Evolutions of Access Control and Identity Management

A two day conference on the Present and Future of Access Control, IAM and Identity Management : Identity and Access Management, Identity Lifecycle management, Single Sign On, eID developments, Physical and Logical Access Control, Federated Identities, Multi-factor Authentication, … : presentations, customer cases, technology focus, market developments, panel discussions, …

This event is made possible with the kind support of our partner :

Governance, Risk and Compliance continue to be the main drivers for Identity and Access Management installations and services, according to a recent survey by KPMG and Everett. Some of these projects are becoming increasingly of strategic importance to many companies, not only to be able to control the identities, but increasingly to facilitate all sorts of activities.
During this two-day conference, we aim to bring together most of the important players and projects from 2009 and try to present a glimpse on the next year in terms of IAM activities.

With a special focus on convergence : where physical and logical identities meet.
- Governing risk and compliance both logical and physical access
- Single sign on in applications, Multiple entries in reality

Some other topics to be addressed :
- Identities in the Cloud
- IAM and ILM

Physical and Logical Access Control Combined : a world of converging technologies

For reasons of cost reduction, economies of scale, control or just ease of use, an increasing number of companies are considering the use of the same access control system (or at least integrated) between physical and logical access control. Considerations for using the same token (RFID card, biometrics, password, ...) have already been implemented over the last years.


What considerations are companies following to have a joint or integrated system for both? Who should be in charge of those systems : facilities, security management, HR, IT, or both? What is the basic business case, and how should we see the evolutions of such systems? Are there ways to integrate my access control system with my Identity Management System(s), should I prepare this in my IAM business case?

Identities in the Cloud

Security in the cloud is a significant concern, and requires fresh thinking about how siloed security frameworks can be modified to deal with an emerging compute model. Identity management vendors have been wrestling for some time with the transition toward a loosely coupled architecture based on a set of common standards. This transition will gain pace as enterprises look to take advantage of the cost efficiencies and flexibility of cloud services yet still maintain a set of appropriate access controls and event monitoring to satisfy compliance requirements.

Federated Identities

New evolutions of Role based access, such as ABAC (attribute based access control), CBAC (context based) have appeared. Also locally, Federated Identity Systems have seen the light in 2009. Who has access to what, who is who, and who verified who? When is who giving access to what? Why has who access to what? Who controls who should have access to what? Who controls that access, or when does he or she have access?


Federation takes these questions and concerns a step further; Either putting the who in charge, or the organisation controlling the who.

IAM and ILM

From a perspective on storing and retrieving information in the world of Information Lifecycle Management (ILM) to a world of access to information, systems, applications and even access to building, rooms, doors, ... from the world of Identity and Access Management (IAM).

Managing and storing information is a practice that was there long before computer even existed. Allowing access to those electronic data, storing vast quantities of data, meeting regulatory requirements for retention and protection and deciding upon critical and sensitive information that might require another risk management profile than regular data is a challenge for any organization both from a business and an IT perspective.

Learn from the leaders in Identity and Access Management services and solutions

According to Forrester worlds of Data Governance And Content Governance will collide. Ownership, accessibility, availability, trustworthiness, security, and compliance are problems faced on both the structured and unstructured sides of the information management coin. The organizational methodologies for governing structured data and unstructured content are actually quite similars. Maximize the potential value of a governance investment with a methodology that can get you started without forcing you to break the data/content siloes.

Final Program

Thursday, December 3rd

9.00 : Welcome & Registation
9.40 : Introduction & Opening Notes by Ulrich Seldeslachts
9.50 : Keynote Opening Presentation by . Peter Strickx, FEDICT : 10 million eID’s and kids ID’s, so now what?

By the end of 2009, there will be about 9 million electronic ID’s and numerous kids ID’s. This makes Belgium one of the leading countries in the world having this unique identifier as technology.
What are the next steps? What type of applications can be used and how should it be considered by business as a means to authenticate or to get access to systems and infrastructures.

10.35 : Results of the KPMG Identity and Access Management Survey 2009 by Benny Bogaert, KPMG

In 2009, KPMG and Everett with the support of EEMA and LSEC, organized the yearly interactive survey on Identity and Access Management.
With a clear development towards Governance, Risk and Control, also the economical climate have obviously had its impacts on the current situation. How do you relate that into your organisation and what are the key learnings of the study?

11.20 : Coffee Break

11.40 : Putting the User back in Charge over his Idenity, A case for User Centric IDM by John Harrison, Edentity

The Personal Information Brokerage (PIB). Working in collaboration with three UK universities, a large telco, and payment systems company,PIB envisages that an individual will be able to select one or more ‘information brokers’ from a managed market. Each broker will enable the individual to authenticate to, and communicate with, multiple organisations and other individuals (jointly counterparties), all at the appropriate level of security and using a coherent set of authentication steps.
As well as single-sign-on, and the various communication tools, the broker will enable the individual to give fine-grained transaction-based permission for the transmission of personal information to, and between, counterparties. It can be thought of as a grown-up and distributed version of social networking: the individual can invite new counterparties to ‘link’ to his broker account; and can then decide which ‘profile’ a new counterparty should see.

12.30 : Lunch Break

13.15 : Use Case with KBC : using multiple authentication methods on the same website with Webseal and trustbuilder C-Man, combining both Vasco Digipass, DIgipass Card Reader, smartcard and usb X.509 certificates by Dirk Verbiest, KBC

14.05 : Security and the essential role of IAM in the Cloud by John Van Westeneng, Traxion

What is the role of IAM in the cloud. Besides the standard federated components for amongst other single sign on, provisioning of identities, but also of access rights play a giant role in facilitating enterprise cloud services. Next to that, the following themes will be discussed :

- the strategic steps an organisation had to make to start using cloud services,
- the business case for the use of cloud services including the required infrastructures,
- the suppliers of service providers and what could not yet work as such
- the security elements that need (and need not) to be resolved

15.00 : Access Governance by Joris Ter Hart, KPMG

Access control is one of the key control mechanisms in place to protect sensitive (financial) information. Due to the economic crisis, information breaches through misusing access rights are increasing. Also the regulations around managing user access are getting stricter and an organisation has to proof that access controls are operating effectively. Validation of access rights is not completely new. In rather every organisation some kind of verification of access rights is implemented. However this is often done on an ad-hoc basis in a manual manner with a limited scope and profundity.Access Governance is an efficient process, with use of advanced analytics tools, to review user access to and within applications on a frequent basis to achieve regulatory compliance and improved security. In the presentation Access Governance will be elaborated in detail based on a case study and also the relationship with Identity & Access Management as a whole will be discussed.

15.55 : Closing Notes

16.00 : End of Day 1

Friday, December 4th

9.00 : Welcome Coffee & Registration

9.45 : Opening Notes by Ulrich Seldeslachts, CEO LSEC

10.00 : Convergence of Physical and Logical Identities, by Thomas van Vooren, Everett

Increasingly, the security of IT-services and the physical security of spaces and environment are being seen combined. Where traditionally the one the environment is of IT, the other a facility service, today often combined access means, monitoring and security models are being used. During this talk, some of the more important drivers of this development will be discussed, as well as the architectre including a central place for Identity and Access Management.
Finally, some examples will be discussed.

10.50 : Case Study : How a logical IAM systems had been implemented to ensure physical and logical access control, by Rik van Bruggen, EMEA VP Imprivata

11.40h : Physical Access Control in reality, an evolution in the world of access control, by Michael Andauer, KABA

12.20h : Lunch Break

13.00h : Discussion : ILM & IDM, the next challenge Identity in the Cloud and Federated models with SUN Microsystems

13.45h :  Securing Web Services in the Cloud, by Jan Van den Bergh, ACA-IT

The rise of Software as a Service (SaaS) leads to some interesting security problems. Moving infrastructure, applications and services to the cloud holds many benefits, but also introduces some interesting security challenges. The organization’s trust boundary is greatly extended and moves beyond the control of IT. This results in loss of control that challenges established governance and control models, and can even impede the adoption of cloud services. A well established IAM system becomes an essential component for a smooth transition to the cloud. For service providers, the use of industry IAM standards can greatly accelerate the adoption of new cloud services.
Federation protocols (SAML, ID-FF) can be used to solve the security problems that have to do with authentication and authorization: it then becomes possible to integrate web applications of different organizations and let users access them while their identity is passed automatically. Web services can be protected in a similar way, by adding assertions to the messages to guarantee the identity of the caller. Typically a Secure Token Service or STS is used to generate and validate the tokens containing these assertions, but other solutions exist as well.
In this presentation we will describe these concepts in more detail and tell you how they can be used in real-life applications. There will also be a small demo where Sun OpenSSO is used for federation and web service security.

14.30h : Centralizing authentication and authorization in a Unix World, by Wim Remes, Bull

Does an out of the box solution solve the the objective of having several flavours of machines and OS-es working integratedly together in an SSO? Or is there a better fit with totally integrated model based upon Open Source?

15.05h : STORK, the European eID Interoperability Platform by Marc Stern, Approach

The aim of the STORK project is to establish a European eID Interoperability Platform that will allow citizens to establish new e-relations across borders, just by presenting their national eID.
Cross-border user authentication for such e-relations will be applied and tested by the project by means of five pilot projects that will use existing government services in EU Member States. In time however, additional service providers will also become connected to the platform thereby increasing the number of cross-border services available to European users.

Thus in the future, you should be able to start a company, get your tax refund, or obtain your university papers without physical presence; all you will need to access these services is to enter your personal data using your national eID, and the STORK platform will obtain the required guarantee (authentication) from your government.

15.45h : Closing Notes

16.00h : Close of Conference

Advanced Role Based Access Mechanisms and Information Access Management : the perspectives from the user and the organization
Information Lifecycle Management : the perspectives from the data and information flowing in the organization.
Information Risk Management (IRM) in relation to Information Lifecycle Management
What is the impact of the lifecycle of information on Identity and Access Management (IAM)
Identity Enabled Information Lifecycle Management
The needs for Information Lifecycle Management : compliance, cost & control
The needs for Identity & Access Management : compliance, cost & control
Data Protection and ILM
Frameworks for considering and planning data protection
Understanding storage technology from the standpoint of data protection
Architecting more effective backup/restore solutions
Leveraging core computer security concepts and strategies to protect your most critical data
Securing your entire storage infrastructure, not just servers
Using policy-driven data protection and Data Lifecycle Management (DLM) to improve security and reduce cost
Using ILM to identify your highest-value data and choose the right ways to protect it

Information lifecycle management (ILM) entails the process of managing information from conception until disposal, in a manner that optimizes storage and access at a cost, relative to its value. Especially predicting the way people need to access information and define storage needs could be challenging as the business grows.
If the current economical climate doesn’t allow for massive investments and companywide projects, for any organization it remains sensible to investigate the impact of its information management systems and to consider potential future evolutions and trends. During this seminar the aim is to explore the evolutions of managing the lifecycle of information not only from an access perspective, but also from a storage and control perspective even over time. How to start taking both into account from the beginning? How to define where both concepts will be challenged at the same time? Or can they continue to be separated programs in your company?

Bring a colleague or friend and attend for free

With this event, again we want to create awareness on the evolution of Idenity and Access Management in Belgium and abroad.

If you send us an email with the forwarded invitation (securityforum2009 @ lsec.be), or copy us in the forwarded invitation to a colleague of your organization, or maybe a friend at another organization, you will be allowed free access to this event.
Alternatively, the access fee for 1 day seminar is 150 € (excl VAT), and 250 € (excl. VAT) for the combined days.

Practical Details

150 € (excl. VAT) for 1 day, 250 € (excl. VAT) for 2 days.
Free upon presentation prior to the event of the forwarded invitation.

Grotere kaart weergeven

For more information about this event, please email to securityconference2009 @ lsec.be or