Steve Wilson’s resume
Steve is a strategic consultant, analyst, researcher and innovator, dedicated to digital identity and data protection for over 25 years, and “one of the most original thinkers in Digital Identity in the world today”.
Read moreWhy Isn’t Identity Easy?
My presentation at Identiverse 2021, contrasting the historical difficulty of building “digital identity” with the rapid progress made mobilising more objective credentials like boarding passes, tickets and even hotel room keys.
Read moreA Capability Maturity Model for Data Carriers and Digital Wallets
An article that maps the progression of data wallets in respect of automation, security and privacy protection, towards cryptographically verifiable credentials.
Read moreTuring Institute Presentation 2021
A poster paper presented to the Alan Turning Institute, September 13, 2021.
Read more“Trust in the Post Identity World” at Identiverse 2022
Coming up, June 21-24, Denver, Colorado..
Read more“What will we learn from the Market Failure of Digital Identity?” at Identiverse 2022
Coming up, June 21-24, Denver, Colorado
Read more“The Identity of Things” at FIDO Authenticate 2021
I gave the closing keynote speech at the 2021 Authenticate conference.
Read more“Authenticate the World!” at FIDO Authenticate 2020
A speech about the future of authentication technology in protecting data itself at large, at the 2020 Authenticate conference.
Read moreCollected submissions on AU Digital Identity system
Lockstep’s submissions on the Trusted Digital Identity Framework (TDIF) and Australia’s draft digital identity legislation.
Read more“It’s the data stupid” at Identiverse 2020
A speech about reframing Digital Identity, repurposing verifiable credentials tools to attend to the quality of all data.
Read moreThe long road to Identity on the Blockchain (RSAC 2018)
At the 2018 RSA Conference, I presented a critical review of blockchain for digital identity applications.
Read moreA Digital Identity Stack to Improve Privacy in the IoT
A peer reviewed paper presented to the IEEE World Forum on the Internet of Things, Singapore, February 2018.
Read moreDHS “Cydentity” 2015, Rutgers University
Guest provocateur at the DHS Identity & Privacy planning workshop
Read moreRationing Identity on the Internet of Things
I made this presentation to the 2015 Cloud Identity Summit, on the risks to privacy of ‘over identifying’ the data that increasingly gushes from all our smart devices.
Read moreConveying the pedigree of identifiers using digital certificates
A short one page paper on how to “notarise” personal data in smartcards or similar personal chip devices. There are ways of issuing personal data to a chip that prevent those data from being copied and claimed by anyone else.
Read moreThe Authentication Family Tree
My presentation to the 2014 Cloud Identity Summit in Monterey California
Read moreForget Identity!
I was selected in a call-for-papers to present my ecological theory of digital identity to the Australian Information Security Association 2013 annual conference. My talk was titled as a gentle provocation: “Forget identity!”
Read more“The IdP is Dead! Hail the Relyingpartyrati”
I was honoured to be a speaker in the Iconoclasts stream on the final day of the Cloud Identity Summit in Napa (#cisNAPA), where I presented my ecological theory of identity.
Read moreThe Natural Limits to Federated Identity
An updated slide deck introducing the memetics of digital identity, and showing how business system ecology puts natural limits on Federated Identity.
Read moreAn ecological theory of digital identity
Stephen presented a major new paper at the AusCERT 2011 security conference, on how identity evolves and why federated identity is easier said than done. This is a fresh and powerful explanation of the shortcomings of other contemporary identity theories. It provides an alternative way forward based on conserving the perfectly good identities we already have in the real world.
Read moreThe False Allure of Federated Identity
A presentation to the Cyber Security Summit, Sydney, 2nd August 2012.
Read moreIdentity Plurality
Orthodoxy in e-security holds that we must separate “authentication” of who someone is, from “authorisation” of what they can do. The distinction is actually arbitrary and unhelpful.
See also: Forget Authenticaion Read moreA positive review of Identity Silos
It’s not for nothing we call them “silos”: they’re strong, elegant, safe and under-appreciated!
Read moreTowards a uniform solution to identity theft
A high level comparison of all major two factor authentication solutions, with a close look at their vulnerability to phishing via the Man In The Middle attack.
Read moreA Practical Guide to Authentication for ICT Executives
Lockstep Consulting holds interactive workshops aimed at providing non-technology managers and executives with ‘everything they need to know’ about authentication, and equipping them to engage better with technologists.
Read moreTwo factor authentication and second class citizens
An unfortunate side-effect of user-pays security could be the creation of two classes of Internet banking customer.
Read moreMaking Sense of your Authentication Options
A sophisticated, business-focused framework for analysing authentication requirements. First published in the Quarterly Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence, October 2001. Reproduced with permission.
Read moreCurrent issues in the rollout of a National Authentication Framework
Early in the development of national authentication policy, and the struggle with PKI, this presentation to the 1998 Information Industry Outlook Conference provided an optimistic and innovative vision, involving communities of interest and digital credentials instead of a focus on personal identity.
Read more