Wednesday, 8 July

(view day two agenda)
Arrival Coffee & Registration



Welcome address
√ Jon Shamah, Chairman, EEMA

Keynote:  A brief history of trust
√ Laurent Liscia, CEO & Executive Director, OASIS

Establishing trust in an increasingly connected world runs counter to human nature. In fact it may be that the trust we place in certain protocols and computing methodologies to keep us safe comes from context-inappropriate perceptions of how trust works. And yet, powerful digital standards, best practices and technical solutions to cement trust online are readily available. The shift to "cybertrust" is occurring as we speak, but at different speeds.

Keynote & Welcome on behalf of CA Technologies
√ Christoph Luykx, CA Technologies, Director, Government Relations EMEA

Keynote: Will cyber insecurity fundamentally change how we use the Internet?
√ Malcolm Harbour, Director, Digital Policy Alliance and ex-Minister of the European Parliament

The succession of cyber-attacks, together with seemingly random threats to businesses' information networks, coupled with the growing use of the Internet to further terrorist aims and repressive political agendas have created a climate in which the debate over data protection, privacy, security and surveillance is becomingly increasingly polarized. While the EU (and the OECD) are reviewing their privacy legislation, the US has also announced fresh privacy legislation and cybersecurity measures.  The EU is also finalizing its major Network and Information Security Directive, which could impact thousands of businesses.  In the meantime, many countries have enacted laws that legislate against cybercrimes which also include provisions that authorize governments to filter content that may be accessed via the Internet.The world now faces the risk of Internet fragmentation and very real conflicts between concerns for privacy and fundamental freedoms, and the often seemingly incompatible objectives of achieving network security and national security.

11:20-11:40 Refreshment Break


Keynote:  Threats, vulnerabilities & risks
√ Amar Singh, Senior Analyst, KuppingerCole

With new vulnerabilities and exploits constantly emerging and high-profile breaches highlighting just how exposed organisations are, keeping up with the dynamic threat landscape and sophisticated cybercriminal is undoubtedly a challenge.  In this session, an industry expert analyst will provide actionable threat intelligence, highlighting new risks and emerging threats.

12:10-13:10 Networking Luncheon

 IoT privacy risks, regulation - and solutions?
√ W. Kuan Hon, Cloud Legal Project at the Centre for Commercial Law Studies, Queen Mary University of London

In this session, the speaker will look at how the IoT is changing the privacy landscape.  People are using devices without being aware of the amount of data that these devices are collecting or the potential uses to which this data will be put.  At the same time the legislation around privacy is being strengthened and how will this impact on the processing of this data.


Delivering privacy in our hyperconnected society: Legal, technical, and standards implications for privacy and data protection 
[Interactive panel discussion]

√ Robin Wilton, Tech Outreach Director, Internet Society
√ Gershon Janssen, Privacy Consultant and Board Member, OASIS
√ Hans Graux, ICT Lawyer, time.lex
√ W. Kuan Hon, Cloud Legal Project at the Centre for Commercial Law Studies, Queen Mary University of London

Concerns over privacy have risen to the boiling point, with pressing implications for commerce, social interaction, citizen services, policing, national security, health, education and individual autonomy. That reality, coupled with the expected publication of the much-anticipated European data protection regulation, will challenge privacy delivery, risk mitigation and accountability.  Our expert panel will discuss the legal, technical and standards dimensions of this shared challenge - and opportunity.


Privacy Guidance: Task Force & Best Practices
√ Yves Le Roux, ISACA Privacy Guidance Task Force Chairman,  Principal Consultant, CA Technologies

In June 2014, ISACA established a Privacy Guidance Task Force in order to develop a series of practical privacy knowledge products in support of members currently responsible for managing or supporting privacy initiatives, and non-members in privacy operational roles. The first action of this task force was to realize a survey which results in a whitepaper. This presentation will provide an approachable introduction to the concepts, principles, and best practices covered by these two documents.

15:00-15:15 Refreshment Break

In our devices we trust?!

√ Sinisha Patkovic,Cyber-security & Info-tech Executive, BlackBerry
√ Dave Birch, Director of Innovation, Consult Hyperion

This session will address how trust is the key ingredient for a complete user experience and how the industry can benefit greatly from collaborative solutions to implement security on our connected devices.

Mobility & BYOD/BYOID

√ Stuart McRae, Executive Collaboration Evangelist, IBM
√ Rick Chandler, Chairman, Communications Management Association
√ Dave Birch, Director of Innovation, Consult Hyperion

The trend for employees to use their own devices has been apparent for several years and has brought new perspectives on security, trust and privacy to many organisations.  Now there is a growing momentum for users to bring their own IDs to work – does this work? Should it be encouraged?


Trusted eco-systems

√ Jon Shamah, European eID Subject Matter Expert, COSTAR BzW & Trust in Digital Life
√ Erik R. van Zuuren, Founder, TrustCore.EU
√ Harm Jan Arendshorst, Head of Product Development and Management Professional Services, Verizon

In this session, the speakers will chat about 'Trusting e-Identity' from both a public vs private sector perspective.  In addition, the expert panel will discuss how eSignatures and eDocs are finally breaking through.




Achieving a higher level of trust in devices with authentication & authorization solutions

√ Adam Cooper, Technical Architect, Identity Assurance at Government Digital Service
√ Abbie Barbir, Senior Security Advisor, Aetna
√ Don Thibeau, Chairman at The Open Identity Exchange

Mobility based solutions is on the rise. The pressure is on Enterprise to use mobility as a means of improving efficiency and enabling next generation solutions. Mobility introduces risk and new threats that the enterprise need to address. In this Panel our experts will be on-hand to talk about a standard based techniques that can be used by the enterprise and consumer to increase the trust in mobile based interactions. Review of latest progress in developing  step-up authentication solution that secures transactions across devices from OASIS Trust Elevation TC and authenticating user access solution to cloud resources over different geographical locations in real-time (CloudAuthZ) will be presented.

Networking Reception

Thursday, 9 July

(view day one agenda)
8:30-9:00 Arrival Coffee


CLOUD: Applications & Identity
Identity provision for cloud services: A forward look

√ Dr. Michael Poulin, Architectural Practice Lead, Clingstone Ltd.

The presentation addresses an issue of trust between service consumers and providers. The OASIS SOA-RM TC has developed a Reference Architecture Foundation (SOA-RAF) specification, in which it defines trust in the Service Oriented (SO) Ecosystem. Based on the specification, we elaborate on the consequences of interaction with services inside and outside of the business organization.


Efforts to build-up trust in the Cloud  [Interactive panel discussion]

√ Linda Strick, Business Development, Fraunhofer and Cloud for Europe
√ Michel Drescher, Director, Cloud Consult Ltd. and CloudWATCH
√ Richard Sykes, Director, EuroCloud UK and Partner, Executive Advisory Programme, Bloor

The cloud way is the smart way but it needs to be trusted, secure, fair and interoperable. During this session, several representatives from cloud-base programmes will come together to talk about all the improvements being made to improve trust in cloud-based applications.  They will also talk about how these changes are lowering barriers for service providers and users to develop, select, combine and use value-added services through significant advances in cloud technologies with open, standardised interfaces.

10:30-11:00 Refreshment Break


Securing Trust Across BORDERS
Streamlining our cyber threat intelligences process in a Hyperconnected World

√ Mike Mclellan, Head of Incident Handling, CERT-UK Organization

This topic addresses how to enable cyber threat intelligence to be shared among trusted partners and communities.  Using data converted to standard formats will allow security pracitioners rapidly identify and access current threats, and determine how they act, who is responsible and what course of action is needed.  Security professionals will no longer have to spend time analyzing data in disparate formats.  This presentation will talk about a streamlined process that puts the focus where it belongs—on prevention and remediation.
11:30-12:15  Enhancing privacy across borders through advancements in authorization, authentication, & risk management  [Interactive panel discussion]

√ Abbie Barbir, Senior Security Advisor, Aetna
√ John Sabo, Chair, OASIS IDtrust
√ Martijn Postma, Trust & Collaboration Strategist, The Netherlands Gaming Authority

The speakers will provide a high level overview of two major OASIS security standards (SAML & XACML) to elucidate how they're used to secure sensitive data, such as government data and intellectual property, as well as personal information. The group will describe how standards-based technologies are solving privacy issues through current use cases and also discuss two OASIS standards, PMRM and PbD-SE that serve to bridge regulatory requirements with technical systems. And finally, the speakers will outline potential future versions and/or profiles of these standards that will enable them to better support privacy-compliant applications and systems.
12:15-13:15 Luncheon

In our applications we trust?

√ Chris Cooper, Co-Founder & Diretor, KnowHow Information


Biometrics: the time has come?

√ JJ Nietfeld, University Medical Centre, Utrecht
√ Stephen Hope, CEO, Winfrasoft
√ Abbie Barbir, Chair, IBOPS Technical Committee & Senior Architect, Aetna

Biometrics has promised so much for so long and yet has never quite managed to deliver. But the tide turned and we are seeing commercial applications emerging. What has changed and how will they work?

14:30-15:00 Federated Identity Across IoT & Economy
Federated identity for the IoT

Paul Fremantle, Researcher, Portsmouth University

The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this presentation we look at the security challenges are examined around using M2M devices with protocols for encryption, federated identity and authorisation models in particular.  On the topic of encryption, the speakers will examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers.

A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
15:00-15:30 Refreshment Break

Trust and the economics of identity

√ Alan Mitchell, Strategy Director, Ctrl-Shift
√ Don Thibeau, Chairman, The Open Identity Exchange
√ Harm Jan Arendshorst, Head of Product Development and Management Professional Services, Verizon

Individuals and businesses are moving to a digital and mobile way of doing business with each other. The more we interact and transact online, the more important online identity assurance becomes. Without it the growth of online commerce – and therefore the economy as a whole – will be constrained. Current approaches to ensuring identities have much room for improvement. In the UK today, billions of pounds worth of transactions are still conducted using traditional manual and face-to-face processes rather than online because one or both parties in the transaction – organisations, individuals – do not sufficiently trust online methods of doing business. How are we going to build sufficient societal trust to make that paradigm shift?


Closing remarks

Conference Ends