ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
Topic/TitleRankingCommentsSub-working GroupIanChrisTomPaulShamunRameshRaviLeiJosh
2
1What is IAM for/in the cloud world?1 - 1, 2, 8 and 12 could be merged
- A clear definition of what IAM is and what challenges organizations are facing would be a good start
- How IAM is transforming and how it impacts today's cloud world and how to secure cloud world
- Challenges between on-prem, cloud and hybrid - both managing the workloads/apps over hybrid landscapes and also IAM being offered ina hybrid environment
- Guidance on starting/jouney with IAM - a blue print or a maturity model
- How Zero Trust fits in with this.
- JIT, Just-enough-access for cloud resources, challenges with cloud resources (ephemeral nature), dynamic access controls, etc -> this could be a separate topic by its own
Michael Tse, Faye Dixon-Harris, Dhaval Shah, Ravi Erukulla, Ryan BergsmaTuesday from 10 - 11 PT / 1 - 2 ET11111111
3
2Best Practices
4
3Comprehensive PAM (PAM everywhere)Scope of privileged access, security controls, privileged access to infra, apps, consoles, etc.
Levels of privileges
Definition of privileged access
Privileged access should not be just tied to what level of activity but the scope of access to various applications even when it is less sensitive access, such as read access
5
4Access: From everyone to everywhereWould passwordless fit here
6
5Think outside-in, not inside-out
7
6Access Reviews
8
7IAM for Analytics and BI
9
8State of Identity - Navigating from on-prem/hybrid to cloudTopic-1 could be a precursor to this
Interoperability within hybrid environment is key and still pervasive
Maturity assessment of IAM from basic to advanced
10
9Decentralized Identity3Identity Proofing as part of Decentralized Identity - covering both customer and enterprise identity. Identity Blueprint (strategy) Can we define the next gen architecture?
Use cases, support for this today (blockchain, etc.)
33343442
11
10Machine/Non-human Identity Management2Covering all non-human identities - service accounts, apis, RPA bots, devices, etc.
What are are machine identities, how is this important, how are they managed today, predictions, etc.
Mobile device identity management - understanding where a user is coming from
Operational Technology
Faye Dixon-Harris, Ravi Erukulla, Michael Tse, Alon Nachmany, Paul Mezzera, Ramesh GuptaTuesday from 10 - 11 PT / 1 - 2 ET2334
12
11IAM for Edge (IoT)Is this part of Machine IdM?
13
12IAM for Cloud world - strategies and best practicesCan this be merged with (2)? This is more about IAM for cloud not as much as IAM in cloud
CIEM and beyond
14
13Identity Standards4Conformance of standards such as SCIM, OIDC, SAML, WebAuthN etc.
Providing feedback and requirements to existing standard organizations
Paul Mezzera22232223
15
14Passwordless???Do we want to talk about the shift to passwordless?
16
15Customer Identity?
17
16Identity Sprawlmultiple identiy sources, unifying them through virtual directory, federating identities, etc.. Is this part of Machine IdM?
18
17Identity ManagementAccess Reviews (#6), Access requests/approal, etc.
19
18Authentication Management
20
19IAM Governance
21
20Authorization Management - RBAC, ABAC, Centralized place to control groups, attributes, best practices, services
Automation, delegation, etc.
22
23
General NotesEvery topic/section should start with definition at the beginning
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100