All (Identity) Roads Lead to Identiverse
The crossroads of Identity and security is where the community comes together at Identiverse. Now marking its 14th year, Identiverse has grown into a landmark event in identity security. The conference attracts over 2,500 security professionals who converge for four days of deep learning, active engagement, and, certainly not to be overlooked, top-notch entertainment.
Combining more than 70 hours of enlightening content—from keynote speeches delivered by industry leaders to interactive panels discussing cutting-edge topics, and hands-on masterclasses where theory meets practice —- Identiverse offers a platform where attendees can connect, communicate, and collaborate. Moreover, the conference seamlessly balances intensive learning with relaxation and fun, offering unique group activities such as bootcamps and yoga sessions.
After a four-year hiatus, my anticipation ran high as I prepared to return to Identiverse. My motivation for attending was twofold. Firstly, I was eager to reconnect with old friends and colleagues who shared my passion for identity security and had been instrumental in shaping my career in the field. Secondly, and equally important, I was curious and excited to learn about the latest industry developments, understand where we stand today, and, more importantly, where we are heading.
The Journey Begins: Arrival at Identiverse 2023
As a veteran of previous Identiverse conferences, formerly the Cloud Identity Summit, I’ve had the privilege of attending this event in various fascinating cities, one of my favorites being New Orleans. However, this year marked a significant change. The conference, now under the leadership of CyberRisk Alliance, shifted its location strategy, choosing the vibrant city of Las Vegas, specifically the Aria Conference Center, as its venue for at least the next two years.
While part of the allure of Identiverse was the excitement of discovering the location for the next conference, this shift to a fixed venue was a change I greeted with mixed feelings. On the one hand, the Aria Conference Center offered a fantastic location with its state-of-the-art facilities. But, on the other hand, the sense of anticipation tied to the unveiling of the next city had always been a unique and integral part of the Identiverse experience.
Despite these personal musings, I found that the organization was impeccable. The registration process was seamless, and the Expo Hall was laid out effectively, ensuring attendees could easily navigate the different sections.
Among the hot topics this year, a few specific themes stood out: passwordless authentication (such as Passkey), Shared Signals, and, as always, the adoption of Open Standards in focus. Yet, an unexpected protagonist shared the spotlight in these discussions - AI and ChatGPT. The extremely rapid adoption of large language models (LLMs) in recent months seems to have taken both the organizers and vendors by a surprise. There was a palpable buzz about these technologies among the attendees. However, despite the apparent interest, there was a noticeable lack of concrete sessions exploring these subjects in depth. Andre’s was the only session directly tackling this topic, which I’ll delve into in more detail later.
Sessions and Learnings
The Identiverse 2023 lineup of speakers and topics did not disappoint. Among the numerous insightful sessions, Andre Durand’s keynote, Identity Under Attack, had a profound impact on me. Andre’s session, half of which was crafted and delivered by AI, was an impressive and slightly disconcerting display of the leaps AI technology has taken. It demonstrated not only AI’s capability to generate content but also its ability to mimic human voice delivery and create graphical presentations.
The unsettling aspect of Andre’s presentation was the potential misuse of such advanced technology, particularly large language models (LLMs), for malicious activities such as impersonation and phishing attacks. Identiverse, with its array of distinguished speakers and vendors, has long propagated the concept of Identity as the new perimeter of our IT systems and infrastructure—a perimeter anchored on Trust and Identity for everything. Yet, Andre’s talk unveiled the chilling reality of how AI could potentially breach this Trust. This left us grappling with a daunting question—if Identity and Trust can be breached, what safeguards can we rely on to protect our systems?
On a more optimistic note, the conference shone a spotlight on the rapid adoption of Passwordless solutions. This stirred a hopeful debate: “Is 2023 finally the year we will eliminate passwords?” Although the goal might take a little more time to realize, for the first time, I feel genuinely hopeful. It seems that we are at the cusp of an era where technology can be universally adopted and backed by all vendors, propelling us closer to a passwordless future.
As an ardent advocate for Open Standards, I found myself immersed in several sessions dedicated to OAuth, OpenID, Financial-grade APIs (FAPI), and Shared Signals. Gaining insights from industry leaders about the future trajectory of these standards and strategies to expedite their adoption was incredibly enlightening. The discussions were enriched by the shared experiences and lessons learned, providing a balanced perspective on the progress and challenges in these domains. Notably, Nat Sakimura, Chairman of the OpenID Foundation, left a lasting impression with his viewpoint on the broad application of FAPI Security Profile. As Nat eloquently stated, FAPI Security Profile should be used for all APIs, not only the Financial Grade ones, a perspective that broadens the scope of this profile and paves the way for a more secure API ecosystem across different sectors.
Networking and Interaction
Amid the breakneck pace of learning and immersion into the latest in Identity, authentication, and access management, the conference offered plentiful opportunities for networking. This provided a chance to reconnect with old friends and colleagues and to establish new professional relationships.
The discussions I had were diverse and insightful. They ranged from high-level conversations about the profound impact of AI on our industry to more specific and practical exchanges about the improvements in the OAuth framework, with the introduction of OAuth 2.1 and Open Banking implementations based on a Financial-grade API Security profile.
It was indeed a pleasure to reconnect with industry stalwarts as well as an excellent opportunity to meet new professionals in the field and broaden my professional network.
Trends and Future Directions
The Identiverse 2023 conference offered a glimpse into the current trends and potential future directions in the field of Identity, Authentication & Access Management.
Unsurprisingly, Passwordless authentication with Passkeys, and Open Standards, particularly in the spheres of OpenID and OAuth, continued to be the areas of focus, garnering considerable attention and sparking detailed discussions.
Interestingly, another trend that emerged was the focus on fostering and nurturing identity professional careers. Numerous talks were devoted to showcasing strategies for building a successful career in the field of identity security. This underscores the increasing demand for professionals specializing in this area and the need for platforms like Identiverse to support career development in this industry.
Looking into the future, it’s clear that AI will take center stage in the next year’s discussions, especially given the accelerating advancements and the potential implications these technologies hold for our industry. Moreover, another area poised to be in the spotlight is Authorization, particularly the concept of externalized Fine Grained Authorization. It was a commonly shared belief among attendees that, as an industry, we still grapple with effectively implementing this capability. The challenge lies in its complexity, but with the continuous strides in technology, the solution may be closer than we think.
As I reflect on my experience at Identiverse 2023, it becomes apparent that this event remains as pivotal as ever in shaping the trajectory of the identity security industry. It offered a wealth of knowledge, insight, and foresight into the exciting developments and the imminent challenges that lay ahead.
From eye-opening sessions to engaging discussions and from reconnecting with old friends to making new professional connections, Identiverse 2023 was a whirlwind of learning, networking, and inspiration. The shift towards AI and its implications, the steady move towards a Passwordless future, the continuous emphasis on Open Standards, and the focus on nurturing careers in identity security—all of these trends highlight an industry that is relentlessly pushing the boundaries, preparing itself for a future that promises to be as challenging as it is exciting.
The thought-provoking question raised during Andre Durand’s keynote Identity under Attack – If identity and Trust can be broken, what safeguards remain for us and our systems? – echoes in my mind. It underscores the importance of our work in this industry. It’s a reminder that, as we embrace new technologies and trends, we must remain vigilant and proactive in mitigating risks and enhancing security.
I’m already looking forward to Identiverse 2024, eager to see how the discussions and trends from this year will evolve. And, of course, to learning, networking, and contributing to the future of identity security. Until then, let’s continue pushing the boundaries, exploring possibilities, and safeguarding identities.