You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the idea at the center podcast I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you? No, that's a bad yourself, good. It's going to be a busy day. We've got a lot on the sports calendar in terms of TV watching but I've also got a lot of, you know, household chores to do.
Because tomorrow I'm going to start my journey out to San Francisco for the octane conference. Yeah, so it's we recording this on Saturday November 5th. So I've just gotten back from a week-long trip to Scenic Elkhart. Indiana. Now, we'll talk about that. Maybe you real quickly, and then, yeah, we're gonna be an octane next week, so you're traveling out, tomorrow's Sunday. I'm flying out Monday for you and is kind of like an all-day
thing. Although we do get back like three hours because of the time changes. Well, we actually get another, our boys raised. Yeah. Because this is all back. I totally forgot about that. Yeah, so we're getting you're going to get an hour hours all over the place. So we'll be tired at like 6:00 in the shepherd knows how annoyed people who. Live in Phoenix. Get and I think there's a an area of Indiana that doesn't recognize daylight savings time but and they're right.
I mean I think it's it's kind of from a bygone error but I guess is the logistics of getting rid of it. That's probably more difficult than just maintaining it. Yeah, keep hearing at least in the u.s. they're going to It's almost like yeah, we're thinking about getting rid of it next year or so like that but it is from a relic from a bygone era. It was originally marketed as something that the farmers wanted and that's not the truth at all.
It was something else. It was just kind of got blamed on farming for some reason, but that's not the reason I didn't. I didn't know that. But yeah, I've always loved like they're starting Farmers. Make it third because their kids get up at 5:00 in the morning and milk the cows. Yeah, it was not. Yeah, I it's funny. I I went to recently, it was like, why are you know, why do we have? Why do we have this thing? And it was not a farmer's at all.
It was some sort of PR thing, that sort of blamed it on the farmers. So kind of funny Side Story if we got a minute. Yeah, so I would, I grew up in Philadelphia in the inner city and when I went to college, it was Millersville University, which is in Lancaster County and a sitting in a freshman year, political science class. I only remember what I was saying, but Some guy raised his hand and looked at me as like, you City. People don't care about the farmers at all and it was like,
whoa, maybe he's right. I thought that I didn't care about the farmers, but maybe I was coming off that way and so it was a learning experience. I think that, I mean, that goes, I'm sure I'm not breaking any big news for people here, but it's like about flexibility and being willing to learn and challenge your perspectives throughout your life. I think, when you get to a point where you're not, Willing to do that. You're done learning. Yeah, for sure. I think it's probably just that
awareness thing, right? If it's, if you're never brought into contact with stuff, how do you supposed to know about it? So I love travel and I think it's, you know, one of the things that I recommend, everybody's travel go see the world, you know, all the different, cultures, people's Nations, all that stuff, you know, I'm an optimist. I like to believe most people are, you know, good and just, you know, trying to trying to get by with their own different
lives. But yeah, go out and see the world and And get out of here. A little corner is a big eye-opener. I always kind of reference of back. My first trip to India. I want to say was like 20 2008, maybe 2010, I don't remember someone now was was a big eye-opener for me was kind of like my first international trip was like, oh, okay. You know, there is more to the world than just, you know, Chicago area and the United States right in cats like that.
And, you know, I had done some travel around there before, but that was sort of like the first kind of like okay, there's there's there's some things out there that I want to check out. Yeah. Definitely true. Soba. Speaking of travel. So we'll be in San Francisco next week which has always been one of my favorite parts of the country, you know, between just
the bay area. But also like the wine region it's just to be it's like it's kind of like heaven on Earth in terms of, you know all those Wineries and ranches and everything you just, I love it. But also really just looking forward to the conversation. Prince, there's a slate of speakers who are, you know, not even just in the identity access
management fee. So Serena Williams Magic Johnson are going to be speakers, and, of course, a lot of the executives from OCTA, as well as some of their partner companies. I'm just a really looking forward to learning a lot being around people who are thinking about, I am in the future, not just I am now, but I am in the future. Yes, it'll be. It'll be interesting and fun.
I think I definitely give a shout-out to really multiple people talk to team but they've really been welcoming and really kind of helping us get it. Set up for this including making introductions with some folks that we don't want to put names out there yet. But we're going to have multiple podcast episodes I think right now the plan is probably have something for like Wednesday, Thursday, Friday, maybe into the following week as well. So we'll see how it goes.
That's kind of like our our modus. I for when we hit a conference but definitely give a shout-out to Steven Strong. He's been like a super advocate for us and totally appreciate that. I think last time we talked about this, you know, he talked about his getting into his 15 minutes of fame, so I will give you another few minutes towards that to towards that credit. So yeah, thanks so much Steven and definitely others.
So as we get things kind of lined up this week I'm sure we'll have a whole bunch of people to thank and yeah, that'll be cool. So, yeah, and you mentioned some of the some of the folks that will be there like sorry too. Williams and Magic Johnson, you know, that's kind of cool, right? I think you go to a conference and it's like, okay, it's great to hear, you know, form, like, you know, so-and-so product person, whatever, or like, some
speaker in the industry. But it's always a treat when you get to, you know, hear stories that are really outside of like the industry. Right? So I'm curious to see what Venus and Magic are going to talk about. Well it's not for you to Serena I'm sorry honey but you know I think what Yeah, I think so just name dropping those two, they're not going to be on the pocket, be cool. But I don't know what we would
talk about. Yeah, well I think we would figure something out if they if they if they decide they want to be on the Pike house. Yeah, invitation is open. I just think that they probably get a nice speaker fee and the identity of the sender podcast has yet to reach the level of which we pay speaker fees. Hey you never know. I you know Serena magic, if you guys are listening you I can Want to come on, the world-famous identity access management podcast. Hit us up on LinkedIn.
There we go. Yeah. There you, go offers open. What else we got going on? So we're actually you had a conversation with Jerry, Gable friend of the show from Strada Identity or gas or orchestration. Easy for me to say. You guys talked about, I DQ L which is identity query language, and the hexa project which is this open source policy orchestrator for multi-cloud which is Pretty cool. We're going to play that interview sort of like to end the show because it's about 20-25 minutes.
I think something like that. So that's kind of like coming up but I think it certainly has a nice kind of like dovetail until like where things are going, especially we start talking about authentication and multi-cloud and things like that. And I think you did a round table recently where maybe something like that came up, right? Yeah. You know, shows on this connects round table and it's really
cool. I didn't know what to expect but The participants were, you know, the I am practitioners folks who listen to this podcast, you know, same kind of you know daily responsibilities. And one of the questions that was asked at the end was if you had the magic wand, what I am
thing would you create? And you know, one of the folks described I think the exact thing that that strata what the identity orchestration looks to solve as so it could not making a shred of commercial here but you know, it validated to me that people out there needed a tool for and this is what identity orchestration is all about is, you know, coming up with an abstraction layer or platform where you connect identity services, like your single sign-on multi-factor
tools along with Legacy Technologies and applications that are in your Cloud infrastructure. But like I said that kind of like validated to me that this identity orchestration is something that people actually need there. A couple other things I did come up in that whole dialogue as well which was one that really jumped out at me was the piece around. I am policy. So not like policy
orchestration. I'm I'm talking about technical policies but you know the Microsoft Word documents with the PDFs of like this is what Thou shalt do as an Enterprise employee and employee or an application over things like that. And I think one of the things I poked struggle with is you're balancing. Okay, we have all these compliance requirements, but we also have legal requirements and then we have security best practices and we want to meld all those things.
Our policies them the question or the goal from there is to drive enforcement. So how are we getting?
You know, first the knowledge that folks are actually using these platforms and or complying with the policies and then how do we increase the the compliance with our own policies and it's just as you know, something that we've been, you know, solving in our I am strategy development for a long Long time, have we talked about a framework and so, I was able to kind of contribute that to the group, which is, hey, this might not be the one and only answer.
But this is how we solve this in the past, which is really like, you know, first off using those policies as a way to drive adoption of your IM platforms by saying, if you're using our single sign-on, if you're using our Pam in RI GA, you know, the I am program offering of those Technologies. Well, that your Flying across all these policies that were driving your the password policy things like that.
And yeah. So you know that was kind of one of the things that I was able to contribute was that you can get to that and then you know where you don't have compliance. Yeah. You do need to check and folks that are out of compliance that. In other words, not following your corporate security or I a policies, it's kind of like that. I'd have a better way to put it but now Almond shape. So it kind of like you know identify put a spotlight on that. This is where we're not compliant.
This is where we're we're not following our own policies. Yeah I think it sounds like a good conversation. Is it sounds to me also like it. Maybe it was something very specific to specific group of people. So this is not something it's like publicly available that people can check out. Yeah. Unfortunately that's the way these these membership has its privileges membership. Has its privileges but I think
it Nobody's interested. I can certainly link them into the folks of context so they can be invited to future events. I just reach out to me and like them. Yeah, I did something similar for the retail and Hospitality. I sock group information, sharing and Analysis Center. Talked about ransomware and identity. And that's one of those things where, you know, it's a, it's a similar actually, you know, kind of an updated version of the presentation that that you ditched me on.
I'm at last year's, authenticate talking about smart, I am to reduce ransomware. And so I kind of updated version of that. So I think you're going now, we're even so. So if you're in the retail and hospitality industry, definitely check out our hias a c.org. It's a great group of folks that really kind of come to go to kind of share information around information security in general around retail and hospitality industries. So might be something worth checking out.
That's good folks over there and you know, membership has its privileges. You can you can check out a replay of of the webinar, I did on that. So so we're going to think go ahead did want to mention one other thing, which is, you know, I kind of feel like it's in our nature. We're both 20 years in this industry that we're really focused on giving back, so it's between this podcast and doing events like that. But I also don't think you have to be in the industry for 20
years to give back. I wanted to give a shot Shout to Andrew, Chantal phone that I get his last name, right, chance bun. You did you got it? I nailed it for a change but he's put out a LinkedIn class that he led. My really, you know, just more or less been following it on his LinkedIn post. I haven't actually gone out and done the training yet.
But they're shout out to Andrew because I think the first time we talked to him is heading to new in the industry and trying to give back at kind of this early stages. Career and it's really admirable that he's doing that. He's putting himself out there, he's not afraid to you know make a mistake or something like that and I think that's a good leadership you know but everybody quality to have right there. Yeah I mean putting putting herself out there is not easy right?
We do this podcast to do for a while every every time is a journey but you know, my hats off to anybody who produces. Content for other people to consume, doesn't matter what it is. Every one of those folks are putting themselves out there and yeah, sometimes, you know, sometimes it's good content, sometimes it's not right. And if they're, you know, you can get easily kind of bogged down in the details especially if you're wrong on something. And I think it's okay to be aware that.
Yeah, you're probably make a statement to stake at some point and as long as you're willing to own up to it. But yeah. Okay. Yeah let me correct that or change my way of Or whatever, you know what? It looks like that's cool too. So I think the more people who are out there contributing and Andrew is certainly one of them, you know, I'm excited. So he's got next, he's got another class that he's working on. I didn't want to spoil his
thunder. So you know, I've invited him as I hate when you're ready, you know, let's publicize it on on our podcast, he's got his LinkedIn Channel, but there are others that are doing the same and yeah, I think having more viewpoints in the world that people could consume and take as a data point for their own decision-making. Just makes everyone smarter And makes it easier for everybody to get better, you know, every day. So, totally agree with that one.
Yeah, you know, Andrews been on a mission to bring more people into the industry. I saw Bill Nelson, put out the ID, Pro monthly newsletter email and he cited a statistic, where the I am industry is expected to double in the next five years from 13 billion 226 billion. It's not too late to join the party folks. That's exactly right. Yeah, I'd love to see more content around the business.
Side of I am. There's lots of Technical Training and sort of, like, you know, here's how to do X inside of why application. What I don't see a lot is sort of like all the intangibles that sit between sort of like the engineering aspect and sort of like the information of how to do things and the real world, right. How do you get buy-in from the business? How do you run? And I am program.
How do you know what are some things to think about if you're establishing policies and procedures are standards for things like that. So I think that's something that, you know, we might see some some uptick in in the next couple of years, I don't want to spoil any things that we might be, you know, working on. But that is an area that I think more people contributing to the better for everybody. Absolutely. Alright. So let's get to your conversation.
You had with Jerry. But before we do that, I mentioned that I was in the RV capital of the World, Elkhart Indiana, I think earlier on, I didn't realize that it was the RV capital of the world. I guess I kind of knew in the back of my head because of kind of live in the Chicago area for so long. But did you know that there is a RV /, manufactured housing, or manufactured home Hall of Fame?
I was not aware of that. Yeah, so it is across the street from our SM offices in Elkhart. Yeah, I have not been to it, but I wasn't aware that there was, there was Thing. Yeah, I mean, there's, you know, one thing that I found out is that there are so many different manufacturers of RVs & motorhomes. I had a Jayco brand and that, you know, one of the big trends right now is that there are sites that are kind of like airbnb's for RVs. So you, if you have one, it's in decent condition.
You can print it out which I think is super cool. It's parked on a lot of And you've kind of got almost like a tiny home, right? Yeah. Well, most people know, it's not even to leave it on land. I mean that the idea is that people can actually drive it and okay. So yeah and so, you know, I think the most people who have RVs, at least what I had an RV is like use a couple times a year.
And for the most part, you're paying insurance and maintenance and all, and, you know, taxes, basically registration taxes for to sit there and not get used. So if you're able to read it out and recoup some of that money. And also, I mean, I think one of the great things about Airbnb is not only the fact that you can make money from the, you know, from renting out your place. But also to somebody else, gets to enjoy it and somebody else gets to build their experiences there.
So, yeah, I think it's kind of contributing to the good in the world. So it's got me thinking, you know, we usually lighter note the end, but we're going to end this episode with your conversation with Jerry. Let's do that. Now what? Does your perfect RV look like? So I I had an RV like I mentioned it was a classy. But it was 40 foot too big. It was like it was not even a little whom, is it be home on Wheels. So definitely have to be smaller
more maneuverable. And it would have to have, you know, either some kind of vehicle that came out of the side or that you dragged behind it. Because if you're going to Have that kind of motor home then? Actually, I think I would just rather than that, as pull something behind, but I definitely would like to get on the electric Trend. Okay? So, the main point is what I really wanted to say about my, my dream RV would be that the worst part of having an RV is
doing the sewer. It's disgusting. You have like, basically this long tube that you hook from the side of your RV into this train, A pipe and you have to like drain out your your black water which is the worst stuff and then flush it out with your gray water. It's like a process that you go through to basically clean out your, your sewage tank is disgusting.
And if you have any kind of mistaken, you better put on plastic gloves every time because the one time that you don't, you're going to get some sewage on your hands and you, it doesn't just wash off it stinks. You're not you're not really helping me, you know, want to do this very much, but I was thinking like I'm the same like I want something that's easy and I think something that is like an electrified version of a RV of some sort would be kind of cool.
Yeah, I want the bells and whistles like I want Wi-Fi. You know, I want to basically have like a hotel room on Wheels. It's kind of a, but I'm thinking about it. Yeah, I actually had a VW Vanagon back in the 90s and they were built mostly in the 80s. It was like, look, you don't have the shower and the toilet, but most campgrounds, have those things.
So if you're willing to use public stuff for that, I mean it's it's really convenient because you can park it on a normal parking spot, and it's got a cool factor to and BMW, has a has a, their updated ID that buzz is there, electrified little VW band. Type thing, coming out, coming out Out. But you know what? They've been talking about that going to help for like decades now. I mean, seriously think it's
closed. I think it's like within the next year or so it's already being driven around and sort of tested. So it will be sold out constantly. You'll have every order animals. So yeah, that's true. But even if it wasn't even if electric vehicles weren't going, the way they are VW stuff. Has just so much demand. I'm surprised they haven't released it sooner. Cara. Okay. Anything else before we hear from yourself? A Jerry?
No, I'm going to be rooting for my Georgia, Bulldogs today and the Philadelphia Phillies because I'm not a Houston Astros fan. So let the hate mail flow so Phillies and I guess anti Astros is how your position is. Yeah. And I'd like the Bulldogs over the volunteers of Tennessee and I have zero positions on either. Let's get into your conversation with Jerry. Thanks everyone for listening and we'll see everybody at Octane and then in a few days I'm here with Jerry, Gable head
of standards as shred identity. Hi Jerry. Hey, Jim great to be back with you, great to have you again, we saw each other Gardner recently, it was great to see you and we decided we needed to catch back up with this. Is your second time on the identity at the center podcast. So you know, the normal routine is we ask Q. How did you get into identity? But since we already got that story from you and anyone who's interested in checking that out
they should go back to that. Episode my question more is what's what's been? What's new for you? Since the last time you're on the podcast? I know there were some new things getting started and hopefully you have an update for us. Yeah, I sure do and I know we'll get into that as we as we continue here but yes, it was great to see you at the gardener
identity. On Friends. It reminded me of my actually my first visit to the first Gardener identity conference back in the day, I think it was circuit two thousand six or seven. I was a burden group at the time and I tried to get Gartner to give me a comp tickets to the show, you know, just because we wanted to check it out, of course, identity had been a big part of the burden group Catalyst conferences for many years and because Gardner had got an idea.
Hey, this is a big thing, we should get into it. As well. But that was it was interesting to see their show the first time around and you know it's definitely one of the better identity conferences in the industry these days. So it's definitely a must-see for folks that wanted to see and hear what gardeners thinking about on the identity landscape. Yeah.
One of my favorite things about their conferences that you meet, a lot of people who are new to the space who are trying to wrap their brains around it. And I think Gardner does a really good job of kind of No making things understandable for folks who are coming from a different perspective, maybe other parts of it or other parts of the business and trying to wrap the rate their brains around this thing of what is identity? Access management. Yeah, I totally agree with that end.
In there were several really good presentations by buying some of the analysts and definitely enjoyed that part of the event. But you also ask the you know, what's new here on on the front front lines of identity orchestration and what I've been working on, I think last year when we spoke might have been the first public mention of the identity query language standard that we've been working on. So that's been been my focus at people like to come on this
podcast, to break big news. So, well, when you, if you want to say, you heard it here first, it's actually true. So kudos to you guys for wanting to learn more about that, but since then we've been doing Lot of work on the project, a lot of work on the open source heart of it that we call hexa hvx. A and the I guess the other big news is that over the summer over this past summer the CN CF. The cloud need of computing Foundation accepted by 2 ql and hexa as a Sandbox project.
So that's a huge milestone for us. Congratulations on that. That took a lot of work. I'm sure, you know, one of the things that we like to do with the podcast is not lose people too quickly, right? So maybe we start at the basics is shredded identity of solving a problem. The solution is called identity orchestration, but the problem is really around this multi-cloud, Pidp situation that so many companies are in as not just big multi multinational conglomerate corporations but
it's even mid-sized companies. So maybe talk about that problem a little bit and what you guys do with the identity orchestration to kind of solve it. Absolutely the identity orchestration is really a new technique and new technology within the identity industry these days. You know, it's strata is Is the one really to I identify this as something new and different, and to invent the concept and it's really about building an abstraction layer between your applications.
And all of the identity infrastructure that those applications consume them primarily we talked about idps, you've identity providers were authentication providers and things of that nature. But yeah, it's this abstraction that decouples your apps from the identity function.
It's so that you can do a lot of, you know, more flexible things today with software that you could not do previously, you know, if you wanted to modernize the authentication of an application, you actually had to rewrite that part of the app.
For example, you know, if you want to add MFA or password list to existing applications, it's really difficult to modernize them in that way because, you know, they weren't maybe some of them weren't even built for Samuel, you know, maybe A lot of Legacy applications that are very important to distances, still use things like ldap authentication.
He was so how can you break that Bond and you modernize that to you, something like open ID, connect and in addition add-on MFA, or password list where needed.
So that's what an identity orchestration, abstraction layer can accomplish because you connect the idps MFA and other identity functions to the Fabric to the abstraction layer and the orchestration is the you've sort of the flow of what happens when a session is initiated, you know, I'm a business user trying to access a certain application which I DP. Should I go to, for certain parts of that application? Maybe they're more sensitive. I need to use a step-up
authentication or MFA. And again the identity orchestration layer can manage that sort of session flow until Open. Ultimately, you get the application, the information it needs to to properly establish
the user session. Yeah. That abstraction layer I mean that seems to be the you know such a common architectural principle now and how you take Legacy applications infrastructure and kind of you know integrate them with with modern Technologies and it sounds like Really, that's what the identity orchestration is really about and it provides that Rosetta Stone because that's the hard part. Right?
Is like you know, when I think about all of these applications is they all are not only applications but platforms, Etc. They all have their own way of integrating communicating providing authentication. So is the identity orchestration layer. From what I understand that you know provides that Rosetta Stone. So that you as a practitioner you as a company don't have to solve this for all of the platforms that you need to
integrate. That's right because when we talk to customers you know so many of them have you know hundreds of applications, maybe a few thousand. So if you think about you incorporating password list for each of them you just you don't have enough time or resources or budget to accomplish that but instead You the orchestration layer, connects to the applications and you connect the MFA or password lives or the IDP to the orchestration layer and
we can coordinate. We can broker those interactions in a much more efficient way so that's what strata and Identity orchestration or all about. Can I ask you a question here is to talk about is this terms of Legacy? Yes yeah when we talk about this term Legacy, I know it you know one point my career I meant one thing and one thing only which
was the green screen, nowadays? I mean, you can talk about like, well certainly, any kind of like corba or Java applications even but it, you know more like web enabled applications, maybe header, based authentication. So how far back can you go? I mean, when are you talking about? You can even integrate the the green screens into some of these Idps or just it's just not possible with the technology.
Yeah, it's a wide range of Technology of application technologies that can be supported, definitely had her based apps, you know, that's sort of table Stakes. You need to be able to bring those older applications that still have a lot of business value. You need to continue to bring them forward into into the modern way of managing them and so yeah. So there's, you know, there's definitely techniques for dealing with them and Kerberos Stamps for example.
Yeah I remember kind of some my my earlier projects in my ID career was you know, building web interfaces to Mainframe applications and you know, those were not fun projects. A lot of screen scraping and stuff going on in the background. Yeah, they're still out there, right? The, you know, the mainframes will will be out there for, for quite a long time. Yeah, absolutely. So, You would mention the
updates to the new standards. Would you kind of give a little bit more background of what their standards are all about? And kind of what the process is like that. You're going through because you're the head of standards. What does it mean to kind of develop a standard and get people to buy into it was that whole process? Like, but me first, start with just like the update on the those two particular Sinners. Sure. Yes. So we talked about identity
orchestration here. Neo to how do you deal with applications deployed across multiple clouds and you still hybrid deployments dealing with multiple idps and you all other kinds of authentication and that abuse providers. If we think about policy orchestration, it sort of the,
you the flip side of that. Because each Cloud platform each major Cloud platform has its own way of defining access policy and how they enforce it. And this is true also up and down the stack you know from the application to the infrastructure and platform to the data level and even to networks you can zero trust network access.
So you have all of these different And policy formats then think about, you know, how difficult it is to manage that just you know, from a staffing perspective you need skill sets now and all of these different areas because each of those systems manages access in a primarily, a proprietary way and then also how difficult it is to really govern that sort of complex environment who has access to what it's still a very difficult. Question to answer.
So, when we looked at this space, we came up with the idea of identity query language or I dql as a way to generically define the access policy. So it's a declarative format. That's meant to describe you. The vast majority of use cases, but it's not just to be clear, it's not a runtime policy decisioning or enforcement mechanism, it's it.
Way to Define policy in a generic format and then the hexa software that I mentioned before, Tech say is an open source software project that implements, I dql and translates that I dql into the bespoke OR imperative format of the target system. So you can imagine that over time as we have more and more Integrations and connections available, you'll be able to bring in more and more access.
These from these different Target systems and be able to manage them in a single way, be able to do reporting analytics governance on them. And also just use the power or of the the hex ni de que. El model to manage many, many Target systems in a uniform and consistent way. So that's what that's why we came up with the idea of this project and the folks at at strata you know, our From our Founders and management team. They were part of the sam'l definition, way back in the day, right?
So we have folks here there were co-authors of sam'l, so we, it's really in our DNA to support and really invest in Industry standards. And we felt strongly enough that this is not something just that strata should consume, but that it should be, you know, part of an industry wide effort, to try to address some of these challenges that customers are facing And so samples are standard.
They're really took off Wade. I think if you're listening to this podcast, you're probably well familiar with Sam. Oh, what does it take to get? That kind of, you know, ubiquity in a standard. Yeah, it does take a lot of lot of effort, a lot of coordination and and time commitment.
So what we did was we started out writing, you know, the the Baseline. White paper, if you will describing what what it, what I dql consisted of, and we started looking around talking to to customers and partners and seeing who was interested to get in at the start, and really help to build this out. So we talked to a lot of customer organizations about, you know, some of their issues and and then it death, you know, the concept definitely resonated
with them. They saw this as a challenge that really It was on met by a lot of the you, the primary vendors in this space today. And and so we use the, you know, the customer review here to help help build the the impetus and the momentum behind the effort. And we also started building the hexa open source software because it's, we weren't starting out to just Define a specification, you know, pretty much anyone can do that, but we wanted to Show that it could
actually work, you know? So that's why we have the hex open source project as a component of this whole project is to show that we can take, you know, I dql and convert it to you the Google Cloud platform format or as yours or AWS, you know, that we can connect to those platforms and using their public apis to discover. What application resources are there within a domain or project? What a access policies are already defined, you know, pull them in, translate them to the, I dql format.
Now we've got you know, many applications, many systems in in the administrative view so we can manage them from there. We can make changes to that policy and then retranslated to the imperative or bespoke format of the target system and use orchestrations and push that out there and activated. And and again I'll reinforce that we don't replace. Runtime decision or enforcement functions. We are just an administrative function of managing the access policy itself. Yeah, right.
I mean, it's just a Rosetta Stone that we talked about, right? So we got, you know, so we developed this working group, we started working on the open source. We built out and rode the first edition of the specification. And earlier this year, we submitted a proposal into the cloud native computing. The foundation because we wanted to be part of an industry organization that was vendor-neutral that had all of the protections you know of until actual property and so on.
So that as new contributors came on to the project they would have the the Comfort or the confidence of being within that sort of intellectual property regime and and then early in the summer we got approval for for a Sandbox project as I as I mentioned. Earlier.
So now we're, you know, we're opening up that working group membership to more and more people, bringing more and more folks into the project and you know we're just continuing onward and upward and in trying to build more more momentum and you know, eventually get to that point where we see idq all being a common standard implemented in the industry. That's yeah to me that seems like that's the mark of success.
It's kind of like when you have a child raise the child And then they move out of your house and they go live their own life that it's kind of, like success on child rearing and it seems like right developing a standard Europe, Angela lysing. It you're bringing other people into the fold or some point, it kind of goes off and lives the life of its own. It does ultimately it has to go out into the wild on its own and stand on its own merits. You're right, you're right about
that. So I know you're you're we had Gary verow on the yes, on the podcast. Couple weeks back. He's running the Chrysalis conference and you're going to be one of the speakers. You're on a panel, they're talking about this very topic. So I guess that's part of the evangelization of the standard, right? Is generating awareness and what else is are you hoping to get out of being on that panel? Yeah it's definitely creating more and more awareness.
You know them Gary and team of are putting together a great. Content of the Gent, you know? And agenda of content for for Crystal has again this year and we think it's you know another good audience to talk about the ID ql standard and how far we've come and the things we want to do in the future. You know the things we have on our roadmap and so be on a panel with way delery of brilliant logic.
But it's done, I guess, two or three webinars with, in the past Pam, Dingle is going to be on there from the ahead of Sanders from Microsoft as well. Patrick from Ping Identity, it's going to be on the panel. So I think it'll be interesting. Definitely some different viewpoints to talk about there.
Yeah, I guess, you know, probably one of the keys on getting a standard adopted, these days, just getting support adoption of the standard by some of the the what they call Big Tech Amazon. Microsoft, Google, right? I mean, that's kind of like when They're kind of buying into it.
I think I would think that's, you know, what can really make this thing take off it, can, you know, that's even it's obviously very helpful to get a big Marquee, vendor like that involved in the process and we've been having some of those conversations. But it, I said earlier, it's also important that vendors hear about this from the customer side from the Enterprise side, and we're starting to see some
of that happen. And then also, So we've gotten quite a bit of coverage from Gartner, you mentioned. You speaking of the identity conference that you I saw you had recently you know I dql is being tracked by the analyst Community as well. Uniteq Vision, Gartner Forrester and others and you know, that's also helping to raise awareness of it, get from the Enterprise customer side of things.
Yeah, I think one of the cool things also about the crystals conference is, you know, you had mentioned June that Gartner conference back in 2006 and I think that was my first Gartner conference says, well, you know, that was when I was kind of like really getting into this industry and I think I was also at the burden group conference a year, but that aside and digital ID world is like I said and all the conference's van I was going
crazy but one of the things I realized was identity and access management is a special industry. We're not Getting in the room and talking about technology but there's also kind of a philosophy that plays into this like what is your identity? And I, you know, where I see that really manifesting today is on this whole idea of like digital wallets and decentralized identity in the ability for a person to actually own their identity. You know, there are several areas that are that are real
interesting like that. You always see these. These new things cropping Yup. But to me, like, that could literally transform how this industry looks further on down the road. What do you think?
Yeah, absolutely. Absolutely yeah, we started talking about, we called it limited liability, personas back at Burton group and I forget which Catalyst conference it was, but it was around that time frame 06-07 that Bob Blakely gave a talk on this And I'm, you know, another subject was that the identity Oracle, if you will you know the limited release of attribute information about a person given the context of a transaction or for an interaction online.
So yeah. We've been talking about these sorts of things for a long time. I think the biggest impediment really has been the business model of those properties that you're trying to interact with. You know, are they really going to give up? Up. You know the ownership of all this data about you is you I
think has always remains. The biggest challenge is not the technology per se. You know there's I think you know the some of the Sovereign identity folks are taking a different techno technological approach to it with limited liability personas. We're thinking of it more in a legal context knew that you would actually incorporate some kind of pseudo identity of yourself. So that Could have some of the same protections that a regular
Corporation has. So we were taking more of that angle rather than a technological one. But again, bottom line is I think the you the economic business model is still a symmetrical when it comes to an individual consumer. Say, trying to limit how much information Amazon collects about them. Yeah, absolutely and You know, Jeff likes to use the the quote, if the product is free, you're the product and I was going to a podcast. I wanted to get this out.
There is tools and weapons with Brad Smith. I mean, I think he's got a really good podcast as a recent episode you did with Kara Swisher, who was like a journalist in kind of multiple eras of Silicon Valley, right? And she Talking a lot about that, you know, all with Facebook was coming along and other platforms trying to figure out what the business model is and how can a business model
succeed on Advertising alone? Well, it's essentially selling people's private information or using that private information to Target advertising toward that person, right? And we obviously we're seeing many examples of that business model in effect these days. Yeah, absolutely. Lee. Well, Jerry it was great catching up with you. Hope we can have you back on some point in the future and get some more updates on how things are going with the standards and the adoption and the growth of
them. Anything that you want to leave the losers with before we close out. Well, I think you guys have been talking about and all the conference's that you're attending these days and yeah it seems to be conference season in full for so I'll Chrysalis next week, as you mentioned, looking forward to connecting with some folks. Folks, there are a lot of old friends used to work with, but then taking a break for the
holidays. And then, you know, things that we could get started again next year. Cloud. Native security conference for looking forward to, as well as RSA, I guess that's an April coming up next year. Yeah, looking March, March next year and say it again, sorry gardeners and March next year. That's right. And in Texas, you know, so they finally moved out. To Vegas. So glad glad to see that he has to just looking forward to that,
too. I like me, some Vegas, but this year I had to go twice within the same month that I was like, that's way too much. Yeah I've got it pretty limited thresholds for my tolerance of Vegas these days but it's really it's great to catch up with with Folks at these events. So definitely look forward to doing that and seeing you and Jeff out there again. Yeah, we'll look forward to that as well. Thanks a lot Jerry. Thank you. Appreciate it, a gym.
Thanks for listening to the identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.