The Holy Grail of IAM: Getting to Grips with Authorization

This talk will cover the standards’ and the industry’s latest efforts in our aim to address that gap, from ABAC and the tried-and-true XACML to more recent innovations such as Open Policy Agent, OAuth 2.0’s Rich Authorization Requests, the Grant Negotiation and Authorization Protocol (GNAP), or the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants. The talk will help you navigate the treacherous waters of identity standards and understand which path to go down, when, and for what purpose.

Speaker: David Brossard. David is the Senior Director of Identity Product Management at Salesforce. He oversees the design and development of Salesforce’s Identity offering including CIAM and Enterprise Identity. Previously David was VP Customer Relations at Axiomatics, the leader in externalized authorization, helping customers design solutions that enable secure data access.

David's main focus is identity & access management and API security. David has published several papers and contributed to several books on API security, identity, and attribute-based access control. David is also a contributor to several identity standards including OAuth and XACML where he drove standardization efforts for developers on attribute-based access control (ABAC).