Skip to main content

European Open Identity Summit - Review

This week saw the first European Open Identity Summit hosted by identity management vendor ForgeRock [1].  Following hot on the heels of the US summit, that was in Pacific Grove, California in June, the sold out European event, brought together customers, partners, vendors and analysts from the likes of Salesforce, Deloitte, Forrester and Kuppinger Cole amongst others.

Whilst the weather was typically October-esque, the venue was typically French chateau, set in panoramic grounds, with great hosting, food and wine to keep everyone in a relaxed mood.

The agenda brought together the key themes of the modern identity era, such as standards adoption (XACML, SAML2, OAuth2, OpenID Connect, SCIM), modern implementation approaches (JSON, API, REST) through to the vision for modern identity enablement for areas such as mobile and adaptive authentication, all whilst allowing customers and partners a chance to collaborate and swap war stories with some great networking.


Consumer Identity As A Revenue Generator

I have discussed the evolution of identity management on several occasions over the years (not least in August!), with the current iteration seeing a strong focus on utilising the identity of the consumer, as an approach to help drive new and existing revenue, for services and applications.  By capturing consumer identity details, either via portal facing registration systems, or making services available online, brand stickiness can be increased and a more relationship based approach can be developed. Developing platforms for consumer focused identity, requires several key components, mainly scale, modularity and agility.


Salesforce Expand Identity Offering

One of the key announcements at the summit was the expansion of the identity offering, by CRM software as a service giants, Salesforce.  With the Identity Connect platform, Salesforce and ForgeRock have entered into an OEM agreement, where the ForgeRock Open Identity Stack is used to enable the Salesforce solution to allow enterprises to seamlessly integrate with existing on-premise identity directories, with additional SSO capabilities.  Salesforce hope the solution will accelerate the onboarding of new and existing client accounts into their portfolio of online services. This is yet another example of organisations seeing customer identity as a key strategic component of business enablement and revenue generation.


Passwords Are Dead...Long Live The Password!

One of this years keynote speakers was Forrester's Eve Maler.  Always an articulate presenter, Eve dropped the bombshell that 'passwords are dead...'.  Whilst this isn't probably the most surprising announcement in the identity and infosec worlds, there is still to be defined, a clear way to replace the use of passwords as an authentication mechanism.  This is a topic I have blogged on multiple occasions (The Problem With Passwords Again, Still - Oct 2012, The Password Is Dead (Long Live The Password) - Feb 2012, Passwords And Why They're Going Nowhere - Mar 2013).  The failures of password use, storage and implementation are well known, but they are now too well embedded technically and psychologically, that a simple passage to something resembling biometric sustainability is somewhat remote.  Answers on a postcard with how that can be obtained!


The Future is Bright

Everyone loves modern - modern art, modern fashion, cutting edge music, the latest tech gadgets, but where does that leave modern identity management?  Modern in this respect, shouldn't just be focused on the new and shiny.  It needs to be focused on the new and useful.  Mobile devices are clearly the key component for information access, either via smart phones or tablets.  The desktop is dead and the laptop not far behind.  Modern identity needs to integrate seamlessly with mobile devices, utilising native technologies and loosely coupled REST based APIs and integration points.  Modern identity must also be convenient and easy to use.  Security in general is bypassed when too restrictive or complex and modern identity is no different.  For authentication and authorization processes to be effective, they need to convenient, good looking and easy to use.


The summit was a great event, that produced some interesting and thought provoking discussions, highlighting identity management as a key component of many organisations' go-to-market approach for 2014 and beyond.


[1] - For audience transparency, the author is employed by ForgeRock.

Popular posts from this blog

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:


Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?


Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…

Online-ification: The Role of Identity

The Wikipedia entry for Digital Transformation, "refers to the changes associated with the application of digital technology in all aspects of human society".  That is a pretty broad statement.

An increased digital presence however, is being felt across all lines of both public and private sector initiatives, reaching everything from being able to pay your car tax on line, through to being able to order a taxi based on your current location.  This increased focus on the 'online-ification' of services and content, drives a need for a loosely coupled and strong view of an individual or thing based digital identity.