for security, privacy and consumer and citizen rights.

• Speaker/s: Richard Bird

• Monday, June 15, 12:00 – 12:25: Stop Blaming the End User! Using Empathy and Understanding to Deliver Better Identity Experiences

As Digital Identity technologists, we’re used to rolling our eyes at onerous (and downright unfriendly) user experiences. But we know our SMS OTPs from our TOTPs. We’re experts at navigating complex password policies, for registration and resets. We know when to share our biometric and other sensitive data, and when to be more cautious. But spare a thought for the average user. They’re often described as the weakest link in security. We shouldn’t be blaming them. They’re bemused, confused, and sometimes livid about the hoops we make them jump through. This session will take you on an amusing and honest appraisal of Digital Identity Experience from the end user’s perspective, in their own words. Build empathy to connect with their problems by walking a mile in their shoes. We will cover user registration, authentication, password reset, account recovery and more. I’ll present a ToDo List for improving user experience, based on current industry recommendations. We owe it to society to protect end users and their data, and build trust. Cost-effective and user-friendly identity experiences are the ultimate goal. So let’s reflect on our shortcomings and get serious about improving the status quo!

• Speaker/s: Mark Perry

• Tuesday, June 16, 12:30 – 12:55: Maximizing Failover Efficiency & UX in Your Multi-Region Deployment

As the industry iterates beyond simple cloud deployments, application & identity architects confront new challenges in deploying and managing complex application instances which span the globe across multiple provider regions. Rapid failover from one region to another is a critical component for these distributed applications- but did you know how much your cloud DNS service and DNS architecture impact the speed that traffic can be rerouted from one region to another? In this talk, Jon Lehtinen shares his experiences testing several DNS architectures, and highlights how different resolution methods, failover policies, and other seemingly inconsequential components greatly impact how instantaneous- or not- your failover can be.

• Speaker/s: Jon Lehtinen

• Wednesday, June 17, 10:00 – 10:50: Identity: The Next Ten Years

The future of the standards and services we build is unwritten. We are curious about the future because we shape it. But from the works of our hands to a world 10 years hence is an unknown path. In this talk, Mr. Glazer will discuss what the future of identity could look like in 5 to 10 years: * What previous predictions about identity’s future got right and wrong * Where standards adoption will be * How associated technologies will impact our industry * What a discontinuous future might look like

• Speaker/s: Ian Glazer

• Wednesday, June 17, 11:00 – 11:25: Radiant Logic: How Verizon Media Navigated Acquisitions & Turned Identity Into a Business Enabler

Verizon Media reaches over one billion people around the world with a dynamic house of 50+ media and technology brands. After acquiring AOL and Yahoo’s businesses, the company now employs about 10,000 people. However, extensive firewalls made it difficult to collaborate across the newly merged entities in an increasingly cloud-first environment. This presentation will discuss how they enabled authentication in a zero trust environment by following the principles of least privilege. By federating identities and creating consolidated identity views, allowing over 1,000 applications to authenticate and get complete user profiles without any changes or customization to the applications.

• Speaker/s: David McCluskey, Bryan Meister

• Wednesday, June 17, 12:00 – 12:25: Browser Features vs Identity Protocols: An Arms Race?

In an attempt to protect users from excessive tracking and surveillance, the last couple of years have witnessed major browser vendors introducing increasingly restrictive anti-tracking measures. Identity protocols and features got caught in the crossfire, however, forcing identity software vendors and developers to hastily introduce changes to restore functionality that browser changes broke. Is this the new normal? What will we do when a change will break an identity feature beyond repair? This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict what the future will look like for identity customers and practitioners.

• Speaker/s: Vittorio Bertocci

Week 2: June 22 – 26

• Monday, June 22, 10:30 – 10:55: Beyond Bearer Tokens with HTTP Message Signatures

Digital signatures on HTTP messages? That aren’t broken by proxies, or TLS terminators, or gateways that reorder the headers just for fun? That’s exactly what you get with HTTP Message Signatures. This session dives into what they are, how they work, and how they can augment or replace existing API protection mechanisms such as bearer access tokens and cookies.

• Speaker/s: Annabelle Backman

• Monday, June 22, 12:00 – 12:25: The Blurring of Business Logic and Authorization

The idea of “fine grained authorization” has been around for several years now. Twenty years ago, there was a proposed standard, XACML that was focused on these fine grained decisions, and a language that could express the underlying policies. However, it never gained widespread acceptance. There is also a problem that the line between fine grained authorization, and business logic is a very hazy line. As consent and user managed access controls become more widespread, so the line between business logic and policy becomes even more blurred. I will talk about some of the reasons for the low acceptance of fine grained policy, as well as examining how the hazy line can be more easily defined. I will also address techniques that can be used to bring these different needs closer together.

• Speaker/s: Allan Foster

• Tuesday, June 23, 10:00 – 10:25: Customers and Partners – Seamless and Secure Experiences for Every Relationship

Organizations going through digital transformation need to manage and secure the identities of users beyond their organizational boundaries, including partners, customers, and citizens. They want a single solution that that is user-centric and flexible, secure, and scalable enough to support global users authenticating with any kind of identity, that doesn’t require deployment of multiple disconnected…read more »

• Speaker/s: Robin Goldstein

• Wednesday, June 24, 10:00 – 10:50: Fireside Chat: You Don’t Really Own Your Identity

You own and control your thoughts, your words and your actions. But in a modern society that’s intent on verifying everything in the midst of a global crisis like the COVID-19 pandemic, where your movements impact the health of others, what do you really control? Join Esther Dyson and Andre Durand as they explore this topic in a thought-provoking conversation.

• Speaker/s: Andre Durand, Esther Dyson

• Wednesday, June 24, 11:00 – 11:25: Ping Identity Presents: How to Measure the Unexpected Value of Customer Identity

Customer identity professionals speak in terms like IdPs, SPs and OIDC. Business leaders understand terms like customer acquisition, revenue, and customer lifetime value. This disconnect can make it difficult to convey the value customer identity investments can provide and get the resources you need. Join us in this session as we walk through a sophisticated business value calculator that translates customer identity enhancements into the results they’ll drive for your business. We’ll show you how to take inputs from your business—like login and registration abandonment rates, average customer expenditure, and profit margins—and use them to calculate the effect various customer identity enhancements will have. We’ll show example use cases from several industries and give you the opportunity to input numbers from your own enterprise to see what effect customer identity will have on your business. This session will arm you with a powerful conversation to have with your business that will convey the value of customer identity and raise your status within your organization.

• Speaker/s: Dustin Maxey, Vikas Mundada

• Friday, June 26, 10:00 – 10:50: Modern Identity for Developers 101

Modern identity promises to solve some of the thorniest problems that historically plagued handling authentication and access control in applications. That sounds great in theory, but how do things really look when the rubber hits the road – what does it take to incorporate modern identity in your applications development practice? Come to this session to learn the basis of modern identity development and be better equipped to understand and participate to more advanced developer themed sessions, at Identiverse and beyond.

• Speaker/s: Vittorio Bertocci

View the full Identiverse agenda here and register to attend . Also, join the IDPro Identiverse slack channel to discuss hot topics and network with digital identity professionals. If you need an invite, or if you’re not receiving the email list messages, contact membership@idpro.org. Stay tuned for more information 
Follow IDPro and Identiverse on Twitter for updates. There may be some surprise speakers planned, as well as some virtual social events (still to be announced). If you’ve never attended Identiverse in-person before, this is a great opportunity to learn from some of the best identity practitioners. We hope to “see” you at Identiverse!

The post IDPro at Identiverse Virtual 2020 appeared first on IDPro.