Loading Events

« All Events

Identiverse 2019

June 25, 2019 June 28, 2019

A well-known industry event, Identiverse gathers leading professionals and vendors with an unparalleled educational track. FIDO Alliance is proud to be an official Industry Partner again this year.

Make sure to stop by our booth when you attend Identiverse 2019. We are presenting and featured in a number of Master Classes and Sessions.

Google Presents: Democratizing phishing-resistant FIDO technology
Tuesday, June 25|10:30am – 11:20am|Masterclass| Georgetown
Christiaan Brand, Product Manager: Security & Identity, Google

Phishing is the #1 security problem on the web. According to Verizon 2018 Data Breach Investigations Report, 41.6% of breaches occurred as a result of stolen passwords, phishing, and pretexting. The industry’s collective response to this problem has been multi-factor authentication, but implementations are fragmented and most still don’t adequately address phishing. Google has been working with the FIDO Alliance since 2013 and, more recently, with the W3C to implement a standardized phishing-resistant FIDO2 protocol that can be used by any web application. This session will demystify FIDO2 and run through new, exciting user journeys enabled by these protocols to make FIDO2 available to more people.

Client Defined Key binding
Tuesday, June 25||Session| Jefferson
Michael Engan, Principal Systems Architect, T-Mobile

As an IDP we are moving users away from static passwords, by rolling out FIDO security keys. Likewise, we have been shifting our RP/SP’s away from client secrets and towards registered JWK public keys. The OIDF standards now enable clients to use proof of key signatures in both the Authorization and Token endpoints/calls. With this presentation, I will review suggested changes to enable clients to re-use the same keys to secure user info or any other API services. Likewise, we can show how Client instances can user runtime keys to secure these calls. While providing similar protections that the TLS token binding standards have pursued this method will allow spanning TLS tunnels and enables applications to sign a transaction as it passes through multiple service layers.

Federating FIDO through a Blockchain
Tuesday, June 25| 16:00pm – 16:25pm| Session| Monroe
Manah Khalil, IT Director – Application Security; Verizon Communications, Inc.

The FIDO implementation addresses well the problem of having and managing multiple passwords. However current FIDO implementations are limited to one RP at a time, forcing the adoption of federated authentication through one IDP to handle auth for multiple RPs. The Facebook/Google sign-in issues in 2018 have demonstrated that a single IDP cannot be trusted to power the Internet. In my talk I will introduce a FIDO implementation model that leverages a permissioned and distributed blockchain as the repository of public keys. RPs that would like to use this blockchain would operate a lightweight FIDO service that can authenticate clients against it, and respond to a policy that can mix/match a combination of available factors from a pool of What I know, What I have and What I am. Currently FIDO allows users to enroll with one set of factors based on the RP’s required policy. In the new model, users would enroll multiple times with one factor at a time (therefore acquiring multiple public keys). A custom orchestration flow would dynamically receive and enforce an RP policy that can mix/match the combination of number and types of required factors. Such an implementation would allow the reuse of existing enrollments without limiting the control of the public keys repository to a single entity, resulting in addressing concerns around privacy and scalability of the authentication services.

The State of FIDO
Tuesday, June 25| 17:00pm – 17:25pm| Session| Georgetown
Andrew Shikiar, CMO, FIDO Alliance

An overview of the current state of the FIDO standard; adoption; and a glimpse into the future.

Envisioning Authentication Beyond FIDO
Tuesday, June 25| 17:35pm – 18:00pm| Session| Georgetown Rajiv Dholakia & Rolf Lindemann, Nok Nok Labs

The outlines of FIDO were first discussed at Cloud Identity Summit in Vail. Six years on, it is a firmly established standard with over a billion users using it every day through major brands they interact with. FIDO was conceived as a building block for strong identity & authentication practices and there are applications that range from consumer to enterprise to IoT in wide deployment. How do we think about strong authentication & user identity and experience in a world where hardware-based strong user authentication is ubiquitous? How should one augment FIDO based authentication and what are the key additional building blocks required for a successful deployment at scale? What user journeys are easy and which are hard within the current authentication landscape? This talk from one of the inventors of FIDO will provide a view of the authentication landscape, its projected evolution and best practices to achieve authentication nirvana.

Washington Hilton

1919 Connecticut Ave NW
Washington, DC, 20009 United States
+ Google Map
Download Specs