Alex has been involved in IAM Product Development for over twenty years now, 10 of which spent specifically using Graphs and Graph databases for Identity and Access Management. As a graph-certified and IAM-accredited consultant, he has implemented solutions for clients in the field in both Cloud and Hybrid environments. Over the years, Alex has been evangelizing the Graph approach for Access Management at various Graph and IAM conferences and published many papers and blogs on the topic. As an active and founding member of the IDPro organization and a member of its editorial committee, Alex helps review and publish content for the monthly IDPro publications. Alex now leads the research and development of the 3Edges startup, which created the best and easiest to use Graph platform on the market, specifically for building identity-aware graph-based applications. Alex holds an MSc in Knowledge Based Systems from the University of Edinburgh, UK, and is an avid Sci-Fi enthusiast.

Developer and solution architect on the ID-porten team. She’s a consultant from JPro, has a M.Sc. in Engineering Cybernetics from NTNU and has worked in the IT-industry for 25 years. She’s been implementing security solutions in the private and public sector in Norway using OAuth and OpenId Connect for over a decade.

As a Distinguished Engineer for Ping Identity, Brian aspires to one day know what a Distinguished Engineer actually does for a living. In the meantime, he's tried to make himself useful with little things like designing and building much of PingFederate, the product that put Ping Identity on the map, and developing jose4j, the popularish open source JWT library. When not making himself useful, he attempts to build a legacy by sneaking his name onto specification documents that very few people will actually ever read, including various identity and security related standards in the IETF, OpenID Foundation and OASIS. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.

I'm the main guy from Signicat who arranged OSW 2025 in Reykjavik, so if you have any complaints (or compliments) these can be directed to me! 😅

My actual job is "Technical Product Owner" of a lovely team in Signicat called "Team Connect". My team owns the Signicat OIDC server along with a host of other internal services. In practise I'm part architect, team lead and product owner. My team has 5 developers based in Lisboa Portugal, and myself I'm based in Trondheim Norway.

I'm passionate about OIDC, agile/lean development, open standards, cycling, football, history, gaming and nerdy geeky stuff in general.

Elar Lang is a web application security specialist and enthusiast who has been working for more than 13 years in different aspects of web application security. A full-time security tester, training architect, and web application security developer educator (close to 3000 hours of training). Likes to research and write proof-of-concepts for attacks. More than 5 years actively developing and co-leading a security standard - OWASP Application Security Verification Standard (ASVS).

Out of business hours, to "escape" the screens and keyboards, takes a photo camera and stays or hikes in nature. Favorite places - Iceland and North Scandinavia.

Fabian Aggeler and Patrick Amrein focus on digital identity / credentials, security and mobile development. At Ubique Innovation, they contribute to architecting secure and seamless solutions that enhance user experiences across a variety of digital products.

Jacob Ideskog is an Identity Specialist and CTO at Curity. Most of his time is spent working with security solutions in the API-, Mobile and Web space. He has worked with both designing and implementing OAuth and OpenID Connect solutions for large enterprise deployments as well as small startup

Janak is a Software Engineer and a Technical Lead at WSO2, where he focuses on the design and development of the Identity and Access Management solution. With over six years of experience in the IAM domain, he is passionate about creating secure, user-centric, and scalable systems. Through his work, he strives to advance IAM solutions, helping organizations deliver secure and seamless digital experiences. Janak currently leads the authentication and registration aspects of the Identity and Access Management team.

Jeff is a Solutions Architect expert in IAM, Application Security, and Data Protection. Through 20 years as an IAM consultant for French, Canadian, and US enterprises of all sizes and business verticals, he delivered innovative solutions with respect to standards and governance frameworks. Since the last 4 years at AWS, he helps organizations enforce best practices and defense in depth for secure cloud adoption.

Joseph is a software engineer & architect with over 25 years’ experience, who started writing mobile apps before mobile apps existed.

He contributes to IETF and OpenID Foundation working groups, including the FAPI group where he helped write the security profiles used by most OpenBanking ecosystems and is a co-chair of the Digital Credentials Protocols working group. He’s helped companies around the globe architect and deploy secure systems, particularly when mobile apps are involved. More recently he’s been focussed on verifiable credentials, in particular the OpenID for Verifiable Credentials family of specs, along with the associated specifications like mdoc/mdl, SD-JWT VC and the interoperability profiles.

Joseph is CTO at Authlete and Standards Specialist & Certification Director at the OpenID Foundation.

Justin Richer is a security architect, software engineer, standards editor, and systems designer with over two decades of industry experience. He is the lead author of OAuth2 In Action and contributor to OAuth 2.0 and OpenID Connect. Justin is the editor of a variety of standards including GNAP, HTTP Message Signatures, and OAuth extensions RFC7591, RFC7592, RFC7662, and RFC9396. Justin is a co-author to NIST SP 800-63, FIPS201, and NIST SP 800-217.

PhD Candidate @ Mobile Technologies Centre (MobiTeC), The Chinese University of Hong Kong (CUHK)
Former Intern @ Samsung Research America

Michael B. Jones is on a quest to build the Internet's missing identity layer. He is an editor of the OpenID Connect specifications, IETF OAuth specifications, including JSON Web Token (JWT) and DPoP, the IETF JSON Object Signing and Encryption (JOSE) specifications, FIDO 2.0, and W3C Web Authentication. Michael was recognized as Distinguished Engineer by OpenID Foundation and was granted a lifetime achievement award by Kuppinger Cole for creating simple, secure, ubiquitous, interoperable digital identity solutions since 2005. As a long-time member of the OpenID Board of Directors, he architected the award-winning and globally adopted OpenID Certification program. He chairs the IETF COSE working group. Michael's Ph.D. in Computer Science from Carnegie Mellon University led to a lifelong career in digital identity, computer security, privacy, and networking. He is passionate about mentoring the next generation of identity leaders. His professional Web site is https://self-issued.consulting/, he blogs at https://self-issued.info/ and tweets at @selfissued.

Pieter Kasselman is an Identity Enthusiast, focused on standards based identity products. Pieter has over 25 years' experience as a technologist and engineer, working on bringing new technologies and business models to market. Pieter's first encounter with identity was his final year project which used neural networks to identify users based on typing patterns. Since then he worked in a number of roles as an information security analyst, software engineer and program manager in industries that include finance, software, silicon and cloud. His diverse background gives him a unique perspective of the importance of identity and the role of identity standards as both a business enabler and the first line of defence for organizations. Pieter recently joined SPIRL where he is focused on developing standards, technologies and products that allow non-human identities, especially workload identities, to be governed to a least privilege profile.

Takashi Norimatsu, Senior OSS Specialist, Hitachi, Ltd. is a maintainer of Keycloak, identity and access management OSS. He has implemented and contributed security features like FAPI security profiles, W3C Web Authentication (WebAuthn) API support. He leads Keycloak's community "OAuth SIG" (Ex FAPI-SIG) as Tech Lead for supporting OAuth/OIDC and its related security features to Keycloak. He has experience constructing high security banking API systems.

Thomas Reppesgård has been a developer for 25 years. The last 12 years with OAuth2, OIDC and SAML2-based identity providers in the Norwegian Digitalization Agency. He has a masters degree (Cand. Philol.) in Computational Linguistics, Mathematical Logic and Programming from the University of Oslo, Norway.

Web and Identity Protocols Security Researcher