This is identity at the center. If it has anything to do with IAM, this is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you? Not so bad yourself. Oh, not so bad. It's reading an article. So how would you like me to open up a can of worms in the banter that we won't be able to solve and could take a lot longer than normal? Isn't that pretty much how we start every show?
Yeah, so Martin Coopinger released an article. Friend of the show Martin is and the article is about Siso, Cheeto, CIOCDOI don't know but you know TuneIn on that Cheeto. So anyway, he also put kind of a cool diagram. So he talked about I am and digital identity of course. So digital identity on the top, I AM on the bottom In between would be identity security. So I'm thinking identity security is more like the ITDR monitoring kind of thing.
Anyway, so the alignment of those things is digital identity is the Cheeto and the responsibility areas where enabling modern customer journeys and decentralizing identity. The Seeso had cybersecurity and therefore improving security. So I am ad libbing the ITDR piece, but kind of like modernizing, hardening identity identity systems and then the head of IAM reporting to the Seeso would have modern authentication and modernizing
IAM. So here was my beef on this, right, because it's kind of like modern authentication, modernizing IAM was almost like very almost tactical identity security with the Seaso. I'm not even sure I'd buy in on that. I do think ITDR was like is it identity or is it your sock and kind of overseeing you know threats and potential breaches etcetera. But then with this Cheetah role it was like enabling modern customer journeys and decentralized identity.
Now, I could definitely see the organizations where decentralized identity is the thing unto itself, which is not I am for your organization, managing, provisioning, managing, single sign on. Like they couldn't be more different. When you talk about somebody like a MasterCard enabling decentralized identity, I mean that's a strategy on how to enable their business for the
next generation. But then when you go to something like enabling modern customer journeys, I don't know, I think that could easily fall within the head of IM. But really it's kind of like a marketing function or whoever's responsible for that customer facing system. I mean that's the business side. The IM team seems to be the technical side enabling that. The technologies are often quite the same with IM system. So that was my.
Anyway, I think it's great that Martin threw this out there because, you know, here's what this is all about. It's like throwing ideas out there so that people can talk about them and criticize them. And you got to have like a little bit of a tough skin to do that. And I think that Martin's got that and he doesn't care if, like, people disagree. He welcomes it.
So what do you think? Well, you just talked for, let's see, 3 minutes straight and you threw out a whole bunch of stuff out of only which I remember a couple things it seems to me. Read me the description again of the Chief Identity Officer, the Cheeto. So I wasn't going to go all the way into the description 'cause I was down on, I'm looking more
at the diagram. So it was like within their blurring lines of responsibility that the cheetah would have enabling modern customer journeys, OK, and decentralized identity. OK. So that definitely strikes me as it's consumer focused, right? There's already a line being driven between enterprise identity and access management and consumer identity and access management. That's how I see that
definition. When you talk about consumer journeys now unless it's specifically said the consumer is any consumer of those journeys, which yes, of course, right, employees are people too. And I hate to say it, but sometimes contractors are people too as well. But I don't, you know, I I'm not looking at what you're looking at. I, I, I I don't know how to respond to it because they think there's so much context that gets lost without having Martin on here to explain it.
Maybe. Maybe we'll reach out to Martin and get him on for a show and talk through this. He's usually willing to do that. We've got a guest today who I I'm, I don't think we're going to be able to get through our topic without allowing him to feed on on this. So we will ask him the question, but let's wait until he's introduced and everything because we have a couple things to go through before we we introduce him. Yeah, I mean, there were some emphatic head shakes, nods,
shakes, left, right, up, down. You name it, it was there. But let's talk about Identiverse first, because really, Hey, that's what we're gonna talk about today. Identiverse. We've got Andy Waite in the wings, but we wanna get our plug out there. People use our our discount code. For those who aren't aware Identiverse 2024 is coming up. It is May 28th through the 31st. It's gonna be at the Aria again, the resort and Casino in Las Vegas, which is a very cool
location. Definitely support any conference that's gonna be in Las Vegas. We've got a discount code for all of our wonderful listeners out there around the world. If you use the code IDV 2 four dash IDAC 25 just rolls right off the tongue, you get 25% off of your registration and that does stack with any earlier bird discounts. So if you want to get the maximum savings right there, the sooner you register the better. We'll have link in our show notes.
You can go to idoniverse.com and find more information there. But in our show notes, we'll have a link and the conference code again there so that people can take advantage of that and hopefully enjoy the conference. I know Jim and I, you're going to be there. We've got things planned and let's see anything else before we get to Andy. My jacket arrived for the identity show, so I'll be easy to spot. No matter where I am on the show floor, people will be able to find me.
I'm going to not announce what it's going to look like yet, though. Does they have an identity at the center logo on it? Definitely not. OK, so that's idea for a next jacket in the future. It's like like a fighter jacket, right? When you come out of it, you know, come out to the ring, you know the the boxers and and stuff like that. They have like a jacket. A robe? Yeah. Oh yeah, that's a good idea. OK, well, let's get to Identiverse 2024. Very excited to have Andy Hindel back with us.
He's the conference chair for Identiverse, friend of the program. Welcome back, Andy. I am utterly delighted to be here, although rather like you, I've now got a list of about 27 things that I want to say and get to. And I'm like, you know, starting with a robe. I think. I think robes are the way forward. I'm also curious about the discount code. I'm thinking forward to next year and I'm thinking do I have to go to marketing and see if we can create a 26% code?
Because it's 2425 this year, right? So does next year have to be IDV 25, Dash IDAK 26? I'm like, I don't know. 263040 Hey, at some point you're going to ride a runway here. So you probably want to think about scaling. You know that to some degree. We're very look we we've we've partnered with Idaverse in the past and it's always been a great experience for us and we're happy that we're able to kind of extend that out for our listeners and hopefully people take advantage of it, right.
And there's lots of discount codes out there, but it's a great way to kind of support us on the podcast. Andy, you were shaking your head left, right, up and down when Jim was talking about the the things that that Martin Cooperner had put out there around Chief Identity and CISO and the role of identity security.
What do you want to start with, 'cause we're going to talk about identivers, but I want you to get it off your chest and just let's get let's get into it. That's very kind of you. So like it's it's really interesting because we actually had pretty much exactly this conversation a year ago Adelaide universe on the Mainstage, right.
So we had Ian Glazer and Doctor Heather Hinton and a couple of other folks join us up on the Mainstage to talk about is there a role for a Chief Identity Officer and if so, what does it look like and are we ready for it. So I'm delighted that that conversation is happening on a broader scale and I'm equally delighted that Martin is, is, you know, putting his thoughts forward. And there's a lot that I agree with, right.
I think the thing I was shaking my head about most was the identity security thing in the middle. So I think we tend to think of this more often than not as how do I use identity constructs to protect, to provide cybersecurity, right. And absolutely that's important. I think you know that that's where things like identity threat, textual response come in. Ian's talked about this at some length too.
I think there's the other side of this, which is how do we protect our identity systems and our identity data. And some of that is by using these identity constructs, but some of it is not. And so I think there's a missing piece in the middle there which is the, the flip side of that of
that you know, discussion. The other thing is I think it's worth bearing in mind that from so outside of North America, you look at what's happening in Europe politically in terms of the advent of digital wallets and citizen level digital identity and those kinds of things. That changes a little bit or at least it influences the way that that you talk about these things that you have these
conversations, right. The reality is that I think consumer level use of digital identity is probably going to be a little bit ahead in in Europe than it might be in other parts of the world with a possible exception of Australia And the Nordics have been there for some time, right?
Not necessarily with decentralized wallets and all the rest of it, but they've had citizen level, you know, with high, high levels of engagement of of you know kind of digital identity constructs for a long time.
So what's interesting is again we tend to think of this from a consumer perspective, but actually the workforce use cases and especially in large you know, global enterprises that have transient or high percentage contractor workforces, there are some really, really oh and in the
regulated industries, right. There are some really interesting use cases around things like proving right to work, proving you know, certain professional qualifications within the regulated industries, demonstrating that you have, you know, the right kind of compliance that you've done the right, you know all of those things, those are all workforce use cases and they are equally important, just maybe not as exciting as some of the consumer oriented use cases, but what my
guess is we're going to get to the workforce stuff first versus the consumer stuff. So here's my problem with with this and I feel a little bit like George Casino's Danza. I got a lot of problems with you people. So here's the first one is I feel like we are limiting the role of a chief I, you know, digital identity officer artificially to just this is a consumer facing thing only.
And I don't know if that's the intent or maybe that's just kind of what I'm what I'm thinking or reading through this. I have not read through through Martin's article. And I was only going off of, you know, 3 minutes of Jim saying it to me while I'm trying to pay attention. But I don't, I don't necessarily agree that that's a limit that should be in place at least artificially.
Maybe that's the right, you know the right way to split it out for an organization that yes, they have a huge B to C component, What if they have a big B to B component, partners, dealers, agents, right, things like that. I could certainly see an identity officer for that.
I think you would have to be relatively massive as an organization if there was a Chief Identity Officer for an enterprise, meaning you know your traditional sort of we have these employees and we have a handful of contractors or consultants and things like that. But you could certainly make a case if you're you know mature enough along that scale where yeah, we do want to have a better experience for our identity, you know internally
for our stuff. But that's just kind of like my gut reaction to it. I mean again you know we're we're kind of just shooting at the hip here without having gone into much detail with it. But I I'm not, I'm a fan of the role. I think anything that gives identity a a better seat at the table or even a seat at the table is a great thing. Representation is awesome.
What I don't like to see are limits on where and what that person is responsible for from an identity perspective, because I don't think we've even agreed as a industry, what the heck does digital identity mean versus identity and access management, right. We did that episode a long time ago. We got, we got 10 different answers then we've asked a few times since then. We've gotten different answers every time we ask it. And I think context matters in this case.
Jim, you started this hullabaloo. What are your thoughts, having heard Andy and I talk now? I think Martin's got it right that the Cheeto would focus more on emerging technology that's outward facing. So I I think I don't think it's all thing customers, the Cheeto, all things internal as the SISO or the head of IEMI think that's too simplistic. I, you know, enabling customer journeys doesn't seem to me like it's like groundbreaking stuff.
I do think where a Cheeto makes sense is like hey we see identity as something that's going to enable our business. I use the example MasterCard, yes, that's where you need somebody who and do I think that person should be responsible for Active Directory Single sign on Like no, that's just a a task that they would need to do like they're they've got to stay focused on growing their business using digital identity. So I guess that's that's where I I think he's got it right.
But where I think he's got it wrong is like enabling customer journeys seems almost too tactical as well and and it's enabling tells me it's like oh somebody kind of comes up with the new customer journey. Now I've got to make the software do that. That seems very tactical. All right. I I I think we're on the same page, at least close enough. Andy, what do you think are are are we all talking the same thing? We. We shockingly, we have consensus, yes. Who could have predicted it?
No, I think, I, I think you're on to something actually there Jim. And I, I was thinking in the background that I think this is about to some extent getting identity out of the role that very traditionally it's been in, which is somewhat bracketed inside of the security
organization, right. And try as you might if that's where you report up to, if that's where that function reports up to, by definition it's focuses on you know, reactive security, right, protecting the business as opposed to proactively enabling the business, right. And I think that that change needs to happen not necessarily within the industry, but actually outside it.
And so for me a role like a Chief Identity Officer or at the very least saying look, you know our, our Chief Digital Officer, we're going to make, we're going to make you know, security report, sorry, we're going to make IM report directly over there with a dotted line into security, right.
That would even that sort of shift would help because it then enables us as an industry to go out and talk about all of the wonderful customer journey things and enablement things and protection things and yeah, all of that that we already know we can do right. It's just we don't necessarily get the opportunity to to help the business understand that. You know, I think this would have been a great identiver
session. It's a good thing we're recording this so people can listen to, you know, us pontificate about this. And Jim was kind enough to drop the link to me just now. So now I'm looking at the article. When I see kind of where, where where it's going, I'll put the link in our show notes so people can check it out. It was a, it's a LinkedIn article that Martin Cooper had put out on March 12th. Who should be in charge of IAM and what's the role of the C?
So I'm looking forward to getting into a little more depth after this, but I don't want to spend the entire thing, you know, talking about this role. But I think this is probably a good teaser because they, these are the sort of conversations that actually happen at a conference. They happen and you know, at Identiverse, when you have a lot of people show up that have opinions and there's a lot of networking and just general identity shenanigans kind of
going around. Andy, you know, I guess you're the conference chair. How are things going? How's the planning for Identiverse coming along? And then I guess give us the, you know, what's the, what's the sales tactic here? Why is Identiverse better or different than other identity conferences that are out there? Yes, thanks for that. This is why we have a marketing team who are wonderful and can actually answer that question much better than I can. But yeah, look, so it's the show
is now big, right. I mean last year we were nudging up towards you know two and a half 3000 people will be above that. This year it's it's large and so that means that the planning effort is significant. So there's a degree to which we're kind of in in the last mile of marathon at this point, it's coming together really well. I'm incredibly excited about the agenda. I say this every year. Frankly, I'm always incredibly excited about the agenda.
It's always a huge privilege to be able to sit and look at all of the proposals that people put into the call for presentations and to then help you know those presenters through the process of getting their material ready together with, you know, the, the content committee that that we have. But the agenda's come together really well. It's up on the website, almost all of it is there. There's a few things that will change. So obviously people need to be alert to that.
We've got some, you know, interesting keynotes and again more details will emerge. So keep your eyes out on the on the the agenda on the website as that comes together. Lots of fun things happening around the edges, lots of wonderful sponsors and and you know vendors on the show floor and you know all of all of those identiverse things You asked the question right at the end about you know what what makes identiverse different. And I think there's there's a
couple of things. One is we try and have for for for years we've focused on making sure that we have a high quality content rich experience. I talked about the call for presentations a minute ago. For people that don't know, about 80% of our agenda is constructed through the call for presentations, right. So almost everything in the agenda comes through that route. I always stress to people that we're not an academic conference, right.
It's not like we're doing formal peer review of these things, but we do have a reasonably rigorous process with the content committee. We will review those proposals in pretty serious debt. We then try and construct an agenda that is, you know, appropriately balanced and you know the the number of of different balances that that we're trying to get are there's a lot of them, right.
So again, with the scale that we're at, we recognize that we're going to have people who've been coming to the show for years, who've been in identity for years, who want to sit around and and pontificate and kind of have the hullabaloo discussion as you described it a minute ago. But we've also got and and heartily welcome people who are brand new, just started in identity this year. Maybe they've been enrolled for three, 4-5 years. They're they're starting to get their feet.
They're starting to learn not just the the technical bits of how to do the job, but all the other stuff that goes along with with being a professional in any industry. And Identiverse is a really good place to do that. We try quite hard with the agenda to make it so that it's balanced in that sense as well as material that's appropriate for for folks to sit and pontificate.
And there's material that's appropriate for people to sit and go, OK, there's a new thing that I've learned and I can move on and and that was, you know, that was valuable. I think though around the edges of that and you guys are, you know, be better judged than me, I'm, I'm in this And so I'm, I'm invariably going to be or inevitably going to be biased. But I think it's an incredibly welcoming nurturing environment.
Right. Professionals come, even folks who've never been before, who've who've, you know been in their, in their jobs for a couple of years, they come. They find that their peers are more than happy to have conversations. And by peers, I mean folks who work in the industry just like they do, right? It can be quite daunting. I think you go and sit in a presentation, somebody who's been working on the skim protocol for the last, you know, 27 years.
Skim is not that old. I apologize to the people who've been working on Skim. Some of them may look that old, but you know that's just the nature of the protocol. You know, they've been working on this thing for years and years and years and and they know everything and it's like can I can I go and ask them a question? Like yes is the answer to that and Identiverse is very supportive of that. We actually have. We started this last year and we'll do it again this year.
We've got a a kind of mutual identiverse session right up front on the the first day, the Tuesday just before all the main content starts. We we did it experimentally last year thinking we might get about 50 people and we had 200 and they were out in the corridors and it was extremely useful and
valuable. But highly recommend if if folks are new to the show, to go to that and it'll give you a real sense of, you know, here's how I get engaged, here's how I get what I need to get out of the week. So. I'm going to definitely echo the welcoming and nurturing. And I mean that's just the
industry at large. I think for us, I feel like this is an area where you know, for all of our flaws and faults of not being able to, you know, come up with correct terminology or even common terminology or definitions. I have never met anybody in that industry that has been a jerk. I'm sure they exist, right? But I, you know, you walk up to people, introduce and have conversations, stuff like that. It is definitely a very welcoming environment.
If you're new to the space, you know, walk up to somebody, say hello if you've been in the space. Here's a challenge for everybody who's been coming to these conference for a while. Go out and find somebody who hasn't been there before, You know, make a make a new friend, you know, take someone under your wing, stuff like that.
If people come up to me at the conference, I'm happy to walk them around and give them my thoughts on things, answer questions, introduce them to other people, stuff like that. But I think that's how we grow as an industry is making those relationships and Identiverse is definitely one of the best places to do that. You've got people of like mind, you know, similar, you know, work that we're all kind of doing, whether we've been doing it for 20 years or 20 minutes.
You know, get out there and and and talk with people and introduce yourself. And if you're a veteran, get out there, talk with new people, 'cause that's the one thing I think is I see a lot of people who have been going to these things for a while and they kind of cluster together as well, which is great, right? You want to have those relationships, but you know, let's let's let's let's open arms and and and get a hug to some of the new people out there. Yeah, definitely pay it forward.
You know, I could imagine a scenario, Andy, where someone says we have this great digital identity conference, we're going to cover all the areas of IEM. But I I guess my question to you is, is this a we we understand the oxymoron and what I said right, Is this is Identiverse a digital identity conference or is it an IM conference? I think this is one of those questions that is going to run and run and run.
So if you go back to the very beginning, the very, very beginning of when Identiverse first started out and it had a different name at the time and that's 15 years ago. It will be 15 years this year. It's actually our 15th birthday. We're very excited about that. It was very focused on how do we do identity in the cloud, right. That was the question that that the conference set out to answer. The reality is that the industry has and continues to evolve
rapidly and dramatically. And I I mean in all seriousness, I think the question of of you know what is IM, what is digital identity is going to be a topic for the next few years because there is a lot of change happening. So I have my perspective somewhat inevitably the conference reflects some of that perspective, but equally you know the content committee and the Advisory Board come at this
slightly differently. So you know my perspective will be will be nuanced I guess softened perhaps by by their input. My view is that digital identity is an overarching term that incorporates all of the
different aspects of identity. Whether that is the highly technical protocol deployment level question about you know how do I get these identity bits from A to B right the way through to you know, all of the proofing, vetting, attribute, assertion, digital wallet, decentralized stuff right the way through to the edges of things like privacy and elements of security. So we'll take cybersecurity as
an example, right. And obviously the, the promoters of Identiverse Cyber Risk Alliance have lots of other cybersecurity focused initiatives. And you look at cybersecurity and there are lots and lots and lots of things in that realm that have nothing really to do with identity, right. It's the bits that do that are relevant to us. And the same is, is true of
privacy, right. So, yeah, it presents an interesting challenge for us from a conference standpoint because it's now a very, very broad set of things. And so that's why you're starting to see some events emerge that maybe sit a little earlier in the in the content life cycle that are focused in depth on particular areas.
But it's really important, I think, for us to incorporate as much of that as we can, partly because I think that we're going to see some convergence and some impact from 1 area to another. So give you an example, we talked a little bit earlier on about the role that things like wallets may start to play from a consumer standpoint and potentially from a workforce
standpoint. If we are not today starting as an industry as as a, you know, traditional IAM industry, if you will, to talk about OK, what do wallets look like? What does decentralized look like? You know, in reality, in a real deployment, how is that gonna start to impact on the way that I think about authorization or authentication or they use a life cycle, right, Because there is absolutely going to be an impact.
One of the things that we're going to talk about to some degree this year, we talked about a lot of things this year in the conference. But you know we're giving some some space in the agenda to things like the continuous access evaluation protocol right Kate or CAEP depending on how you want to pronounce it and risk And you know that whole shared signals area and Full disclosure I I have you know a a foam space in my heart shared signal.
I did some work in that area a few years ago together with folks like Andrew Nash and others. I can see at least in my head. I think there's a really interesting kind of confluence of here's a bunch of of selective disclosure information that I can provide from my wallet. Where does that feed into the continuous evaluation of my, my, you know, access control as I go along through a particular user journey, right. We aren't ready to do that yet as an industry.
But if you are in, I don't know, IGA for example today and you think you'll likely be an IGA in three or four years time, you're going to need to think about that. And so that's why for us it's really important that we touch all of those areas because I I don't know where a profession is going to end up in the next four years, right, or what you guys are going to be doing in four years.
But if you're still an identity, we it will be nice to think that we're providing, you know, some of that drip feeding early enough on that it will become useful later on. Yeah, Andy, I wanted to talk about I I know you guys have been start at as a conference starting to build some content that will be available before the conference and you have an upcoming upcoming today online seminar that by the time this episode actually drops, it will be a recorded recorded webinar
that people can go visit. We'll put a link in the show notes, but could you give us a brief overview of what's in that content? I would be delighted to thank you. Yeah. So this is, this is something that we wanted to do for a long time, right. Identiverse has always existed as a as a point in time essentially single event once a
year. We've if for those of you that have really deep history with event, you'll remember there was one year a long time ago where we did a couple of like little events at a different time of the year, but it really only lasted a very short time. And we recognize very clearly that it's not like the industry is static for a year.
So we wanted to try and do some things that still fit with the the values that ethos of Identiverse, the how we do things but that we can do at other times in the year.
So couple of things, one is that at the end of last year in in December we ran a couple of half day Identiverse branded Identiverse themed events, one in New York, one in Chicago and essentially as experiments right, Let's see if it's worth doing these if people are interested if the sponsors are interested in helping us out and and and they were I think very successful. The folks that came had a good
time, they were productive. We talked about some stuff that built on what we discussed at Ideniverse you know prime as it were earlier in the year. The other thing that we've started and so I expect we'll we'll do those hopefully later this year. Again, what we've also started
to do are some webinars. We did one, I want to say a week, maybe two weeks ago, specifically on the topic of authorisation with a tie in to the conference and to the authors and working group which which had kind of started at at the Identities Conference or at least started to come together at the conference. Tomorrow we're doing one, sorry.
Tomorrow as we record this, I should say we're doing one which essentially is a number of the members of the content committee and we're going to be talking about some of the trends that we think we saw as we were going through the call for
presentations. So one of the joys of being at the scale that we're at now is we get enough volume of proposals into the CFP that we can kind of look at those and say, well you know, isn't it interesting that out of the, you know, 500 proposals that we got my making that number up out of thin air, but out of the 500 proposals that we got, 470 of them were on wallets. Now that's clearly not an accurate description, but you get my point right.
We can start to draw some trends out of this stuff. And so we're going to have a a conversation with a a couple of members from the content committee, three or four members of the conflict committee tomorrow just to talk about what do we think we saw which of those things might we touch on late universe, which are we not going to touch on late universe?
Why? You know that that claimed of a discussion and once it's gone out, yeah, the the recording will be available up on the early anniversary website and we hope to do some more of those through the course of the year. Again, they're all experimental where we're working out you know what works and what doesn't for for for folks, but we hope that
they're useful. If if anyone does happen to go and look at them and they want to send feedback, we're obviously open to that and we'll see how they go. So Andy, I'm going to ask you a two-part question. Take these questions in whichever order you want. So I hear, you know obviously we're identity nerves, right.
So we're talking a lot about wallets ID verification, mobile IDs, age verification, all this like cutting edge stuff that digital identities, not really traditional IEM, super fascinating stuff to us, not to everybody. Some people are IEM folks. So one, I do want to hear about
those topics. In other words, I'd like you to kind of like give some more on that on those things I just touched on. But I also want to know if somebody's coming who does provisioning or does manage, you know, privilege access management or something like that, What what do they get out of the conference and like is this still the right conference for them?
And if you were them, how would you approach, you know, this traditional piece as well as, hey, there's this new stuff going on, should they dip their toe in some of that stuff? Yeah, That's a great question. So I think, I mean I feel really bad because I'm, I'm about to say what of course it's the right conference. I hope it's the right conference, right. I hope it's still the right place for that. We try very hard to make it still the right place for those things.
It's meant to be the right place for those things. And again, if we're getting that wrong, then let us know and we'll take that into consideration as we start to plan the 2025 event. It's also fair to say that for a lot of these things, they are, I guess that things come in
cycles, right? So as an example, if you go back and look at the agenda, let's say five or six years ago, we spent quite a lot of time that particular year talking about the early technical stages of decentralized identity, right? This is when it was Stillwell. Should we put identity on a blockchain or not, right. Where do we keep our those kinds of conversations? And then we frankly didn't talk about it for a while. Shared signals is the same
thing, right? We talked about it a lot for a couple of years and then it kind of went away for a bit whilst everybody sat down and worked out. OK, what does this look like in reality? And sometimes those things go away and never come back because they don't quite see the light of day. But some of them do. The same is true for some of the technologies, architectures, protocols that have been around longer. It's just that the way that that
cycle looks is different. So I'll use SAML as an example because it's one that I'm probably more familiar with than some of the others. Again, if you go back in time far enough, we spent a lot of time talking about like how does the SAML protocol work, does it work the right way? Do we need to change the way it works? Right. Then it went away for a while because everybody was busy deploying it.
Then we had a few years where people would come and talk about, hey, so I deployed it and this is what I ran into. And this is how I made it better. And these are the products that I tried and this is how I made them talk to each other. And, you know, here are some interesting edge cases that we should figure out. And then it went quiet for a while.
And then Open ID Connect came along and we had a couple of years of, well, OK, so I now have this big Federated deployment that I've built with SAML. And you want me to, you know, switch over and use Open ID And how am I going to use Open ID Connect and how am I going to get there at you, Right. This is all, what's the phrase that gets used? Meat and potatoes. Yes, this is straightforward. How do I do my job and how do I do it better kind of stuff. Privileged access management is
exactly the same, right? There are years when not much changes and then suddenly there'll be something that comes up where it's like, oh, we have to think about this a little bit differently, right? And we try our best to reflect that. It's one of the joys of running the CFP is that some of that naturally surfaces, right.
We suddenly get a slew of proposals about, you know, ITDR is a really good example, right, slew of proposals about that and it's like, OK, we we should probably make sure we cover that one, right. There's a fair amount of real
world deployment talk, right. So folks that have you know from large enterprises deployed particular protocols, technologies, architectures, products will come and describe what they did, talk about what they did and that sharing of best practice is incredibly valuable. I think if you're if you're you know kind of on the on the Pointy deployment end of things, we also have quite a lot of folks coming and talking about protocols. So again depends what's being worked on in any given year.
But as an example I mentioned Cape and Risk earlier on, there's a fair amount going on there, probably less in the SAML
space right now. Quite a lot going on in the authorization area which you probably talked about Parski is 1 and and the whole sort of Fido authentication construct that's evolved quite rapidly where you know even as as recently as last year we were still talking about the evolution of the protocol and you know this year it's very much about hey I deployed passkey this is what it looked like, right.
So yeah, I hopefully that that kind of answers the the question Jim, did I, did I miss anything in amongst all of that? No, I don't think I I really like the answer because we gave a lot of insight in terms of how the content builds in. I do think if you go there and look, everybody's going to approach these conferences, every conference differently.
You know, you might need to go there and say I want to look at all the privilege access management vendors because my company is going to buy a privilege access management solution and I've got to see what's out there. That's fine. Spend 80% of your time doing that. But my only recommendation is a personal gymnasium. Spend the other 20% investigating some of these other areas.
Open your mind a little bit you. I'm sure he's been hearing about decentralized identity and digital wallets and his age of just pop into some of the sessions and he might learn something new. But you know, I wanted to pass this to Jeff to get his input. I mean, you know between Jeff and I, we've probably hit 100 identity conferences in our lifetime. We I'm sure you've got an
opinion. Yeah, I mean the problem I always have with the conferences is that there's too many good sessions going on at the same time. And that's that's honestly the biggest hurdle for me is like, OK, there's like three things all taking place from 10:00 to 10:45 and how am I going to split my time between between that and then support friends and colleagues who may be presenting in something else, right.
For for their stuff. You know, I I think I'm a little more spur of the moment for me. Conferences have more turned into talking with other folks and trying to find new things versus stuff that I already know about, I feel like I know about because there's always something new in the space and there's plenty of stuff that I still don't understand. Getting my head around, you know, quantum and trying to understand, well, where does self Sovereign come in for an
enterprise, right? Things like that. That's what I tend to focus on is that kind of stuff is the is the newer more cutting edge. But that's only because I have the background already, the kind of I feel like we cover everything else. And hey, you and I, Jim, we're fortunate we do this podcast where we're talking about this stuff. At least once a week, if not more. And so we're getting a little,
you know, more exposure. It's almost like we do our own conference every week basically around a specific topic. So that's typically how I kind of approach it. So that's that's kind of what I'm thinking Andy. I know that it's always a struggle trying to figure out schedules and too many good sessions at once.
And you know, maybe this is a a a, an opportunity to talk about what if I can't come to the conference, Are there things that I can do after the conference maybe that I could take advantage of like videos or things like that? I know historically there's been some of that stuff out there, but what's the plan for this year? I I feel like the answer should be just just spend this year saving up so you can come to next year.
So, so yeah, I it's we've we've tried for a long time to do something that would would help people. So couple of things, one is for a long time now that pretty much since the beginning we've recorded all of the sessions that take place at the conference.
Our intention is to do that again this year likely to be audio rather than video, although we will, I expect video everything that's up on the mainstage from keynote standpoint, but all of that will be made about all of that material be made available after the event attendees you know
first. So to your point Jeff, you know if you're conflicted about what to attend at least you'd be able to go and pick that stuff up afterwards, but then it'll be made available publicly as we have done historically, at least that's the intention at this point.
The other thing, and this is a little bit, I bit this kind of wasn't in my head until I was picking up really on something that that Jim mentioned, which is because I tend to think primarily about the agenda, which is where my head is at right now. But you know, Jim made the really important point that we've obviously got, you know, this enormous show flaw, which is incredibly valuable to people. Some people just want to get a
sense of what was out there. Some have got very specific questions for vendors that maybe they use today or they're considering using. And for others it's, you know, exactly as as as you described, Jim. It's like we've got a project in this space. Let me start to get a sense of what was out there.
I think if you aren't able to attend the conference, one thing that you might consider doing is have a look and see which vendors are there and then either reach out to a colleague that happens to be attending and leverage them, right? Hey, would you mind popping along to vendor X and asking them these questions? Right.
The other thing is frankly if you're interested in a particular product or solution, I would encourage you to reach out to that vendor directly and say hey look, I saw you around anniversary, Sorry I couldn't physically be there, but I am interested because you know you've immediately got a way to start to have a a slightly higher level more engaged conversation with that particular vendor than you would otherwise. So it's worth considering as as
an approach. And the other thing I'd say is keep an eye out for some of the other you know kind of regional identiverse things and online identiverse things that we're looking to try and put together later on in the year and into next year. There may be other ways to to kind of get engaged in in in what's happening beyond just, you know, being at the main event in Vegas.
Evidently I would, I would be failing in my job today if I didn't say, look we'd love to see everybody at Vegas in Vegas but I recognize that not everybody can And so yeah, we we do our best to try and make it accessible. That the other thing I should probably say here is we've got a number of professional associations that that are involved at Ideniverse and many of them have active communities that that exist and and operate outside of the confines of of
just the event. And so it may be that if you're a member of one of those or if you're considering you know becoming member of one of those that might give you another way to get sort of tapped into some of the conversation and the learning the best practices and the the the mentoring you know loosely that we've been talking about today outside of of just attending the event. So I definitely echo everything you just said, but I especially like last year when you started
to do the local events. So I was at the one in New York City, which I thought went really well, you were there as well. So it was nice to say familiar faces, right? Stuff like that. But it was grateful to get local people kind of together, 'cause I know it's it's expensive, right, to go to these conferences and to take tight em off and kind of do that kind of stuff, but it it doesn't replace the full identiverse experience. It's such a, it's such a good conference.
I mean you you guys have done such a good job with that. I'm a big fan of it and going to it for several years now I we've so we've been talking about 47 minutes and so I want to do kind of a lightning around here so we don't go on too long. I'm going to ask you point blank questions, Andy, and you give me a lightning response on what you're. Yeah, I think this is hilarious because getting me to do anything concisely. Is like this is the challenge this? Is going to work.
I don't know how this is going to work. We'll try. We'll do our best all. Right. Well, I'm going to start with the hard one because last year you said that authentication is done. So we congratulate ourselves because we fixed authentication. Everything is hunky Dory. You know we've got password list now, and there's no more issues anymore with authentication. Do you still stand by that statement? Yes. OK, I'll I'll give you 20 seconds to expand on your OK.
I'm really glad you came to get out there. I won't hang out to drag. Yeah. So look, I I was being a little bit facetious when I said it. My, my point was that the, the, the opportunity that is presented with Passkey is huge. It's come on very rapidly and it's being deployed at scale very rapidly with demonstrable, not just technical but demonstrable business success. So is it done? No. Is it solved? Arguably it still needs to get
done, but arguably it's solved. The context for that comment was, I think, where we now need to go spend a ton of energy thinking about how to solve the problem is in authorization. But yes, I stand by the statement in that context. OK, next question. One of my favorite ones is After hours activities. I know that there's typically some things planned around and it seems like you know every
vendor and everything. Everybody else has stuff going on which I would tell you take advantage of that kind of stuff, right? I mean, those are generally some fun events and if you can make yourself available to go like to a nice dinner or go see a show or something like that, do it. What are your thoughts on how do you approach after hours activities, especially for maybe folks who haven't gone to this before or maybe haven't been in Vegas before?
What would be your words of wisdom on how they should pace themselves? Yeah. So I think pacing is exactly the right word. You're right. Take advantage of those opportunities, but pick and choose them carefully and remember that you are there for basically a week. They're long days, they're packed days, They're incredibly valuable days. But since you've gone to the effort to attend, make the most out of those days and pace
yourself through the show. Frankly, even if you're not going out at night, you're still going to want to pace yourself through the week. And, and I would add to that, recognize that the vast majority of people that are presenting are you right, They don't happen to be you personally this year maybe, but they are you. And they're putting a lot of time and effort and energy into sharing their knowledge with everyone at the event. Give them due respect, right?
If somebody's presenting at 8:30 in the morning, show up. Pay attention. Listen, please. Yeah, I think was it last year there was like the was it like a Sammy Davis tribute, Frank Sinatra type thing? That kind of started off the day? It was. It was great. I liked it. I thought it was really good. But it was like, all right, hey, we are getting started, yeah. So, yeah, I mean and and slightly more usefully perhaps, you know there's there's a number of of sort of you know
conference events that happened. So there's the welcome reception on the first night in and around the the the Expo hall which I highly encourage people to go to, will have a a similar thing happening on the second night. I can't remember what's happening on the third night if I'm honest so far through the week that I've forgotten now. But yeah, look, look for those conference events, but also you know, be alert to some of the
other opportunities that arise. Some of the professional associations we mentioned will undoubtedly be doing, you know, kind of get togethers at various times. A number of the vendors and sponsors that are represented will will have evenings as well. You know, pick and choose carefully, but but there's some really, really good opportunities to to get to know people in the slightly less sort of formal conference context. Those relationships can be very
valuable. Absolutely, Jim, what do you think? Well, I think pace yourself is a fantastic recommendation. But that doesn't mean every night get Uber Eats and go back to your room and you know get to bed early. I mean you're in Las Vegas, you only get to do it, you know, couple times a year, once a year. Maybe this is the first time and the only time you get to do it for a while. So enjoy what you've got going on.
And the thing I would add to it is, you know, Jeff, you and I always bring the Identity at the Center podcast on the road and make sure that we link up for some after hours and some opportunities to kind of mingle and meet folks that listen to the podcast. So we'll get some of that information out as the conference gets closer and of course as it gets close to the week or two before.
If you haven't heard anything, just ping either one of us on on DM, on LinkedIn and we'll just say, you know, these are the nights that we're doing something, is where we're going and we'll get you on the invitee list. Yeah, I mean that's, you know, that's what we do with these conferences. Like you know we're going to be there, we're going to be recording. Dunniverse has been great to partner with through that.
So we'll have like spots and I don't know, you know, I know we're still kind of figuring things out, Andy, but like, I guess what do you want to see out of our podcast this year? No, I was, I was, I was just exactly where I was going to go, actually, because I'm. I'm utterly delighted that you guys are going to be there again this year, Really am.
So yeah, we're still figuring out some of the details, which is another reason why people should come and then they can find out exactly where we landed with all this. But we we certainly will have a recording studio. You guys will have some space and some time in there so you so folks can come along and kind of watch you do this for real, which I think will be a lot of fun. We're also looking at some other opportunities to maybe do something on a stage somewhere at some point.
Not quite sure what that'll look like or if we can figure it out, but we're going to try. And then yeah, I suspect, you know, I'd love to see the the two of you roaming the hallways doing little spot interviews with people randomly that you can then cut into a podcast later. I think that would be a lot of fun.
And then all the people that are listening to this can come up and say, hey, I listened to that thing where you guys asked Andy a bunch of questions and said answer briefly and he didn't do that. I think that'll be funny. I'll put like a shot. Clack up like the NBA. You've got 24 seconds to get the answer, you know, or a pitch count, whatever you want to use it, right? Pitch clock, you know, that kind of thing, Andy, You spend so much time and energy putting those conference on.
What do you do to unwind at night or day or whatever it may be? I mean, you've got to take a break at some point, right? We talked about pacing. Got to do it for yourself as well, right? Yeah, this is really interesting. So, you know, when I started doing this, this is actually my 10th year coming up this year. So when I started doing it, it was kind of a you know, 50% of my time and the rest of my time I spend you know consulting in the identity space doing various
things. It's it's rapidly approaching 100% kind of time commitment effort and it's interesting because it's, it's a global thing, right. So yes, you know we're we're running in Las Vegas, but I have folks on the content committee who are out in Australia, I have folks in the content committee who are here in Europe. I have folks who are on the West Coast as well as the East Coast in the US so So yeah there's there's a lot and I love it.
I mean I it's it's an absolute privilege it really is to be able to to help to do this. I when I'm not doing this and other work things, I do a couple of things. One is that I enjoy riding a road bike that's an old fashioned bicycle with pedals, except it's a modern old fashioned bicycle because it's made of carbon and it's very sort of slippery through the air and and delightful to ride. So that keeps me out of trouble and reasonably fit and healthy.
And then and this will make both of my wonderful hosts today laugh hysterically. The other thing that I like to do is some home recording and the reason that that will make them laugh is we spent about 20 minutes before managing to record this today with me going. But I have this really nice microphone and I can't get it to work with your podcast thing and
it's it won't record. And so in the end, I'm using a very, very cheap kind of, you know, sort of conference speaker thing, which seems to be working OK. But yes, otherwise I like to dabble in home recording and I I play a couple of instruments and that kind of thing. So yeah, just for me, just for my own benefit, but it keeps me calm and happy and I cook. Those are the three things that I do. All right, So what instruments do you play? So I play the piano keyboards
reasonably competently. I dabble with guitar. I have a couple of them lurking over behind me that you can't see, but there they are. One is a gretch. It was not very expensive, but it's nice semi acoustic so I don't have to plug it in all the time. The other is a Schechter. It's years old but it plays very nicely and I am technically capable of also playing the bassoon, although I haven't picked one up for a while, but I do have one, so yes. All right.
And then what's your go to dish? You've got to impress. You've got to impress the identarati. They're coming over and they're like Andy's cooking. What are you making? So I run and hide because I know very well, but there are several foodies who are who are seriously good cooks, right? I am not at that level, but I do like cooking Asian food. I do quite a lot of stir fry, so I've got a nice kind of chicken with Kashi nuts thing that I do
which I can adapt. So I've done it with tofu as well for folks that are not inclined to eat. Meat. All right, so dinner's at Andy's house tonight. Jim, what do you do? I mean, you and I work at Identity all day long and we do podcasting, but what do you do when you want to unwind at night? So I don't drink or do drugs yet. I work from home all day and I
sit in a chair. So I try to break that habit and get out of the house, go to the gym, be around some people and move my body and get some exercise. I find that, well, not only does it take me from like getting in 400 steps in a day to like 5-6 thousand steps, it also just relieves a lot of stress. So I know when people think about, like, exercising and like, like, that doesn't sound like it would reduce my stress. It takes a while. You got to have to get over a hump.
But then eventually it's like something you look forward to. And that's the stage that I'm in. So yeah, that's what I do. It's like go to the gym and I work out after work. That sounds weird. You never go out working out. Not when we're on the road together anyway. I got to get working on. All right. I'll see you. Yeah, yeah, yeah, yeah. Well, I just said don't do Uber Eats in Vegas, but at least you get your workouts in. Yeah, I don't know. What do I do to unwind?
I do a lot of stuff. I don't know if I have like an A particular thing at this point, 'cause I'm just kind of all over the place. I actually like creating content. Some of it's work related, some of it's not. Some of it's podcast related. I'm trying to learn guitar and it's not going well. I think that is a saga that I've been documenting on and off for like the last year or so. There is one over my shoulder that Andy, I don't know if you can or can't see it.
It's a relatively cheap Yamaha electric. Good place to. Stop. Yeah, nothing too crazy, but I just, I pick it up and I get frustrated too easily. My fingers don't do the thing that they're supposed to do, and so I'm always constantly thinking about that. But I play video games and I still play World of Warcraft, and I got into Assassin's Creed Valhalla recently, so starting to get in that I don't have as much time anywhere near as much time as I wish I I did.
I could sit and play video games all day but they're nice, you know, a little break, you know, from from stuff that's that might be happening. So betting to play with the dogs. You know, dogs are the best people. I'm convinced of that. So you know they are they are basically what my my hobbies are at this point. We're at an hour. We want to start to wrap things up.
We'll have links in our show notes for Identiverse for the firestorm of a article that Jim brought up a link to our discount code for the Identiverse conference, identiverse.com IDV 24-I D AC25 get 25% off. We'll have a link to Andy's LinkedIn profile. So if you want to reach out to him and ask questions or maybe put a shot clock up for an answer on something like that, you know you can do that as well. I I I love the idea of doing sort of the the Man on the
Street interview. I know Jim has talked about us doing that behind the scenes for a while and you know, Jim, we tried that at Octane, but the audio that was put out there and I looked at it was not great. So still kind of in limbo, but I'll have my gear with me, so maybe we can kind of figure out for that. And then we'll also have the Identiverse webinar contents that Andy that we talked about earlier in the episode. So we'll have a link to that as
well. So and then of course you can reach out to Jim and myself if you've got questions, comments, concerns, ideas for future episodes and hit our website idacpodcast.com or follow us on X Twitter, whatever it's called at IDAC podcasts, Mastodon at IDAC podcast, at Infosec dot exchange. And that's it. That's all we've got. I'm done with you people. I'm. Done with you also on YouTube.
Oh, on YouTube? Yeah, well, definitely the YouTube. So I'm putting the episodes up on YouTube, trying to do the YouTube shorts things. So when you talk about what do I do to unwind, it's like all that stuff. That's something here. We do identity. It's centered, aren't it? Yeah, exactly. All right. I'm done with you people. Go have fun. Andy, You know, thank you for very much for your partnership through this process and being on the show. And I look forward to seeing you in Identiverse.
And for everyone else, we'll talk with you all in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com and find us on Twitter at IDAC Podcast. See you next time on Identity at the Center.