Hello all, please find below my submission with Title, Abstract and biography of the author. In case the talk is accepted I'd like a duration of 45min.
Title: Identity, Access and Security: Learnings from startups
Abstract: Cloud-based web applications currently play a major role in many enterprises' operations, in particular among startups. Providing secure Authentication and Authorization in such a borderless environment is becoming ever more challenging, due to the lack of central control and the huge variety of applications to integrate across multiple service providers.
Conversely, security engineers aim at protecting all business-critical services without losing control on their employee data or exposing sensitive information. Outsourcing this complex task, while tempting, poses significant risks in case of third-party breaches and may result in vendor lock-in.
Such security requirements, however, can be met by using open standards, by supporting a wide range of authentication protocols, and by deploying solutions based on modular and replaceable open-source components.
In this talk we present our real-world case-study, showing how we transitioned from an heterogeneus ecosystem of multiple disconnected entities, to a fully integrated Identity and Access Management architecture. Our deployment, operating on-premises and based on stackable FLOSS components (ie. OpenLDAP, Shibboleth, LinOTP, etc.) encompasses multiple authentication connectors and supports a range of methods for second-factor verification. Besides, such solution allowed us to improve user experience and cover multiple authentication scenarios, ranging from local facilities to cloud platforms such as AWS, Atlassian and Google.
Author biography: Alessandro is a Security Engineer at Rocket-Internet. Since 2014, he is tasked with improving the overall security and reliability of Rocket infrastructure, with particular regard to directory services and Identity and Access Management. Previously, he held engineering rols in several Fortune 500 companies, including Oracle, Sun Microsystems, Arantech (now Tektronix) and others. Over the years, Alessandro built a strong knowledge on "Unix-like" and highly-available systems in multiple projects across Europe. He designed modular infrastructures based on several components that included Directory Services (esp. OpenLDAP, Oracle OUD, Microsoft Active Directory), IAM solutions such as Sun Access Manager, Shibboleth, and Apache Syncope, and middlewares for connecting external services (eg. J2EE, desktops and virtualized environments via RADIUS, SAML and more). He is currently active on IDM/IAM and LDAP topics, and prefers to discuss about possible solutions in terms of protocols and standards instead of products.
Kind Regards, Alessandro