Agenda
| Wednesday, 06.05.2009 | ||
| 07:30-10:00 |
Check-In |
|
| 08:30-09:00 |
Risk, Reward and Compliance in Challenging Times Mike Small, KuppingerCole
IT managers are now faced with daunting challenges: to reduce costs while managing risk and compliance and at the same time improving organizational flexibility to operate in different ways. Attend this presentation to hear global examples of how new approaches can help meet these challenges. |
|
| 09:00-09:30 |
SAP-GRC-IdM - What is the Problem? Marina Walser, Novell Europe, Middle East & Africa (EMEA)
|
|
| 09:30-10:00 |
Enterprise IT-enabled Cost Avoidance & Reduction: The Role of Identity & Access Management John Aisien, Oracle Corporation
|
|
| 10:00-10:30 |
Coffee Break |
|
|
Authentication, Physical & Logical Convergence Moderator: Dave Kearns, KuppingerCole
|
|
| 10:30-11:30 |
Smartcard: Physical and Logical Access Control within the Dutch Ministries Eric Brouwer, ICTU
The Dutch Government is implementing several basic registrations which can and must be used by all governmental administrations, local as well as provincial and national. These basic registrations are meant to be the unique authentitive source of relevant data, like name and kinship-relations, addresses, income, etc. One national service for Authentication is already in use, which should facilitate all virtual communication processes between governmental offices and between government and citizens or companies. Also, the Dutch Government has decided that the 13 ministries should operate as a single enterprise, not only towards citizens and private companies but also inbetween all governmental departments. This is not an easy goal, as there are quite different "cultures" within the ministries and obviously also regarding information security. Within the Dutch Governmental administration an Identity Management programme has been started to overcome the administrative borders in order to admit all governmental employees to their authorized information: any-time, any-place. Preliminary conclusion is, that a Federal-design is needed as well as centralization within our governmental "enterprise". So we set up a structure to manage the progress of the many ongoing developments (projects). These projects include the re-use of the National authorative sources for personal-data etc., centralization of the Hrm-processes, unification of fysical entrance, sharing buildings, centralized portal-functionalities, RSO/SSO, directory services etc. This presentation will show what kind of down to earth problems have to be solved and how they are always related to different outlooks, different goals and different priorities. The introduction within the ministries of one applicable Smartcard for physical access as wel as logical access (authentication), not unlike the American HSPD-12 initiative, is expected to make all the difference! This session explores the following:
|
|
| 11:30-12:30 |
The Importance of Authentication Frameworks for Global Interoperability Prof. Dr. Audun Josang, Queensland University of Technology, and Oslo University
Identities have a life in the sense that they are created, registered, used and deregistered. Identity management is about supporting efficient recognition and authentication of people, entities and organizations in computer network environments. It is often forgotten that identity registration is just as important as identity authentication for the overall authentications assurance. Various jurisdictions and organizations have defined authentication frameworks that specify policies for the life cycle of identities and their use in authentication. This talk will present the general components that authentication framework should contain, and go through a set of prominent authentication frameworks from around the world, including from the US, UK and Australia.
Kenneth Tessem, BankID
|
|
| 12:30-14:00 |
Lunch Break |
|
|
Provisioning & Identity Lifecycle Management Moderator: Sebastian Rohr, KuppingerCole
|
|
| 14:00-15:00 |
Business-Driven Identity Management at ENBW Eleni Richter, ENBW Holding
A brief look at the identity and organizational data management at EnBW. How to solve typical issues in the field of a business driven idm with the help of modern methods and open standards based on a service oriented architecture. Martin Andersen, Henkel AG & Co. KGaA
IAM process modelling as constant challenge for IT Projects & Roadmaps Cornerstones and enhancements of Henkels IAM portfolio Positioning of IAM processes as business processes & workflows Towards GRC with a comprehensible request & workflow management. |
|
| 15:00-16:00 |
Maximizing the Value of Identity Management Kari-Pekka Lifländer, Nokia
Presentation first suggests as the basis for Identity management value model the usage of Identity transactions. Identity transactions is defined as sum of rights requests + sum of amounts of rights delivered. Additionally, each transaction is given a euro sum value which results into tangible value delivered by IDM. The presentation next discusses the relevant parts of the role based access management model implementation that bring most value as based on the IDM value model. Discussed elements are e.g. different kind of approval flows, inherited membership approvals, privileges inheritance, delegated management of privilege and role structures, traceability of current permissions/permissions under approval or delivery/historical permissions, inheritance of the membership constraints in the role hierarchy, possibility to reconcile memberships with the target systems in case manual provisioning is used. Wolfgang Heidmann, City of Munich
|
|
| 16:00-16:30 |
Coffee Break |
|
| 16:30-17:30 |
Business Driven Provisioning „Quick Win“ Implementation of an Integrated System for Identity Management, Service Request Management, and Accounting Joerg Meinhardt, SCHOTT AG
Panel: Business Driven ProvisioningWolfgang Heidmann, City of Munich
Dr. Martin Kuhlmann, Omada
Joerg Meinhardt, SCHOTT AG
Alberto Ocello, Crossideas
Eleni Richter, ENBW Holding
Deepak Taneja, Aveksa
Erich Vogel, Computacenter
The panel discusses how to accommodate the fact that provisioning initiatives are increasingly driven by the business. The design and responsibility for provisioning processes must be managed on business level. It is essential that provisioning information such as access rights, accounts and software packages are presented to end-users in an adequate semantic form. Role model designs have to take technical and business levels into account. |
|
| 17:30-18:00 |
Identity Management & GRC - A Powerful Team? Dr. Martin Dehn, KOGIT GmbH
Dr. Peter Gergen, SAP Deutschland AG & Co. KG
Dave Kearns, KuppingerCole
Michel Prompt, Radiant Logic
Jackson Shaw, Quest Software
Especially in Western Europe we see lots of projects which implement access requests on a very detailed level. All access rights obtained through such processes are approved and by definition valid. On the other hand, regulations press organizations to establish periodic access certifications. They mean a high workload for managers and data owners. However, the amount of work can effectively be reduced by integrating a validity stamp of access rights stemming from official access requests. In both approaches roles can further enhance the overall processes with regards to efficiency, security and transparency. The speech discusses the powerful combination of the proactive access request and aftercare access certifications, where both share a common set of policies, rules and roles. |
|
| 18:00-18:30 |
End-to-end Business Process Governance Keith Grayson, SAP
When we talk about "best practice" governance, we are using the same words, but are we all talking about the same thing? When we talk about the convergence of GRC and Identity Management, do we have a common understanding of what they are and how they fit with business processes? This keynote looks at the question "what could an end-to-end business process governance model achieve and what might it look like?". |
|
| 19:00-22:00 |
European Identity Awards Ceremony & Buffet Dinner |
|