Ping Identity’s Guide to Identiverse

June 21, 2:00 – 2:30 pm

Speaker: Andre Durand | CEO and Founder, Ping Identity 

There will only ever be one YOU. Or will there? There’s the YOU that has dinner with your family and walks your dog. But then, there’s a digital YOU. Who signs into bank accounts, transfers money, fills out expense reports, and clicks “check out” on your favorite retail site. In the last week, you have probably acted as more than 100 digital YOUs. Unfortunately, they are all laden with various risks and inconveniences. Join us to learn how identity can empower the digital YOU. Welcome to Identiverse!

June 21, 6:55–7:10 pm

Speaker: Maya Ogranovitch Scott | Product Solutions Manager, Ping Identity

As more business moves online, the risk of online fraud and associated losses continues to grow. Traditionally, fraud prevention has existed in relative isolation from other digital experience functions, and fraud teams often end up at odds with other digital teams, making trade-offs in security measures to meet broader business goals around delivering excellent customer experiences. Today, trade-offs that made sense in the past are no longer viable, and companies must find a way to orchestrate frictionless customer journeys that also effectively protect all parties from fraud losses.

To make this vision a reality, fraud detection must work seamlessly and invisibly with authentication, identity corroboration, decisioning and orchestration tools, and organizations must think differently about the roles of each of these tools in the broader customer journey.

June 22, 11:00 - 11:25 am

Speakers:

Jack Hart | VP, Information Security Architect, City National Bank

John DaSilva | Technical Enablement Architect, Ping Identity

Security teams in banks often have more resources than their counterparts in other industries and for good reason. Banks are a major target of cyberattacks. They invest heavily in technology. And they are also heavily regulated, with compliance requirements constantly changing.

Join us for a technical session on how City National Bank architected its identity environment for long-term success to meet the business needs in an audit friendly manner. We’ll discuss how they implemented role-based access control (RBAC) to manage its growing number of endpoints and APIs. We’ll also cover how they were able to do so while embracing digital transformation and cloud adoption. We hope to see you there!

June 22, 11:30 - 11:55 am

Speakers:

Amit Lall | Enterprise Architect, Three Ireland

Biswajit Barui | Program Manager, Three Ireland

Joseph Dhanapel | VP, PingOne Advanced Services, Ping Identity

The last few years have seen identity come front and center to play an important part to how organizations treat users in a digital world. The definition of customer identity is expanding beyond the customer profile record to include experience, fraud prevention, and decentralized identity.

Three Ireland is the leading mobile operator in Ireland, and recently has gone through an extensive overhaul of their identity platform to converge over 1.5 million customers from their phone, broadband, and mobile businesses to a single cloud-based platform. Amit Lall, enterprise architect from Three Ireland will discuss their journey, how they are moving customers towards a passwordless experience, and what the future holds for customer identity.

June 22, 12:00 - 12:25 pm

Speakers:

Loren Russon | Sr. VP of Product Management & Design, Ping Identity

Zain Malik | Sr. Product Solutions Manager, Ping Identity

There's no question that identity is having its moment. It's become mission-critical for enterprises as Identity use cases continue to grow and get more complicated. Not only that but there are many more point solutions emerging that can deliver tangible business value. However, where organizations struggle is managing and integrating all these different capabilities at scale.

Join Ping Identity to learn how orchestration can help scale and deliver immediate value to your identity investments. We'll discuss how organizations must approach identity holistically with a view of their entire ecosystem and the end-user experience. And ultimately how this approach will help you communicate with various stakeholders internally across your organization.

June 22, 2:00 - 2:50 pm

Speakers:

Glen Morgan | Principal Solutions Architect, Ping Identity

Oren Sternheim | Sr. Manager Engineering, Ping Identity

The WebAuthn premise of phishing resistance and protection against account takeover is at the base of its perceived security model. This session will demonstrate how an attacker can perform an account takeover attack with phishing techniques and supply chain compromise. We’ll also propose possible mitigations for those attacks, is there a silver bullet?

June 22, 2:55 - 3:50 pm

Speakers:

Glen Morgan | Principal Solutions Architect, Ping Identity

John DaSilva | Technical Enablement Architect, Ping Identity

Orchestration is about tying together various services to provide a seamless experience that enhances the user experience. You want the integrations to be smooth and pluggable to reduce disruption and implementation time. In this session, we'll examine how to build these integrations (called Connectors) that extend the community of what is possible with DaVinci. The orchestration tool allows you to focus on the problem and not the code, bringing together whatever Identity and Access Management solutions you have in your infrastructure.

June 22, 4:10 - 5:00 pm

Speaker: Wesley Dunnington | VP of Architecture, Ping Identity

In this session, OpenID Foundation members will share their experiences from implementing Open Banking in the UK, Brazil, Australia and the US. Open standards and certification are being adopted in many markets to improve security, streamline domestic interoperability, enable Open Banking, and keep the door open to enabling Open Data and international interoperability. As Open Banking cascades around the world, regulators and market leaders are working through how to enable it in their markets for the benefits of users and the wider community.

June 22, 4:10 - 5:00 pm

Speakers:

Remy Lyle | Sr. Director, Technical Enablement, Ping Identity

Michael Sanchez | Principal Technical Architect, Ping Identity

Come join presenters Remy Lyle and Michael Sanchez from Ping Identity as they walk through this notion of "componentizing" your identity and access management journeys through orchestration, and how it can rapidly revolutionize development cycles. See first hand how this approach has shortened what would have taken months of custom code into a matter of weeks and days for Ping Identity's own business processes. Learn how it can help you revolutionize your own development team!

June 23, 10:30 - 10:55 am

Speaker: Brian Campbell | Distinguished Engineer, Ping Identity

JWT is an IETF standard security token format that, due to perceived simplicity and widespread library availability, has been extremely popular in recent years. Despite that popularity (or maybe, in part, because of it), JWT has been heavily derided by reputable people in information security ("horrible standard", "RFC was made by monkeys", "Internet’s worst cryptography standard", "JWT is a disaster ... amazing how bad it is", "simplistic, complicated, and unsafe all at the same time", and "almost impossible to build a secure JWT library" ...give just a taste of the sentiment).

The criticism has been substantiated and amplified by a steady stream of public vulnerabilities in libraries and deployments. Indeed there have been serious and legitimate security problems with JWT and many of them can be attributed directly to fundamental flaws in the specification itself that allowed, or even encouraged, such implementation mistakes. But is JWT irredeemably flawed? This session will endeavor to take a hard look at that very question (complete with the presenter's own sense of inadequacy and fear of culpability in JWT's flaws) with a review/overview of JWT fundamentals and a pragmatic look at each of the most common and/or biting criticisms and associated real-world vulnerabilities.

For the majority of organizations today, interacting with customers and business partners, and servicing their needs, is a 24x7 activity that spans many interaction points and channels, both digital and physical. The establishment of strong and consistent trust frameworks is critical to improving not only the security of these interactions but also the quality of the customer experience. Companies face a delicate balancing act between meeting their regulatory and security obligations on the one hand and providing their end-users with high-quality experiences that keep friction to a minimum on the other. Digital Identity and trust are foundational to meeting both goals: reliable user identification and authorization is key to security, just as a single and consistent understanding of who each user is, is critical in terms of providing a smooth experience. In this session, we critically examine our current landscape and attempt to answer the controversial question: Do the Identity standards we have today act as a help, or a hindrance, to delivering the digital experience that our customers demand?

June 23, 10:30 - 10:55 am

Speaker: Andrew Hughes | Director of Identity Standards, Ping Identity

A tectonic shift in government issued digital identification credentials is happening now - can you feel it? North American, European, Australian, Korean, Japanese and other government jurisdictions have embraced a new standard for mobile digital driving licenses. You may have seen recent press about ISO 18013-5 - the standard for mobile driving licenses (mDL) - and how these mDL can be used at TSA checkpoints to board airplanes. Motor vehicle administrators are rapidly modernizing their infrastructure to put mDL on smartphones around the world. Governments and companies are preparing to accept and verify mDL data using privacy-preserving readers. Trust infrastructure is being deployed to support cryptographic proof of mdl authenticity.

This is just the beginning - and it is real, today.

As government-vetted digital credentials become generally available, and paired with digital credentials issued by any organization, the scope of innovation becomes limitless. This is one realization of the promise of “user-centric identity” - the ability to hold, present and verify genuine credentials carrying authentic information from known issuers, under the choice, control and consent of individuals.

Our panelists are at the forefront of mDL deployment and innovation. We are involved in projects to ensure smooth wide scale rollout of mDL to residents in Florida; advising California on technical and policy choices for mDL; building wireless mDL readers for TSA; and contributing to standards at ISO, DIF, OIDF and W3C.

Curious? Come and hear our stories from the field.

June 23, 10:30 - 10:55 am

Speaker: Bryan Rosensteel | Principal Solutions Architect, Ping Identity

Innovation is often seen as the hallmark of the private sector. So, it’s not surprising that, as Zero Trust became a hot topic, the cybersecurity industry looked to private sector projects like Google’s BeyondCorp to determine what’s possible and how to kick-start their own implementations. But where should the industry look to elevate those implementations? Surprisingly, one answer is the U.S. Federal Government. Just as the private sector is often associated with innovation, the government is often associated with regulation—and regulation is almost never synonymous with speed and efficiency. But while projects in the government may generally take longer to complete, this regulatory approach is the result of decades of experience gained from constant advanced persistent threats against some of the most complex and challenging digital environments and missions.

In this session, we will look at what’s working, what’s not, and what’s required for the government to achieve strategic cybersecurity priorities — including Zero Trust — by examining public-facing reports, Federal mandates, and National Institute of Standards and Technology (NIST) guidance. And even better: we will apply these lessons across private industry.