Speakers
Bob Blakley, Gartner
Abstract: Authentication is a bad technology. It doesn't work very well (because people lose devices and forget secrets), and, more worryingly, it makes us play the identity game on the enemy's terms: the enemy presents us with a hypothesis ("I'm Angelina Jolie") and requires us to confirm it. But that's not the game we want to play – we want to determine people's identities without being distracted by false hypotheses.
In the real world, humans don't authenticate each other – they recognize (in technical terms, "identify") each other. We weren't able to recognize people online in the past because there wasn't enough information about them online. But that's changing fast. Today we can find peoples' addresses,phone numbers, pictures, friends, voices, locations, credit transactions, and other information online. Google has built an augmented reality application (Google Goggles) that works pretty well for things; it's only amatter of time before we build an augmented reality recognizer for people. And it will work better than authentication does today.
About Bob Blakley
Bob Blakley is Distinguished Analyst at Gartner, where he manages the IT1 Identity and Privacy agenda. He was previously Chief Scientist for Security and Privacy at IBM. He was general chair of the 2003 IEEE Security and Privacy Conference and has served as General Chair of the New Security Paradigms Workshop. He has served on the National Academy of Science’s study groups on "Authentication Technologies and Their Privacy Implications" and "Whither Biometrics". He was named Distinguished Security Practitioner by the 2002 ACM Computer Security and Applications Conference (ACSAC), and serves on the editorial board for the International Journal of Information Security (IJIS).
Bob Blakley was the editor of the OMG CORBAsecurity specification, and is the author of "CORBA Security: An Introduction to Safe Computing with Objects", published by Addison-Wesley. Blakley was also the editor of the Open Group’s Authorization API specification and the OASIS Security Services Technical Committee’s SAML specification effort. Blakley has been involved in cryptography and data security design work since 1979 and has authored or co-authored seven papers on cryptography, secret-sharing schemes, access control, and other aspects of computer security. He holds nine patents on security-related technologies.
Blakley received an A.B. in classics from Princeton University, and a master’s degree and Ph.D. in computer and communications sciences from the University of Michigan.
Pam Dingle, Senior Technical Architect, Ping Identity
About Pamela Dingle
Pamela Dingle is a Senior Technical Architect within the Office of the CTO at Ping Identity. Pamela has a long history with Identity Management, focusing on implementation, architecture and strategy over 10 years of evolution of systems such as directories, application servers, web access management systems, provisioning, and now federation. Pamela serves on the board of directors of both the Information Card Foundation and the OpenID Foundation, is active in OSIS and Kantara Initiative Interoperability efforts and runs the Pamela Project, an open source project for Information Card relying parties.
Patrick Harding, CTO, Ping Identity
Abstract: What is the current state of cloud identity and access management? What new standards are emerging? What problems remain to be solved?
Harding will answer these questions and more as he grades the current state of Cloud Identity Management while also asking how we get 'there' from 'here'.
About Patrick Harding
Patrick Harding brings more than 20 years of experience in software development, networking infrastructure and information security to the role of Chief Technology Office for Ping Identity. Harding is responsible for Ping Identity’s technology strategy.
Previously, Patrick was a vice president and security architect at Fidelity Investments where he was responsible for aligning identity management and security technologies with the strategic goals of the business. Patrick was integrally involved with the implementation of federated identity technologies at Fidelity -- from “napkin" to production. An active leader in the Identity Security space, Patrick is a Founding Board Member for the Information Card Foundation, a member of the Cloud Security Alliance Board of Advisors, on the steering committee for OASIS and actively involved in the Kantara Initiative and Project Concordia. He is a regular speaker at RSA, Digital ID World, SaaS Summit, Burton Catalyst and other conferences. Patrick holds a BS Degree in Computer Science from the University of New South Wales in Sydney, Australia.
Daniel Headrick, Senior Enterprise Security Architect, General Electric
Daniel Headrick is the Senior Enterprise Security Architect for Identity Services at GE where he is responsible for the enterprise security architecture and strategy of Identity & Access Management (IAM).
Daniel has worked with GE for 11 years, eight of which have been focused within IAM technologies. Operating across multiple GE lines of business such as Transportation, Aviation, Energy and Corporate, he has served as Chief Designer and Architecture Leader of the IAM space including SSO, identity federation, directory services, identity management, strong authentication and highly privileged account management.
Paul Madsen, Senior Technical Architect, Ping Identity
You got SAML in my OAuth!
Federation standards rarely exist in isolation - they are more often deployed in combinations. We'll examine how the current suite of protocols, e.g SAML, OAuth, SCIM and related standards can be composed in interesting & useful ways.
About Paul Madsen
Paul Madsen is a Senior Technical Architect within the Office of the CTO at Ping Identity. He has served in various design, chairing, and editing roles for a number of federation standards, including OASIS Security Assertion Markup Language (SAML), OASIS Service Provisioning Markup Language (SPML), and Liberty Identity Web Services Framework (ID-WSF). He participates in a number of the Kantara Initiative's activities, as well as other cloud identity initiatives. He holds an M.Sc. in Applied Mathematics and a Ph.D. in Theoretical Physics from Carleton University and the University of Western Ontario, respectively.
Chuck Mortimore, PM Director for Identity and Security, Salesforce.com
Abstract: While SAML provides a solid foundation for federation with the Cloud, the influx of consumer mobile devices and lack of user provisioning standards continue to cause significant complications in real deployments. In this section, we'll examine how salesforce.com is evolving their federation infrastructure and the related standards to help close gaps in Mobility and Provisioning.Chuck Mortimore is responsible for Authentication, Identity, and Single Sign-On product management at Salesforce.com. Prior to Salesforce.com, Chuck ran Platform Product Management at Rearden Commerce, during which the company was awarded the Liberty Alliance Identity Deployment of the Year in 2007. Before joining Rearden Commerce, Chuck was at Sxip Identity, where he helped design and build the next generation of user-centric Identity technologies for the Web and pioneer the first Cloud Identity product line, Sxip Access.
Chuck brings a wealth of experience in software development from Netscape Communications, AOL and Sun Microsystems. He was a key enabler of Sun's successful entrance into the access management and federation markets. In addition, he founded the openinfocard project, and released the first opensource implementation of the InfoCard protocols. Chuck holds a B.A. from the University of Madison and a Masters from the McCormick School of Engineering at Northwestern University.
Andrew Nash, Director of Products, Internet Identity, Google
Abstract: Identity is coming out! It is moving out of the domain of the CISO security team and as it does, associated opportunities are proving to be broader than the traditional enterprise views of authentication and authorization. While we continue to struggle with issues of ownership and permission, we are starting to ask who can usefully provide identity information, what is the value of what can actually be provided, and what are the business and distribution models that make sense.
Gunnar Peterson, Managing Principal, Arctec Group
Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed-systems security for large mission-critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups. Gunnar is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, a contributor to the SEI and DHS Build Security In portal on software security, a Visiting Scientist at Carnegie Mellon Software Engineering Institute, and an in-demand speaker at security conferences. He maintains a popular information security blog at http://1raindrop.typepad.com.Eric Sachs, Product Manager - Security & CIO Department, Google
Abstract: In 2008/2009 there were many press articles about businesses that leaked user's social security numbers. Now we are starting to see a constant stream of bad press about websites who leaked the passwords of users, and the nasty side effects because people reuse passwords on other websites. Do you want your company to be in the next such article? There are now a growing number of identity providers using technologies like SAML, OpenID, & OAuth to allow their users to log into websites without needing to have a specific password for that site. Large websites like Yahoo, AOL, Google, Facebook, and others are not only identity providers, but also have started to prove there is business value in being a relying party beyond just replacing passwords. In this session we will summarize the current best practices, and adoption of these techniques.
About Eric Sachs
Eric Sachs has more than 15 years of experience in the areas of user identity and security for hosted Web applications. During his five-plus years at Google, he has worked as a Product Manager for many services, including the Google Account login system, Google Apps for Your Domain, orkut.com social network, Google Health, Google Security, and Internal Systems. Currently, Eric works with Google's CIO on an effort to move Google's internal systems to cloud-based technologies by leveraging the same developer tools that Google makes available publicly. As part of that work, he is involved with the development of industry standards for data interoperability, including OAuth, OpenID, and OpenSocial. Before Google, Eric was CTO and co-founder of Interliant, which provided hosted corporate email services. While at Interliant, Eric led co-development projects with both IBM and Microsoft to build platforms for hosting consumer and enterprise Web applications. Eric graduated with a B.A. in computer science in 1993 from Rice University.
Peter Vanderauwera, Innovation Leader, SWIFT
Peter Vanderauwera was appointed Innovation Leader SWIFT in 2007. As a member of the Innovation team, he is content curator for the Innotribe events such as Innotribe at Sibos and main stand-alone Innotribe events. He is responsible for various innovation proofs of concept and for the Digital Asset Grid, a SWIFT Incubation project. Peter joined SWIFT in 2005. He was previously Head of Interfaces.
Prior to SWIFT, Peter was at Microsoft as EAI Solution Sales and Business Development Manager for Microsoft’s Electronic Identity Card plans in Belgium. Consequently, in 2005, Peter received the Microsoft Chairman’s Award. Throughout his career, he has won several innovation- and going-beyond awards. Peter is Belgian and proud father of a 6 year old daughter.