Agenda

Digital ID World provides attendees with a solid foundation and the kind of extensive, in-depth knowledge necessary to succeed in all phases of your "Identity Big Bang."

Conference Agenda for Monday, September 08 2008
  • 8:45AM-5:00PMConference Registration
  • 9:00AM-3:00PMIdentity Community Initiatives Working Together On A New Future
  • Sponsored by Liberty Alliance

    The identity community (comprised of individual contributors, open-source projects, startups, egovernment initiatives, large enterprises, academics, and lawyers, among others) needs a different means for everyone to work together to discuss identity issues, incubate new projects and get work done on existing projects, and ultimately foster interoperability and adoption.  Several community participants have joined together to think about how to best accomplish this, and have put together a strawman proposal for consideration and launched a website for discussion (www.idtbd.org).  This working session will allow further development of the new organization's (IDentity to be determined!) principles, vision, and structure.  

  • 11:00AM-3:00PMWorkshops:
  • User-Centric Identity Interop
  • sponsored by OSIS and the Information Card Foundation

    Workshop Agenda:
    10:00am - 11:00am
    OSIS Working Meeting (Participants are encouraged to attend)

    11:00am - 1:00pm
    Open testing for Interop 4 by OSIS participants

    1:00pm
    OSIS Overview, Purposes and Directions -- Dale Olds

    1:30pm
    Information Card Foundation and OSIS -- Charles Andres

    2:00pm
    Business Use Cases for Information Cards and OpenID -- Paul Trevithick

    2:30pm
    OSIS Interop 4 Conclusions -- Mike Jones  

    Come witness the development of the digital identity framework for the Internet. The fourth interoperability event includes over 50  companies and projects.  Information cards  allow anyone to wield the claims others make about them in a secure simple way.  Open IDs eliminate the need for multiple usernames across different websites, simplifying your online experience. Click-in to websites without usernames, passwords, typing forms, and much more!
  •  
  • Virtual Directory Workshop
  • hosted by Radiant Logic

    Virtual directories enable organizations to implement identity management applications without tackling a major repository project. They enable identity repositories to participate in a SOA and are an important part of the identity services puzzle. This workshop will identify the use cases where virtual directories can reduce deployment time and complexity and discuss components that are critical to a virtual directory including caching, availability, performance, entity relationships, and identity correlation.  The workshop will feature case studies from enterprises that have deployed the technology in their environment.


  •  
  • Enterprise Role Management Workshop: Leveraging Roles For Successful Identity Governance
  • Speaker:  Mike Neuenschwander
  • GM
  • Mycroft
  • Speaker:  Darran Rolls
  • CTO
  • SailPoint
  • Speaker:  Debbie Cuadros
  • Vice President - Operations
  • Simeio Solutions
  • hosted by SailPoint

    Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. Unfortunately, complexity and marketplace confusion impedes companies in their search for an approach that delivers practical and timely results. This session will help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative – using real-world examples and lessons learned. Session presenters include Darran Rolls, CTO of SailPoint, and Mike Neuenschwander, General Manager of Mycroft. Lunch for all workshop participants will be provided.
  • 1:00PM-3:00PMIdentity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition
  • sponsored by Liberty Alliance

    Increasing regulatory pressures across the globe—recognized cost and time savings associated with federation—demand for privacy and less use of personally identifiable information (PII)—increased business potential from federated identity solutions: these are but a few of the marketplace drivers causing organizations to evaluate their identity management strategies.  The opportunity—and the returns—are well-recognized and documented by early deployers who recognize federation as a brilliant technical key that unlocks a myriad of business opportunities.  But more business opportunities lay beyond the wall of the enterprise—with true value unlocked and realized when single federations federate with others, transactions occur across corporate/organizational boundaries, and organizations realize the same benefits from a policy basis as federated standards have delivered on the technical front.  But how do we get from the dream to the reality?

    To answer this opportunity, Liberty Alliance members have worked together with several organizations across the globe to create and release the Identity Assurance Framework.  In this interactive workshop we'll quickly review business drivers for the Framework, early adopters of its work, its links to NIST, and the emerging certification program that is being advanced to help define who offers what levels of assurance for identity-based interactions.

  • 3:15PM-3:30PMWelcome And Introductory Remarks
  • Moderator:  Bob Bragdon
  • Publisher
  • CSO magazine
  • 3:30PM-4:30PMKeynote - Identity Assurance: A Backbone For The Identity Marketplace
  • Panelist:  Peter Alterman
  • Deputy Associate Administrator for Technology Strategy
  • U.S. General Services Administration
  • Panelist:  Andrew Nash
  • Senior Director, Information and Risk Management
  • PayPal
  • Panelist:  Frank Villavicencio
  • Director
  • Citigroup
  • Increasing regulatory pressures across the globe—demand for privacy and less use of personally identifiable information (PII)—increased business potential from smart identity solutions: these are but a few of the marketplace drivers causing organizations to evaluate their identity management strategies.  The evaluation, in large part, is focused on the levels of assurance associated with various identity transactions—and how to recognize these levels of assurance across organizations.  While not a silver bullet, most definitely common levels of assurance—and the varying levels of trust that accompany these transactions (be they personal or professional)—is a cornerstone to marketplace growth in the identity space given the accomplishment of a clear and consistent customer experience, and a well-trusted, secure enterprise effect.  This panel of deployers will explore identity assurance, the globally-developed Identity Assurance Framework from the Liberty Alliance, discuss their business models based on strong identity assurance, and the road ahead for the industry.
  • 4:30PM-5:30PMKeynote - Making Identity Work End To End
  • Speaker:  Craig Wittenberg
  • Architect
  • Microsoft Corporation
  • Making identity work end to end in a seamless, interoperable, and secure way remains a challenge. Join us for a discussion with Microsoft's Craig Wittenberg about some of the issues facing those who deploy identity systems with examples from real world scenarios.
  • 5:30PM-7:00PMEvening Reception And Sponsor/Exhibitor Networking

Conference Agenda for Tuesday, September 09 2008
  • 7:30AM-8:30AMBreakfast
  • sponsored by Gemalto
  • 8:30AM-8:45AMWelcome And Introductions
  • Moderator:  Bob Bragdon
  • Publisher
  • CSO magazine
  • 8:45AM-9:30AMKeynote Presentation: State Of The Industry
  • Speaker:  Jamie Lewis
  • CEO & Research Chair
  • Burton Group
  • Today, digital identity issues cross a wide spectrum, including both the social and business aspects of every day life. Lewis will put identity management in context, in terms of the broader enterprise IT strategies IdM enables, the larger social implications of digital identity, and the sociological and technological trends driving identity management systems. Jamie Lewis will discuss the evolution of enterprise Identity Management services in relation to overall enterprise IT architecture.
  • 9:30AM-10:00AMIndustry Keynote - Have I Seen You Before? An Industry Discussion About User-Centric Identity
  • Speaker:  Kim Cameron
  • Architect of Identity
  • Microsoft Corporation
  • Identity systems face a different set of challenges when dealing with first-time users, returning users, and pre-provisioned users. Privacy, reciprocity, personalization, user-centricity, and anti-phishing are just a few of the characteristics that an identity system must deliver. Microsoft's Kim Cameron will present a view to the issues involved in handling best serving returning users (whether pre-provisioned or not).

  • 10:00AM-10:30AMLiberty Alliance IDDY Awards And Award Winner Panel
  • Speaker:  Roger Sullivan
  • Vice President
  • Oracle
  • Panelist:  Frank Villavicencio
  • Director
  • Citigroup
  • Panelist:  Mark Coderre
  • Enterprise Information Security Architect Manager
  • Aetna
  • Panelist:  Chris Gadwah
  • Security Manager
  • Aetna
  • Panelist:  Michael Gaertner
  • Senior Expert
  • Deutsche Telekom AG
  • Panelist:  Andreas Solberg
  • Researcher
  • UNINETT
  • The Liberty Alliance IDentity Deployment award (IDDY) recognizes the best ID management deployments and the value they bring to businesses, governments, citizens, and consumers around the world. This year's award winners will receive their awards at this session.
  • 10:30AM-11:20AMMorning Break In Exhibit Area
  • 11:25AM-12:15PMBreakouts
  • Digital Identity 101
  • Speaker:  Phillip Windley
  • CTO
  • Kynetx
  • What are the foundational steps for any identity management initiative? Do you really need to understand enterprise rights management before you undertake a directory virtualization project? Phil Windley, author of Digital Identity, will walk attendees through the necessary groundwork for any and all identity initiatives.
  •  
  • Propeller To Jet. Realigning IAM Program To Current Business Needs
  • Speaker:  David Griffeth
  • Vice President
  • Citizens Financial Group
  • For many mature Identity Management programs there has been a dramatic shift in emphasis from the original mission of automated provisioning to a new priority – certification of access.  Organizations must evolve to take on this new compliance responsibility while improving the original operations work. In this session, Dave Griffeth of Citizens Bank will discuss how a repository of application roles can be leveraged to improve centralized provisioning, both automated and manual, as well as manage business roles and conduct access certifications.

  •  
  • High Assurance Digital Identities For Financial Services
  • Frank Villavicencio
  • Director
  • Citigroup
  • Financial Services, as well as other highly regulated industries, require higher levels of assurances particularly when conducting online transactions to meet the risk and compliance demands of regulators.  Digital identities offer a tremendous opportunity to achieve business process automation and improvement as well as meet risk management goals over critical business functions.  In this session Hilary Ward will discuss Citi's approach to delivering on this requirement in a way that reduces costs while improving security and compliance.
  •  
  • Authentication Using Virtualization: A Fresh Approach To A Recurring Challenge
  • Speaker:  Don Anderson
  • Assistant Vice President
  • Federal Reserve System
  • Ultimately, solving the authentication challenge requires addressing the underlying problem of identity integration. Don Anderson from Federal Reserve Bank will share with audience members how Federal Reserve Bank deployed a virtual directory to provide federated LDAP access to the different authentication sources as a single, unified directory service.  Using an abstraction layer also enabled Federal Reserve Bank to overcome several failed attempts at creating a single enterprise directory.
  •  
  • An Enterprise Identity Roadmap For Enterprise Identity Architects
  • Speaker:  David Kearns
  • Owner
  • Virtual Quill
  • 12:20PM-1:10PMBreakouts
  • Case Studies And Stories From IDDY Award Winners
  • Speaker:  Andreas Solberg
  • Researcher
  • UNINETT
  • Moderator:  Roger Sullivan
  • Vice President
  • Oracle
  • Panelist:  Frank Villavicencio
  • Director
  • Citigroup
  • Panelist:  Mark Coderre
  • Enterprise Information Security Architect Manager
  • Aetna
  • Panelist:  Chris Gadwah
  • Security Manager
  • Aetna
  • Panelist:  Michael Gaertner
  • Senior Expert
  • Deutsche Telekom AG
  • Hear from the award winners from the Liberty Alliance. This session will include both case studies, and identity innovators.
  •  
  • Technology, Business Process, And Legal Issues In Cross-Org Secure Collaboration
  • Speaker:  Craig Wittenberg
  • Architect
  • Microsoft Corporation
  • Secure collaboration across organizations requires much more than technical interoperability to succeed. In this session Microsoft's Craig Wittenberg will discuss technology issues around secure collaboration across organizational boundaries in the context of the business process and legal issues that drive them.
  •  
  • Next Generation Access Management Solutions - Improving ROI And Security
  • Speaker:  Eric Leach
  • Sr. Group Product Manager
  • Oracle
  • Traditional access management solutions are not sufficient to address current business challenges arising from sophisticated security threats and strict regulatory controls. A new generation of access management solutions focused on context-aware security offers exciting solutions to ensure business success. Risk-based authentication can proactively prevent fraud making it safer for businesses to interact with partners and consumers. Fine-grained authorization can centrally enforce granular security controls resulting in improved compliance mandated by regulations, as well as reducing development and administration costs. Learn how these cutting-edge identity management solutions can incrementally help improve enterprise security, achieve regulatory compliance, improve ROI, and increase competitive advantage.
  •  
  • The Open Source Community's Contribution To User-Centric Identity
  • Moderator:  Eric Norlin
  • Program Chair, Digital ID World
  • Blogger, CSO Online
  • Panelist:  Pamela Dingle
  • Consultant
  • Nulli Secundus
  • Panelist:  Dale Olds
  • Distinguished Engineer
  • Novell
  • Panelist:  Paul Trevithick
  • CEO
  • Parity Communications
  • Panelist:  Bob Blakley
  • VP and Research Director, IdPS
  • Burton Group
  • Panelist:  Denise Tayloe
  • President and CEO
  • Privo
  • Today, there are multiple uses for identity on the Internet and in the enterprise, causing increased complexity and security risks.  To combat these challenges, there is a growing market demand to refactor control of identity information by using a user-centric identity model. User-centric systems work with users and identity providers to distribute the minimum data necessary to complete a transaction and storage of sensitive information is reduced.  

    With its collaborative and open approach, the open source community is making the greatest strides in the advancement of a user-centric model. For example, three open source initiatives, the Bandit Project, the Pamela Project, and the Higgins Project, have built an open source implementation of an information card selector.  The Open Source Identity System Working Group (OSIS), with representatives from many open source projects and vendors, has coordinated and illustrated all components of an interoperable, user-centric identity system.  Even recently, the Information Card Foundation (ICF) was formed to increase awareness of the use of information cards on the Internet and encourage interoperability in business around new standards.

    This panel will include the leaders of open source identity projects and supporting vendors, including Bandit, Higgins, Novell, Oracle and IBM, to discuss the market drivers that led to the development of open source identity initiatives and highlight successes in executing and validating interoperable user-centric identity systems.  The panelists will also provide attendees with thoughts on where the technology is heading and potential additional uses for user-centric identity models.  
  •  
  • An Enterprise Identity Roadmap For Enterprise Identity Architects
  • Speaker:  David Kearns
  • Owner
  • Virtual Quill
  • 1:15PM-2:45PMLunch In Exhibit Area
  • sponsored by Omada & Oxford Computer Group
  • 2:50PM-3:40PMBreakouts
  • Using Identity To Simplify Secure Data Access And Sharing
  • Speaker:  Bill Claycomb
  • Systems Analyst
  • Sandia National Laboratories
  • Many large corporations face increasing challenges related to data access and security.  As more applications become integrated with existing data stores, the need to access user and computer account information has increased. The Infrastructure Computing Systems and Services Departments at Sandia National Labs have addressed these challenges with the implementation of  virtual directory and synchronization services.

    William Claycomb, systems analyst specializing in directory synchronization and user account provisioning at Sandia Labs, will discuss the business value of virtual directory and synchronization services and the factors that influenced his decision to integrate a virtual approach
  •  
  • Using IAM To Enhance The Security Posture For One Of The Nation's Largest Government Agencies
  • Speaker:  Kevin Brault
  • Senior Manager
  • BearingPoint
  • In less than two months, BearingPoint helped one of the nation's largest government agencies develop, test and implement an Identity Management System in preparation for roll-out to more than 100,000 employees and contractors. Learn how this team is successfully bringing together more than 300 programs and 20 operating organizations into a common, end-to-end HSPD-12 and IAM framework to comply with HSPD-12 as well as additional executive and legislative mandates, reducing the cost of services while improving their efficiency and effectiveness, and improving the security of and maintaining the privacy of information and assets.

  •  
  • Utilizing Multiple Identity Management Technologies To Meet The Growing Demands Of Business
  • Speaker:  Michael Brengs
  • Managing Partner & Senior Identity Management Architect
  • Optimal IdM LLC
  • Speaker:  Tod Nybo
  • Director of Network and Security Engineering
  • Coldwater Creek
  • Speaker:  Lawrence Aucoin
  • Managing Partner
  • Optimal IdM, LLC
  • Coldwater Creek and Optimal IdM will describe how Coldwater Creek is utilizing multiple identity management technologies to meet the growing demands of their business. An overview of the technologies that were used, the challenges that were faced and how they were overcome.  We will also highlight how the virtual directory was implemented to compliment and extend their existing Active Directory, Web Access Management and Identity Life Cycle Manager Deployment, further reducing complexity and cost.
  •  
  • Identity And Policy – Aligning The Network With Services
  • Speaker:  Rakesh Radhakrishnan
  • Principle Architect
  • Sun Microsystems
  • Speaker:  Ramaswamy Chandramouli
  • Director, NIST Identity Program
  • National Institute of Stds & Tech
  • This panel from Sun and NIST will discuss the relevance of Identity and Policy for Enterprise Infrastructure and Enterprise SOA.
    Covering how an Integrated Identity Infrastructure aligns multiple policy domains; including;

    *  Identity enabled Cohesive Contextual Policies
    *  Identity enabled Derived Device Policies
    *  Identity enabled Access Network Policies
    *  Identity enabled Session Specific Policies
    *  Identity enabled OAMP Policies
    *  Identity enabled QOE Policies
    *  Identity enabled Privacy Policies
    *  Identity enabled Service Policies
    *  Identity enabled Data Centric Policies
    *  Identity enabled Distributed System Policies
    *  Identity enabled Log Policies
    *  Identity enabled Policy Assurance
  •  
  • Managing User Access Risk At Tokyo Electron
  • Speaker:  Jeff Boatman
  • IS Security Manager
  • Tokyo Electron - US Holdings, Inc.
  • In this session, Jeff Boatman of Tokyo Electron, a global semiconductor equipment supplier, will provide an overview of the company's recent project to automate compliance and audit processes around access control to critical systems and data. Mr. Boatman will describe how Tokyo Electron was able to automate the access certification process and can now centrally review and audit user access to sensitive intellectual property (IP) data and financial applications that must comply with Japan's Financial Instruments and Exchange Law (informally known as J-SOX).
     
    As part of the case study, the speaker will give practical guidelines for reducing user access risk, including:
        Performing an IT asset risk assessment and scoping the project
        Assessing operational maturity and prioritizing needed changes
        Bringing business and security together
        Benefits realized from an automated approach
  • 3:45PM-4:15PMAfternoon Break In Exhibit Area
  • 4:15PM-5:05PMBreakouts
  • Bootstrapping Identity Protocols: A Look At Integrating OpenID, ID-WSF, WS-Trust And SAML
  • Speaker:  Paul Madsen
  • Researcher
  • NTT
  • Speaker:  Mary Ruddy
  • Founder
  • Meristic
  • Speaker:  Patrick Harding
  • CTO
  • Ping Identity
  • A Concordia Workshop

    The identity metasystem is the promise of providing homogenous usability, security, and privacy even when confronted by deployments of heterogeneous identity systems (e.g. SAML, OpenID, Infocards, ID-WSF, OAuth, etc). One implication of this heterogeneity is that the different systems will often be sequenced, such as Infocard authentication followed by SAML SSO, or OpenID authentication preceding oAuth attribute flow, etc.  As such "bootstrapping" refers to the support the first identity transaction can provide in order to facilitate the second. This session will explore a number of interesting boostrap scenarios - driven by real-world deployment requirements.

  •  
  • Getting To E-SSO
  • Speaker:  David Kearns
  • Owner
  • Virtual Quill
  • Speaker:  Patricia Duty
  • Desktop Manager
  • Greater Baltimore Medical Center
  • Speaker: Steven Craige
    Bank of the West

    Speaker: Christopher Paidhrin
    Southwest Washington Medical Center

  •  
  • Smart Cards As The Trusted, Portable And Secure InfoCard Wallet
  • Speaker:  Marvin Tansley
  • Director of Global Alliances NIS
  • Gemalto, Inc.
  • With all the Smart Card wiring fully in-place users can start to take advantage of labor  saving applications. The  focus will be on how smart cards interact with Infocards and CardSpace. Form factors, applications, and advantages. 
  •  
  • Monster Initiative: Sesame Workshop's Successful Identity And Access Management Implementation
  • Speaker:  Noah Broadwater
  • V.P. Information Services
  • Sesame Workshop
  • Sesame Workshop is the nonprofit educational organization that changed television forever with the legendary Sesame Street. Sesame Workshop launched a web-based portal, to provide its employees with secure access to its 31 corporate applications, such as human resource and financial applications. The organization soon recognized the identity-based web portal as a more secure method of providing information and streamlining processes than email and FTP sites.  As such, it expanded the use of portals to include external users, such as vendors that are developing products through Sesame Workshop's extensive licensing practice.  Today, thousands of internal and external users across the world access these portals every day.

    This session will discuss how Sesame Workshop successfully implemented identity and access management technology to leverage the highest level of Internet security, and enable fast and flexible responses to changing business requirements

  •  
  • The Long And Short Of Identity Management
  • Moderator:  Nelson Cicchitto
  • CEO
  • Avatier Corporation
  • Panelist:  Jacquelyn Washington
  • Assistant CIO - IT Security
  • Alcohol and Tobacco Tax and Trade Bureau
  • Panelist:  Tim Rod
  • Senior Vice President, IT & CIO
  • Fontainebleau Resorts LLC
  • Panelist:  Thomas Harrington
  • Manager, IT Security
  • Spectra Energy
  • In an ideal world you would establish a timeline for identity management projects based on your operational, technical and business process integration assessment.  Unfortunately, internal and external business demands establish other constraints.  This roundtable will feature several enterprises whose business goals led to different deployment cycles - from a few months to a year and a half.  Learn how that impacted the strategies and technologies they used for critical steps such as business process analysis, role management, workflow, HR integration, etc.  You'll also hear about the decisions they made regarding deployment phases and evolving the identity management infrastructure and processes along with the organization.  You're not alone - come get practical advice on how to make an IdM implementation project manageable for you and your enterprise.
  • 5:15PM-6:30PMReception In Exhibit Area

Conference Agenda for Wednesday, September 10 2008
  • 8:00AM-9:00AMBreakfast
  • sponsored by Vidoop
  • 9:00AM-9:45AMKeynote Presentation: On VRM And Identity
  • Speaker:  Doc Searls
  • Fellow
  • Berkman Center for Internet & Society, Harvard University
  • VRM, or Vendor Relationship Management, is the reciprocal of CRM or Customer Relationship Management. It provides customers with tools for engaging with vendors in ways that work for both parties. CRM systems until now have borne the full burden of relating with customers. VRM will provide customers with the means to bear some of that weight, and to help make markets work for both vendors and customers — in ways that don't require the former to "lock in" the latter. The goal of VRM is to improve the relationship between Demand and Supply by providing new and better ways for the former to relate to the latter. In a larger sense, VRM immodestly intends to improve markets and their mechanisms by equipping customers to be independent leaders and not just captive followers in their relationships with vendors and other parties on the supply side of the marketplace.
    For VRM to work, the appropriate identity infrastructure must exist. In this keynote presentation, Doc Searls, co-author of The Cluetrain Manifesto, Senior Editor at LinuxWorld, and the driving force behind VRM will explain the role that identity will play in reshaping the relationship between Demand and Supply.
  • 9:45AM-10:15AMIndustry Keynote: Real World Identity Services
  • Speaker:  Nick Nikols
  • VP Product Management, ISM
  • Novell, Inc.
  • Speaker:  Brian Cleary
  • Vice President, Marketing
  • Aveksa

  • Drowning in change management?

    Learn how you can make identity a business process, solve your change management issues and bridge the gap between IT security and the rest of your business.

  • 10:20AM-11:20AMMorning Break In Exhibit Area
  • 11:25AM-12:15PMBreakouts
  • Federated Identity Management: Secure Information-Sharing In The Global Aerospace And Defense Industry
  • Panelist:  Keith Ward
  • Outreach Director, (TSCP) & Director, Enterprise Security and Identity Management
  • Northrup Grumman
  • Panelist:  Jeff Nigriny
  • President, COO
  • CertiPath
  • Panelist:  Vijay Takanti
  • VP, Security Solutions
  • Exostar
  • Secure, efficient information-sharing across the world's largest aerospace and defense (A&D) supply chains has evolved from a concept earlier this decade ago to an accepted best practice today, encompassing commercial and military programs such as the Lockheed Martin Joint Strike Fighter, the Boeing 787 Dreamliner and the Airbus A380.

    •  Keith Ward will explain how TSCP members – including Northrup Grumman, BAE Systems, Rolls-Royce, U.S. Department of Defense, U.K. Ministry of Defence and others – create reference architectures that insure the identities of global partners and security of shared data.
    •  Jeff Nigriny will detail how the public and private sectors created an interoperable "trust fabric" that supports secure data sharing over multiple identity bridges, and the resulting business process improvements.
    •  Vijay Takanti will discuss technology and services that ease adoption of federated identity management – making security scalable and efficient for both the world's largest enterprises and suppliers of all sizes. He will provide real-world examples of what companies can achieve once they've bridged the gap between business collaboration and identity assurance requirements.
  •  
  • Lessons From Successful Compliance Deployments
  • Moderator:  Bob Bragdon
  • Publisher
  • CSO magazine
  • Panelist:  Brenda Hughes
  • Program Leader & Senior Manager
  • Cisco Systems, Inc.
  • Panelist:  Mark McClain
  • CEO
  • SailPoint
  • Panelist:  Nishant Kaushik
  • Technical Consulting Manager
  • Oracle
  • Panelist:  Michael Amadei
  • Director
  • PricewaterhouseCoopers
  • Compliance has been the number one driver in identity deployments for the last several years. While some analysts are (prematurely) calling the "compliance driver" over and done, most deployments are still struggling with achieving the level of automation that they require. In this session, you'll hear from the success stories that have used identity to achieve compliance.
  •  
  • The Plot To Kill Identity
  • Speaker:  Pamela Dingle
  • Consultant
  • Nulli Secundus
  • You may not have noticed it yet, but forces are in motion to murder Identity as we know it.   These forces seek to change the way in which we trust, the way in which we choose to grant our resources, the way we describe & implement responsibility and liability for the decisions that today are made in the most haphazard of ways.
    Who is behind this conspiracy?  Do they seek to lead us, or will they merely lead us astray?  Have they got the means, motive, and opportunity to truly change the way in which we interact digitally?
  •  
  • Lessons From Successful Virtual Directory Deployments
  • Moderator:  Eric Norlin
  • Program Chair, Digital ID World
  • Blogger, CSO Online
  • Panelist:  Steven Lewis
  • IAM Architect
  • ASEC
  • Panelist:  Vikas Mahajan
  • Manager, Enterprise Identity Management
  • AARP
  • Panelist:  Todd Clayton
  • President and CEO
  • CoreBlox
  • Panelist:  Divya Sundaram
  • Senior IT Manager
  • Motorola
  • Virtual Directories have become an essential component for identity management. But achieving success in your deployment may not be as easy as it sounds. Hear case studies that take you "inside" of their deployments.
  •  
  • Building A Trusted Identity Broker: The State Of Tennessee
  • Speaker:  Antoine Agassi
  • SVP and Corporate CIO
  • Cogent Healthcare
  • Speaker:  Brett Furst
  • VP of Healthcare
  • Covisint
  • The Tennessee Information Infrastructure eHealth Exchange Zone is being developed to transform how health information is accessed and delivered by the Tennessee care-giving community and, ultimately, to enable increased patient safety, reduced spending and improved quality of care for the state's 6 million residents. Leveraging a trusted identity broker model, healthcare providers across the state will now be able to safely and securely access and enable such applications as:
    •  Prescribing pharmaceuticals online (also known as "ePrescribing").
    •  Securing clinical messaging among the state's health care providers.
    •  Sharing high-density images, including X-rays, MRIs and CT scans.
    •  Exchanging patient information via portable health records, which provides patient profiles, medical history, prescriptions, etc.
    •  Delivering telemedicine applications for remote diagnostics and care.
    •  Accessing Tennessee Department of Health applications, including the immunization registry, disease registries, death certificate applications and processing and medical license renewal
    •  Accessing other health care applications and systems, including laboratory systems.

    This session will explore the benefits of the trusted identity broker model via an in-depth working case study.
  • 12:20PM-2:00PMLunch In Exhibit Area
  • sponsored by Covisint
  • 2:05PM-2:55PMBreakouts
  • Open Source To Enterprise Identity - Crossing The Chasm
  • Speaker:  Dale Olds
  • Distinguished Engineer
  • Novell
  • Join Novell and explore past, present and future uses of identity services and understand how open source innovation translates into Enterprise benefits.

    Bandit project leader, Dale Olds, will give a preview of a new approach for identity enabling corporate applications -- how open standards, open source and Identity management products can work together to provide a truly flexible yet secure business environment. This new approach provides simple identity enablement to developers while putting truly extensible authentication, externalized authorization, and consistent audit event logging into the hands of integrators and administrators.

    Starting with existing identity information tools such as LDAP directories, this session will show how this identity services interface layer can be used to solve needs within a single identity management domain, but also flexible enough to support multi-domain models needed for outsourcing and cross-company collaborations.

  •  
  • Managing The Business Of Identity
  • Speaker:  Mark McClain
  • CEO
  • SailPoint
  • Over the last decade, companies have invested in a number of products and technologies to address the operational challenges of Identity Management, such as provisioning, single sign-on, directories, and others.  In recent years however, newer concerns including regulatory compliance, auditable controls, and effective risk management have given rise to a new class of solutions focused on "identity intelligence".  This session will look at the critical issues that companies are facing, and the role identity intelligence plays as those companies attempt to bridge the gap between business policy and technology infrastructure, while balancing the needs of users, IT staff, the company and its stakeholders.

  •  
  • Cutting The Edge Of Virtual Directories
  • Speaker: Michel Prompt
    Radiant Logic
  •  
  • Using An Identity Capable Platform To Enhance Cardspace Interactions
  • Speaker:  Conor Cahill
  • Principal Engineer
  • Intel Corporation

  • This session will examine and demonstrate how Intel's Identity Capable Platform (a research platform) can be used to strengthen Cardspace based Authentication transaction.  In particular we will demonstrate a financial institution provisioning an identity token into the ICP which is later used to locally authenticate the user and assert the user's identity through Cardspace.
  •  
  • Compliant Identity Management Processes Built To Scale With The Business
  • Speaker:  Abhi Beniwal
  • Senior Director, Information Technology
  • Daymon Worldwide, Inc
  • Failure to meet regulatory compliance legislation requirements can lead to failing audits and have dramatic negative effects for an enterprise. Reengineering processes in large companies with multiple partners requires a flexible approach when implementing an Identity and Access Management solution. The solution has to be scalable to achieve regulatory compliance, efficiency, and cost savings. This presentation will describe a best practice approach and will showcase a real life example from Daymon International, USA.

  • 3:00PM-3:50PMBreakouts
  • Identity Governance Frameworks
  • Speaker:  Phil Hunt
  • Director, IDM Standards
  • Oracle
  • Recently, Liberty Alliance announced the release of the first standards for the Identity Governance Framework. IGF is the industry's first programmatic and auditable open standards-based initiative designed to help organizations better govern and protect identity- related employee, customer and partner information as it flows across heterogeneous applications and networks. Mr. Hunt will discuss the recently published Liberty Alliance standards and their relationship to and impact on existing protocol standards.

    Mr. Hunt has also been working on an open source implementation of IGF at OpenLiberty.org. Mr. Hunt will also demonstrate some of the work completed so far and talk about the project's objectives going forwards. The developer API being worked on not only supports privacy constraints, but dramatically improves the ability of developers to write applications that integrate into complex multi-protocol environments with the potential to inter-connect identity silos in much the same way that the Internet did for for isolated networks in the early 90's.

  •  
  • How The Social Web Will Change The Enterprise Identity Management
  • Speaker:  Scott Kveton
  • Board Member
  • OpenID Foundation
  • Speaker:  Phillip Windley
  • CTO
  • Kynetx
  • Speaker:  Larry Halff
  • Founder
  • Magnolia
  • Speaker:  Nat Sakimura
  • Senior Researcher
  • Nomura Research Institute, Ltd.
  • Speaker:  Tony Haile
  • Chief Strategy Officer
  • Chi.mp
  • Speaker: Brian Oberkirch
    Social Media Consultant

    Social networks are becoming more open, more interconnected, and more distributed. Many of us in the web creation world are embracing and promoting web standards - both client-side and server-side. Microformats, standard apis, and open-source software are key building blocks of these technologies. This model can be described as having three sides/legs/arms/spokes - pick your connection: Information, Identity, and Interaction.  This session will be an interactive panel with experts from the emerging field of the Social Web answering questions and debating the finer points of this topic.  The questions, comments, observations, and topics presented by the audience will drive the discussions.
  •  
  • Identity Enabling Web Services
  • Speaker:  Ashish Jain
  • Director of Technology
  • Ping Identity
  • Speaker:  Eric Sachs
  • Product Manager
  • Google
  • Speaker:  Peter Dapkus
  • Product Manager
  • Salesforce.com
  • Many applications today are exposing their data via web services/APIs. Two of the common driving factors behind this are:
    *  SOA enablement within the enterprise e.g. a services layer in front of the legacy mainframe systems.
    *  To allow for third party applications to access data on user's behalf e.g. in the server to server mashup scenarios.

    We'll look into two leading protocols WS-Trust and OAuth. Both WS-Trust as well as OAuth are designed to address these use cases. There are some scenarios where OAuth is a better fit. In the other scenarios WS-Trust/WS* provides a better alternative.

    The objective of the session is to compare and contrast the two protocols and get a better understanding of the use cases. The first part of the session will provide an overview of the two protocols. The second part of the session will discuss some real world use cases and what approach is better suited.
  •  
  • SSO And Healthcare
  • Speaker:  Joe Greene
  • Information Security Operations Manager
  • OhioHealth Dublin Methodist Hospital
  • In January 2008, Dublin Methodist Hospital, OhioHealth's newest facility with 94 beds, opened its doors to the public in featuring a breakthrough environment designed from the ground up to be paperless and secure as part of a mission to change healthcare for the better. With recent government mandates, the healthcare industry is required to protect the confidentiality and security of customer or patient information. However, in OhioHealth's case, recent legislation surrounding online prescription drug orders from the Ohio Board of Pharmacy required new levels of transactional authentication, meaning doctors must provide identifying credentials at the time of transaction in order to approve the prescription order. In response to these requirements, OhioHealth implemented single sign-on (SSO) technology to produce quick and secure access to clinical systems for physicians and bedside clinicians at the hospital. With the use of SSO, clinicians and staff benefit from a streamlined log-in process and have been able to meet the state of Ohio Board of Pharmacy requirements for two-factor authentication in controlled drug prescription orders. In this session, Joe Greene, Information Security Operations Manager of OhioHealth, will stimulate conversation through a review of a particularly unique case study and show attendees how single sign-on helped OhioHealth transform into a truly "paperless" hospital. This presentation will:
    • Recognize the technologies and techniques being used to ensure tight security and user improve accessibility to information – while simultaneously achieving state and federal regulatory compliance
    • Discover how the implementation and maintenance of an SSO solution can be successful in healthcare facilities of all sizes

  •  
  • Solving Mixed Network Drudgery; How Switching To Centrally Managed User Names And Passwords Saved Valuable Time And Improved Security For A Large Provider Of Natural Gas
  • Speaker:  Manny Vellon
  • CTO Co-founder
  • Likewise Software
  • * Learn how migrating /etc/passwd files to Active Directory centralized the management of user names and passwords for a large provider of natural gas, freeing system administrators from the time-consuming burden of managing user names and passwords on a computer-by-computer basis.
    * Find out how joining machines to Active Directory made each user's name, ID, and password consistent across Linux, AIX, and Windows computers, making it easier to manage users and control access.
    * See a demonstration of how cells and group policies improved access control and security. Deploying sudo group policy improved security and regulatory compliance by eliminating the need for system administration.