I wonder who's on the IAM or identity? Mount Rushmore, which means four people. First of all, I want a much bigger mountain so we can get more people on. That's a that's a really, wow, that's a tough question. That's. Called the Hall of Fame we have we can have an IAM Hall of Fame we'll have you back on another episode and. Go through the whole Hall of Fame. I think that there's there's a couple of folks on there that are that are pretty easy to identify.
Obviously Kim Cameron would be one of those because he's had such a major impact. It's like the George Washington, right? Identity from from day one, right? The the seven laws of identity sort of defined our industry. And so you know, Kim Cameron simply for what he's done and for the for the I think Victoria is another one in that Victoria Bertucci. This is identity at the center. If it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Stedman.
Welcome to the Identity at the Center podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. Great, doing great. Actually, you know, the last couple days have been really busy for me and just got a lot of project work, but it's better than Friday. And I, I can't say I had the worst day Friday, but I woke up to the blue screen of death and spent like four or five hours trying to figure it out and try to conduct business from a
mobile phone. But no longer in the kind of like the desktop support phase of my career. I guess everybody's probably figured out by now that I'm talking about that that crowd strike outage that hit not every Windows computer, but it did hit mine 8 1/2. Million is I think, the last count I saw around the world. Yeah, yeah, no doubt. I mean, that's a big number. I mean, I'm talking about there were certain organizations where 10s of thousands of computers were affected.
That's a big deal, right? So those somebody had to go around and like touch computers. And I don't think it was the kind of issue where you could remote control into computers. So you had to have like a physical presence. So I'm sure there are a lot of IT managers out there who were, you know, dealing with that and had a a really rough morning. I tried to not go on social media and like, you know, get too involved because I'm not a Windows person.
But what I do want to offer now to anybody is like, if they are thinking about the long term strategy and how something like this effects their identity program, I'd be very much open to being somebody who is a resource, you know, because I, I think about a crowd strike. I even think back to like solar
winds. And a lot of times we say, all right, well, if there's a legitimate use for an account and the account is OK, right, We also look at it and make sure that it's got the right level of privileges, etcetera. But there are certain situations where you have very powerful accounts in the environment. They have a legitimate reason to exist, but I think a very important part of risk management is knowing what your risks are.
And if you don't have kind of the inventory of risks, then it's hard to manage what you what you can't even measure. Yeah, I mean, you got crowd struck. I got crowd struck. A whole bunch of people got crowd struck. I'm not going to bash anything. I mean, think these things happen, right?
Piece of software softwares are defined by humans and mistakes that we made and it's unfortunate had a wide-ranging impact but for the most part, I think most folks hopefully are back to normal at this point about a week later or so. I'm just glad I wasn't flying on Friday. I actually flew back from South America on Thursday before this happened and that was already a challenge just for for weather
delays. I can't imagine trying to fly back on Friday, you know, after a week in in Bogota and then having to deal with airport delays and stuff like that. So I'm just happy with that. Delta is apparently still recovering. If you're, you know, kicked on the 4th wall. Today is Wednesday. What is Wednesday 24th? So we're just about almost a week from when things happened. And Delta has said that they should be back to normal tomorrow.
But it seems like they have struggled more than most for the airlines to get back up to speed. So I don't know. As long as you're people crumbling as. Long as my flight to New York City tomorrow is on time, I don't care. Yeah, I, I mean, that's, you know, and that's not just being selfish. I mean, you've sat through your fair share of delays. It's it's part of being a road
warrior. If you're going to be a road warrior, you're going to spend some nights in some airport hotels, bottom line, or airports, Yeah. And you're going to have your fair share of turbulence and all
that. But you know, specific to today's episode, what has me excited is like, and the analogy that I was thinking kind of tied to this was, you know, how in we all have our hobbies and these days, like within our hobbies, we've got all the social media and YouTube and people who aren't really celebrities per SE, they become celebrities in your world. But going back kind of like when I first got started in this industry, our guest today was already a celebrity within that industry.
So, you know, he's like one of the people that I looked up to and there's there's several people who kind of fit that bill. But I'm really excited about having him on our show now. So I think it's pretty cool. Yeah. Why don't we take care of a little bit of business and talk about our conference partnerships before we get to Alan? The first up is Identity Week. We've got Identity Week America taking place September 11th, the 12th. Jim, you and I are going to be there.
Actually had a call this morning with the team there just to make sure everything is all set and good to go. Good news, we're going to have power wherever it is we are so we can record podcasts from. I'll be hosting a panel, so that should be up on the agenda now in the first day. So things are starting together, you know, starting to come together for that. But we got a discount code for all of our listeners. And if you're not a listener and you somehow get this code, enjoy.
Ida C30 gets you 30% off of your registration. So you can use that code for both the America conference as well as the one taking place in Asia and Singapore, October 22nd, 23rd. So if you're going to either of those conferences, you can use that code. Ida C30 get 30% off. Good way to show support for the show. Does it cost you anything? Just show support that says, hey, you know, you heard you heard about the conference through the podcast here, so.
If you're not a listener and you use that code though, you owe us like 3 listens and a like on YouTube. Yeah, that would be nice. At least give a like or a subscribe or something just to just to help us out. That would be super. The other conference we have is the authenticate conference. You and I are looking for that as well. That is in October the 14th, the 16th in Carlsbad, CA on a very nice resort, the Omni Acosta or
something like that. Anyway, it's nice golf, California weather, October generally pretty much perfect. So looking forward to that. We've got a discount code for that one as well, ID AC15. That gets you 15% off of your registration. So you and I are going to be there. We're going to be doing something, not sure you're what yet, but doing our normal, probably conference podcast things and maybe even something on stage. We'll see.
Still working that one out, but that's going to be a lot of fun. Anything else, Jim, before we get things going here today? No, I'm thinking that's going to be a good, a good question for our guest today is around conferences because I think he's done his fair share of conferences so. Well, the last time we talked to him, we were at a conference. We were at Identiver. So why don't we go ahead and get to it? He's part of the executive team for the Digital Identity Advancement Foundation.
DIF Emeritus board member for ID Pro, which you and I are both members of, one of the founders of Forge Rock. Now he's enjoying this retiree life, which is awesome. Welcome back to the show, Alan Foster. Thank you. Thank you very much. You. You make me almost jealous for what I'm actually. Living well, thanks for carving out some time for us. I, you know, I think this is an opportunity for us to kind of maybe I, I, you know, we were kind of talking. It's like, what are we, what are
we going to call the show? Like, what is the theme for this? It's we're kind of thinking it's like, well, it's like a walk down identity lane, the Alan Foster version or something like that. But I'm sure it will name itself as they go along. But let's not get too far because you've been in the space for a long time. You know, Jim alluded to it. Tell us about your identity journey. How did you get into the world of identity management? Is it something that you chose or did it choose you?
It pretty much chose me, right? So I mean, to give you the, the quick rundown of where I came into it, late 80s, early 90s, I was the prototypical software engineer feed pizza under the door, writing code, right? I was working, I was working a lot with Apple at the time and my world was back end of the compilers, low level machine debuggers. I mean, I was right down there next to the chip.
The, the I ultimately at Apple got involved in training because I found I was lucky enough to have both a good solid, deep technical understanding of what we were doing as well as had a way of being able to explain that to people and, and draw diagrams on a white board and things like that. So I got involved doing a fair bit of training and then sort of we Fast forward, I did some stuff with Apple and next and
various things like that. But we Fast forward a few years to about 95, and this little upstart company called Netscape ended up giving me a call and said, you used to do some training for Apple, we've got some training work to do. Would you be interested in coming to see us?
And I went to see them, and it turned out that most of the people that I'd worked with in the training group at Apple were now at Netscape. And so for those of us who remember the good old Netscape browser, there was actually more to Netscape than just the browser, right? There were actually three parts to it. The one was the browser. The one was netscape.net, to which everybody had an e-mail address. It was the portal. And the third part was this
server products. And they had this little product called LDAP. It was the Netscape Directory Server. And Needless to say over the next few years, my story was use the Netscape directory server. It's going to solve all of our identity problems from this point forward. Well, Fast forward 30 years, we're still sort of trying to say that. So I, I was with Netscape working in their servers, net,
the e-commerce products. And then we Fast forward again into about 2000 when there was this really strange acquisition where Sun Microsystems and AOL both kind of bought part of Netscape and and consumed it. I followed the Sun path on that because Sun basically wanted to get to all of the server products. Netscape had the directory server, they had mail server, lot of things like that they
also had. And as we started moving into Sun, they were starting to work on products like what was originally called the Identity server and the portal server. These were for, you know, companies to build these products. And that's where I got involved. So I spent the next 10 years in the Sun ecosystem working with Identity, which eventually became access manager.
Fast forward again, we have another really strange acquisition at the end of the, the, the about 2009 when Oracle and Sun had a little steel cage match and Sun didn't work out as well. And so right at that point is when a few of us at, I think it was a bar in London. We're talking about what's going to happen to the open source identity stuff that Sun has. Oracle wasn't known for being a major proponent of open source stuff. And they had sort of said they had their stack, they didn't
want anything. And that was the beginning of Fortruck. And so we founded Forge Rock with sort of this idea that we could take the Sun products and continue those on since we've been working on them for 10 years, right And there. So that little band of merry men in a pub ended up founding Forge Rock. Fast forward again, we end up into 2021, we went public on the New York Stock Exchange, which was a wonderful journey and a, and a, and a very interesting journey.
The, the entire process. I'm sure we'll talk about it a little later. And so at the end of 21, I sort of realized that my part of that journey was, was done and it's time to do other things. And so I retired from Fort Rocket at the end of 21 December 31st in 21. So that's the the sort of quick rundown of of the time that I've been through, all of which were really interesting times. Only a couple notable things happened during that time.
Just a handful of things. I'm curious what you mentioned you were kind of on the software side and then all of a sudden, maybe not even a solid, maybe it was a gradual shift, but that that move from software to identity, was that a conscious shift? Was it something that just kind of occurred naturally or like did you realize you were an identity all of a sudden and wake up?
I was like, oh, I've been, I've been doing this longer than I thought I have or was like, yes, I I want to move into this space. It, it mainly I woke up and discovered I was there, right? I mean, it, it was sort of a, a general movement if you think about it back in the mid 90s, we were still talking about Jeff Bezos being a guy who was in his garage selling books on the Internet, right? That that's sort of what Amazon was.
And so we were really trying to find out what the Internet was capable of, what we were doing with it and things like that, and began to realize that the firewall was no longer going to be the thing which protects our network. And that was sort of the beginning of the point of saying, OK, people are coming in from outside from, you know, the we're connecting things up. And so having some way of knowing who's who became a really interesting technical problem. And so that was sort of the
space. It was actually because, and I, and I keep saying this throughout the entire time I've been an identity, identity in itself is not particularly interesting. It's only interesting because of what it enables, right? The, the, the fact is nobody goes to work saying today I'm going to log in, you know, that that's, that's not a thing, but we have to do that because it enables everything else. And so I got involved and it was about, well, how do we distribute data with the portal?
How do we manage messages? How do we provide access control to calendars, right? It was that kind of stuff. And every time I turned around identity or being able to determine who we were dealing with became the problem Dujour. And and that's sort of how I got into it was really a case of how do we enable all these other things to happen, if that makes sense. Alan, you, you've, I always knew
you from Forge Rock, right? I got involved with Forge Rock in the pretty early days, as well as like a system integrate on the system integrator side. But you've also kind of always been involved with a lot of the industry groups like Liberty Alliance, Kentara. Now you're heavily involved with the Digital Identity Advancement Foundation. Is it DIAF or DIAF? And either one works. DIAF is probably easier to say. Yeah. OK. So DIAF.
So can you tell us a little bit about DIAF, like what's the mission and how are you guys going about it? So the Dayaf that that's actually one that's that's near and dear to my heart that Ian Glaser and Aaron and myself are
are working on that. It came about two or three years ago when Kim Cameron, who is a legend in in the identity space, when he passed away, the Open ID Foundation started an award basically to memorialize him, but also to try and encourage new people to get involved in the industry that all of us have spent a lot of time working in, which they did. And so the first year they actually ran the Kim Cameron Award and almost from day one, they realized that this was not
specifically within their remit. This was not what, what they were doing, You know, they, they were standards body and they work on standards and, and managing that award. It, it seemed like a good incubator, but wasn't really a
place. And so after about a year, the Open ID Foundation came to Ian and myself and, and said, would you guys be interested in putting an organization specifically to manage these awards and fostering new people, enabling people who otherwise wouldn't be able to come to the conferences or these events? And, and, you know, building on, as I think one of Ian's talks, building onto the shoulders of
giants. And so we started off with the Kim Cameron Award. And then for the, the, I'm sure many people remember it was last year when we lost Victoria Bertucci. And that seemed like a, another person who was passionate about enabling people, teaching people, bringing new people in. And it seemed to just fit in onto the mission. And so the, the mission, although Dayaf has started off as, as sort of honoring these people, the goal is sort of bigger than that.
The goal is how do we enable people who are starting off in their careers, people to come into what we are doing, to Start learning about digital identity and carrying on all of the work that we have to do. And that's sort of really why we founded it and put the focus specifically on that. And we did a show with with you guys back around Idaniverse time where we had winners of an award to be able to come and. Attend the Kim Cameron Award. Yeah, the.
Kim Cameron Award So I would definitely, you know, point people back. You can go back and listen to that episode. It was a lot of fun. It was, I think I think that was our biggest show ever, meaning most amount of people on at once. So definitely a lively conversation. We had some, you know, some great folks who are new to identity. Really sharing their perspective on it. I want to we have like, I feel
like there's so much to cover. So I want to keep things moving because I want to ask about Fordrock. I guess take us through the history of Fordrock because it sounds like all great ideas. It was born in a pub over what I'm assuming were a few a few pints of how. This would work. Take us through Take us through Fordrock. So the, the, the team that sort of started up Fordrock had known each other for a few years
before that. We'd all been involved in one form or another within the Sun consulting work, right? We'd, we'd all been working on the products. And so, as I said, when when Oracle bought Sun, we decided to put that together initially with the idea of saying, well, can we start a company that lets us keep doing what we're enjoying doing and, you know, pay the bills for the next few years?
The, the, the trajectory that it went on was sort of the stuff that fairy tales are made of it. It wasn't the plan, right? The plan was just to build a company that we would enjoy working at. And so we officially started it on February 1st. Interesting story on this January 31st of 2010 was the day that Sun was delisted off of the New York Stock Exchange. It's the day that Java died. And so February 1st at 12 O1 is when we officially established 4 truck. That was the the transition time
for us to do that. And so starting off we had about 15 people. There were, there was five or six of us originally, which very quickly led to, you know, the, the, the small group of us who were involved and about 15 folks. And we started working on the Sun access Manager, which at that point was open source.
We were very lucky on that in as much as that the Sun engineering team had done all of the work necessary to get up to a release and were weeks away, possibly even days away from making a release. I believe. I'm probably wrong on this, but I believe it was AM 9 at the time. And so we were lucky enough to be able to take the open source repository, package it and release the the update. And we've been working on that and going in through with that and supporting the folks who had
bought into it right there. There was a lot of Sun customers at the time and working with them. And so you know, a lot of hard work from a lot of people ended up taking us to about 2012 when we decided to take our first round of funding. Everything up until that we had sort of done ourselves. We took our first round of
funding. We then I believe it was 2012, it may have been early 2013 is when John Fernandez who was our Chief Financial Officer came in. And I very clearly remember him at A at a company meeting where he said to us, I strongly believe that if you behave like a public company pretty soon you
are one. And that was the the journey he basically would say throughout the entire time and took us up 2014 or so, a small group of us, myself, Joni Brennan from the DIAC, Ian Grazer from Salesforce and one or two other folks that were, were part of that actually came up with sort of looking at consumer identity. It wasn't a thing at that point, right? All identity was workforce. And so we started bringing up consumer identity. It caught on and we were able to sort of step into that space
quite well from a company. By then, I'm guessing we were probably at, at maybe, I don't know, a hundred, 125 people. I founded the, the, the development office in Portland, OR we had one in Bristol. We moved on through all of that and we then started doing all of the things that happened when a company grows, right. We, we got a new CEO in the Lasso, who was our founding CEO moved into the CTO role.
The, the, when we started it, we were actually focused largely on European business and they were two of us in the US, John and myself were we were being opportunistic about U.S. business. By the time we got to 2014, we were very strongly entrenched in the US and the CEO at the time came to me and they said we'd like to expand into Asia. How would you like to move to Singapore for a while?
And so I up and moved to Singapore and helped establish the Singapore region and our offices down in Sydney and Singapore and then came back in it, it, it wasn't an immediate comeback into COVID, but about five years later, we hit COVID and, and it just, you know, we were in the right place at the right time and, and working with a lot of these things. And so that's sort of the past that it came to from a personal
perspective. I did definitely realize that the bigger the company gets, the less interested I am in really being wanting to work the even though I love the people, I love the culture, I loved everything we did about it. I realized that I was much more suited for a small start up rather than, you know, a big company. And, and I think that happens when when you're at a company that grows like that, you get to a point where you say, I'm glad of the success, but it's not where I want to be.
There's a policy for everything. Oh. Oh, yes, yes. You know, you, you say there's a policy. Our very first policy when we were sitting around the dining room table was we have a no policy policy. And so the, the policy that we had was do the right thing. And then slowly watching over the years as we started getting a travel policy and expense policy, a this policy and a that policy, yeah.
Yeah, Yeah, I've been as a start of companies where you kind of go through that and I was, I was actually the question that I was going to ask you about. I also wanted to just state like I, I guess I discovered open AM pretty far into the journey of the way you tell it, which was that a large university they're running open AM and they were asking me, should we get support from Fordrock. I'm like, I didn't know about open AM before and I don't I've never heard of Fordrock.
So I started to do some research and I was like, wow, this is the best thing since sliced bread because I had been working with like Oracle access manager and CA site minder for, you know, a good part of my career. And they probably would argue that, you know, they, they invented customer identity and access management. But you guys shifted that whole
landscape so much. And people who weren't there at the time don't realize that how much of the shift it was in the access management space, just the introduction of of Forge Rock into that competition between Oracle CA and IBM. Yeah, I mean, it was fascinating to watch and you know, although I'd love to take the credit for it, it it, it was a, it was a perfect storm of things coming together.
The, the, the reality about it is prior to about 2013, if you were a public facing application, you were a web page and you had a My Sequel database behind you and you had a username and password. And that was sort of it, right? The thing which really changed in about 2013 was the idea that you were logging in and there were multiple systems behind that login page that not only staff, but customers we're now
accessing. And then this sort of other piece that came in on the side was the API economy, right? AP is brought in. This whole thing that said, not only are we just providing a web page on to something, submitting a form, we're giving people access to our AP is and we got the mobile phone thing coming up, right?
The smartphones. You know, let's face it, it wasn't that long ago you were talking in, in the introduction about Delta Airlines. It wasn't that long ago that the only way to get a seat assignment was to phone and speak to someone. And this was 20/10/2020 O 8, right? That you phoned and spoke to someone. Now, while you're sitting at the gate, you can sit on your phone and you can change seats to find one with no one sitting next to you or something like that.
That could do it in the sky, sitting in sitting in the airplane. I've never tried, I've never tried that. I, I, I think there's always a Monty Python sketch about that, right? Everybody moving around the plane. But yeah, right. You've got immediate access and I think that really highlighted the the deficiencies that we had in customer identity and customers didn't have access. Customers lined up behind the big wooden desk. You know that that's, that's how customers were.
So there was that big shift in that which I think enabled a lot of the consumer technology and the the consumer adoption that that drove into that and we were lucky enough to be in the right place at the right time. So here's a little fun fact for folks. A lot of people ask Jim How I Met Jim, and we kind of met each other. And I think I've told the story. It's like, you know, the first thing Jim ever said to me was do you like baseball?
And I said no, not really. And then he just kind of walked away from me. So, so hey, guy. Well, nice to meet you, Jim. But that's not the first time that I was actually introduced to Jim. It was a YouTube video that Jim did. I think it was open DJ or open AM. It was a four draw. It was a time machine, I think is what was called Jim. Jim, you can explain better than
I can. But you had done a a video of it and I was doing research as I interviewed, was about to interview with this company called Identity, which is eventually where Jim and I met. And that was actually my first exposure to both Forge Rock and to Jim McDonald. So there was a tie. Out there, the stuff is still out there. It was, you know, recorded 10
years ago. So if you go to the Identity YouTube channel, of course this is when you're out there watching Identity of the Center and you need a break because you've watched so many episodes in a row. You go out and search up Identity and there's a ton of four DRAC videos out there. So we had a great team, really did and a. Lot of a lot of the folks who were doing that really enjoyed doing it, right? They were doing it not because it was their job.
They were doing it not because they were trying to sell product. They were doing because they just want to tell people how cool this was. It was cool, it was fun. And what I thought was so cool about it was you could go in there and take a problem and it was a new problem that required a, a novel solution. And then you could take the, the four draw components and put them together and solve that problem.
I, I think very much today we're at, we're in that mode where it's like, OK, what's the best practice or what's the leading practice? We'll just do that and it takes some of the excitement out for me because it's like, that's my creative juices. My creative drive is to take a problem and draw it out on the whiteboard and figure out a solution, and that's what I love so much. I think about working with Forge Rock was that it kind of gave that opportunity. You mentioned Joni Brennan a
couple of times. We've had her on the podcast recently, actually. Big Thinker talked about DIAC talked about Liberty Alliance. I didn't realize that we should have hit her up about Kantara. So maybe you can give us a couple minutes on the the mission of Kantara and kind of what your role was in that organization? Wow, that takes us back a little ways. So the yes, Joni, Joni and I go back a long way.
In order to tell that story, we actually have to talk a little bit about Liberty Alliance, right. So the Liberty Alliance was back in about let's say 2005 and a few years after that big industry wide, there were 160 companies ultimately that were working in Liberty Alliance partially in response to and it's they came out at the same
time. So I'm not going to say it was in response to, but early on in the 2000s, Microsoft came out with a technology called Passport and it was essentially single sign on to all everything you, you, you had. And the, the response from the industry was to look at that and said, you know, I'm not giving up my login experience. I'm not giving up my identification of customers to Microsoft. That's, you know, I'm, I want to
keep that. And so they founded Liberty Alliance. Son was one of those members. There was a lot of them. I think the Liberty Alliance pages might still be up there. But the net result of all of that was the creation of the Samil 2 standard, actually the Samil one and the Samil 2 standard. And the standards were eventually given to Oasis as a standard body and that's where the standards were brought out.
And Liberty Alliance basically, I, I made it maybe in 2008, it may have been early 2009, the dates are getting a little hazy back there. But the Liberty Alliance basically said, OK, our work here is done. And so they had defined the SAML federation protocols which are showing their long teeth now because it was all XML based, but they defined the protocols and Cantara was actually came out sort of as a result of that as a place to do some standard
verifications. It's a sort of the bridge to the future and the, the Joni ended up so, so Joni was the, I think the second executive director of Cantara. Once we had founded Forge Rock, I had been involved with the Liberty Alliance during the Sundays and then when we founded Forge Rock, I carried on being involved with Canterra. I became president of Canterra, I think in 2011, and Joni was
the executive director. So she and I worked very closely inside of Cantera. And one of the things that we were working heavily on at that point was not only trying to get conformance certification on the actual implementations, but also trying to do conformance certifications on federations. And you know, if you're going to be a relying party, are you doing the right thing with information etcetera and and you know, personal identifying information in the privacy
aspect. And so Kentaro was driving around an auditing process around giving that certification, which was really interesting at the time because the federal government was sort of requiring because they, they bought all in on SAML. And so the federal government
was doing that. So Joni and I worked at or worked, I'm not sure we ever really worked, but Joni and I were heavily involved with with Kentara until eventually she left and is now at the Digital Identity Council of Canada, Digital, Digital Identity and Authentication Council of Canada. And I ended up backing away, resigning from the presidency at about 2018-2019. Just at that point, I was not able to put the time into it.
But we'd spent a lot of time in with Kentara and building that up and building up those conformance things. And they continue to do that to this day and are working very heavily in, in helping people the the conformance around, as you say, best practices around identity best practices and preserving information and privacy, things like that. Yeah, and that I mean, all that's so important, especially the the best practices. And because I think people are
searching for that. They don't know how to do something. They they want someone to tell them this is the right way to do it. But I think, you know, we can't underestimate Samuel. I mean, to me, that's just like such a landmark within the
timeline of identity. It's like we can almost talk about it. Like you can talk about the world like pre 911, post 9/11, pre COVID, post COVID, you talk about the identity world, pre SAML, post SAML, it was like, and I, I know it was a longer time that until everybody adopted SAML, but there was a period of time where it was like you had to use like web agents or proxy servers and things like that to do web access management. Then this new standard comes out SAML.
That's also around the same time that you saw a mass migration from fat applications to web applications. And Samuel just became, people just said, yes, I will do Samuel, I will reengineer my application, will do Samuel. And of course, there were hangers on, but I mean, it was pretty much like it revolutionized the industry, I'd say. It did.
I think the, the thing that Samuel really recognized and the thing that was able to be leveraged with the fact that it was actually a trust framework and it was about codifying how do you trust two different entities in play. And so it gave us the capability. I mean, one of the single biggest SAML networks and the SAML federations in use today is still the universities. The universities have, I don't know how many it is. It's, it's hundreds of different entities within their SAML
federation. And it's the idea that. In controversy into the Federation. Edu. Edu. Is it Edu? Causes the organization, then they have in common. There's a few of them in that picture and the very fact that you can have a university in Bristol in the UK and the university in San Francisco being able to recognize the authentication of their appropriate, their individual students is mind numbing, right. And when when you consider that they are running completely
different systems. And so the, the fact that it enabled us to transfer trust across organizations and at least trust part of what they were doing, even if it was just the authentication, right? You're right, I think it is. It was definitely one of those waterfall moments. Do you agree with that? SAML is the the biggest thing since sliced bread in the identity space?
Is there something else that you think competes with that as far as, I don't know, the biggest impact that you've seen in the IM industry over your career? I would I would agree that probably I don't know if there's any one thing that's as big, but you know, LDAP is obviously one because it it's gone on for the 20 years and a lot of things have been built on it. But SAML or the idea of federation between peers with a trust framework between them and SAML, that's what really what
SAML was all about. I think that fundamentally changed identity from being silos into being a network. And, and it probably was one of the biggest thing that came into us. And the other one that I would sort of put into that is the the emergence of consumer identity from the perspective that it wasn't just something that protected workers or your employees, but but it was a way that you interacted with your customers and that that was a
fundamental shift in change. But yeah, I would definitely put Samuel as to one of those really, really important milestones. Yeah. You know, you just bringing that up kind of gets me thinking about the whole idea of identity providers is like Facebook and Google. And I do think there's a large number of organizations that still trend towards that. But then there's the idea of like, we need to know who our
customers are. So I think it for the convenience of authentication it's needed, but there still needs to be information that the identity really. And it's just like the the big story about identity access management. It's like people who were early on would talk about the importance of the identity, which really comes back to who's the human being who's interacting with us and having that information.
That's the asset and. So I, I think it's, it's different for different use cases, right? A bank definitely needs to know who you are. Amazon simply needs to know that you've got a valid credit card and maybe a valid ship to address, you know, so, so different things, different places have different needs for how much they need to know or how little they need to know.
And yeah, I think that that whole trust framework thing brings out into it. So I'm curious if there is an upcoming area of identity that you think is underrated, Like what's something that we should be paying attention to more that we just aren't as an industry? Right now, well, there's so many things that we're looking at, right?
I think for me, the single overriding term would probably be privacy, but privacy specifically from the perspective that how do I trust the people that have the attributes about me? Yeah. And this is really what decentralized identity is, is sort of trying to address, but that's the reality. I had what was. Was blockchain absolutely right?
Well, whether it's blockchain or decentralized or something, something like that, The, the challenge that you come in with, right, is that for, for, for 2000 years, we've known that information is power. And, you know, more information probably means more power. And so the more that you know about someone, the more you can either mess around with them or compromise them or whatever the case may be.
And so the question that comes up to me is how do we know that the people who have access to that information are going to continue to wear white hats? And how do we stop black hats from being able to use that information in ways we don't want them to be able to use, right? And, and we've seen examples right in, in, I mean, even we, we take the, the, no matter how you look at the, the Ukrainian
war, right? We've now got a situation where you've got a hostile political issue, a hostile military issue between 2 powers. The invading force knows if they get to your tax records, they know where all the money is. If they get to, you know, the, the, let's call it the social records, you know, births and deaths and things. They've got a whole lot of information about the people in your country that, that they can now leverage. And so how do we try and protect?
Yeah. And, and this goes back, I think to to my very early software engineering days, right? It's, it's a case of when you testing software you never tested, it works, right? You test for all of the ways that it can go wrong. And so as we start looking at things like privacy, how do we protect when things go wrong?
Right? The, the, the, and, and a perfect case came up for this about three years ago in Australia. I don't know if you remember it, but Australia was having the, the national census. It was an online census. Everybody was, you know, doing the normal census. And some genius came up with the idea that says we could use census information in order to
track down deadbeat dads. Right Now, I'm not going to express an opinion one way or another about there'd be dads, but that's not a good way to get high participation in your senses if you're going to say, oh, and we're going to use it to beat you over the head, right? And that was a very innocuous thing. It wasn't malevolent in any way. It was simply, Oh, well, with this information, we can do
that. I think that's something that, yes, people are aware of it, but I don't think we've had any really good ways to address it, You know, and, and every single one of us will, will pick up the phone and, and talk to a vendor and we'll give them our credit card number and the little secret code and the date and everything they need on it for, for where's it going? What's what's happening to that? Right? I think that's probably one that
I that keeps me awake at night. What do you think is something that's overrated, that we are talking too much about what's being shoved down by our, you know, down our throats by the industry that is? I don't agree with that one. The, the, the thing for me is it's so easy, and this is probably not what you wanted to go with, but it's so easy to blame identity problems on the stupidity of the end user. And it's not, it's our job, it's the identity industry to make it
so that it just works, right? You know, and I, and I compare this to like, say the automobile industry, right? They've made it to the point now where if you even try and open the hood of your car, somebody from the dealership comes and slaps your hand, right? And, and it, it, it just works. And, you know, invariably when we come in conferences and things people are talking about, well, we need to educate the end
users to use better passwords. No, we've got to come up with a technology that they don't need to worry about that, right? Which should just work. And so that's sort of the the thing for me, it's that that education and to make our users more aware of the problems, that's our job. And we should know what the problems are. And we should come up with, as Jim was talking about earlier, in terms of these are the problems that we have to fix. Let's make those problems just go away.
I don't know if that's quite where you want to go, but that's my little hobby horse. It's it's, it's the hill I'm standing on. So Alan, I've really been looking forward to asking you this next question because I've been thinking about this question for a long time. Kind of a a baseball nut, as Jeff told you earlier. And the one question is always like, who's on the baseball? Mount Rushmore? Like Babe Ruth and Jackie Robinson, but who else? I wonder who's on the IAM or
identity? Mount Rushmore, which means four people. First of all, I want a much bigger mountain so we can get more people on. That's it. That's a really, wow, that's a tough question. That's. Called the Hall of Fame we have one we can have an IAM Hall of Fame. We'll have you back on another episode and. Go through the whole Hall of Fame. I think that there's there's a couple of folks on there that are that are pretty easy to
identify. Obviously Kim Cameron would be one of those because he's had such a major impact. Like the George Washington right? Identity from, from day one, right? The, the seven laws of identity sort of defined our industry.
And so, you know, Kim Cameron simply for what he's done and for the, for the, I think Victoria is another one in that Victoria Bertucci who is, is, has been, you know, talking around authorization or to and really trying to educate developers as to there's better ways to do this, right? He was passionate about that. As I think about the Mount Rushmore thing, the, the, the part for me is that I'm sort of standing back and I'm saying, OK, what qualifies someone to be
up there? And the first thing is that for me, if, if that's their job, it sort of minimizes it a little bit for me, right. If, if they're doing it, because this is, I mean, they may be very good at being a leader and a speaker and a, and a organizer, whatever it might be. But if that's what they are paid to do, does that qualify them? Yes, it, it puts them on the list.
I'm not sure that fully makes them, but there's, there's a there's a few people that I think are sort of thank they, they, they work behind the scenes. One of the people that I would go on that is Don Tebow, but I'm not even sure that many people on the call even recognize the name. But Don Tebow was the president and executive director of the Open ID founder, but I'm not
sure if he was president. I know he was executive director of the Open ID Foundation and Don through the Open ID Foundation has been fundamentally dealing with things like the, the Fappy protocols and the Open ID Connect and all of these are worth 2, all of these standards. And it takes a lot of work to build standards and Don has done
a lot of that stuff. Even though yes, his job was executive director, he was really, really passionate, still is really passionate about doing those things. Another one of the people that I think does belong up there, although he will probably tell me I'm I'm full of beings, is Andy Handel. Andy. Even so, Andy, for those of you that don't know him, Andy is the content curator of all of the content at the Identiverse conferences for it was announced this year.
I think it's, it was it 15 years, something like that. And you know, yes, he's paid to do that, but that is not a job you get paid for. That is a job you do because you are absolutely passionate about it. And Andy I think has been, I would say single handedly, but there's a lot of people that work with him and volunteer with him. But he is responsible for making sure that the things we talk about at Ideniverse are relevant to our industry. And so I, I think he definitely
qualifies for things like that. Another one of the people that I would put up there. And again, I'm, I'm totally ignoring your four people thing, but another one someone John Bradley is another name I would put into that. John, if you've been to a conference, he's the guy who has the ponytail in his beard and you probably recognize him if you see that. But John has been involved in almost every standard that we work with an identity since the
SAML days. And you know, he was part of the SAML organization across at least three, probably 4 different companies that he's worked for, which tells me that isn't he's not doing the job he's paid for. This is what he loves doing and he happens to find jobs that that support him being able to do that. So OK, I'll, I'll go to five. I'll sort of put those up there as being the, the people, I think who have had incredible
influence. And you know, part of the problem is that there's another 20 on the list and they all going to come and phone me and say why didn't I get on your list? No, but what I would like to do is for our listeners, I'd like to offer, you know, Jeff, when Jeff puts out the post on this episode, add your list. If you've got a Mount Rushmore yourself or you want to make an argument for somebody, please do so. Alan, I would love to see that. A list of a few.
I've got a list of a few more questions I wanted to ask. I'm going to ask them in the format of rapid fire, which means you have a minute and a half to two minutes maximum. So if you go over that, we just ask fewer questions. OK. Right. We want to. We don't want to overdo this, but so my first question was something I brought up earlier, which was, you know, around conferences. So it's actually a two-part question. What one, what was your first conference?
And two, what was your favorite conference that you've attended? All time. So the first conference that I went to was actually a small little conference we used to call Mac Hack, and this was back in the late 80s. I was heavily involved in Mac development and it was a, a group of us took over a hotel and we started hacking on the Mac, right? It was essentially a, a glorified land party. In terms of the favorite, my favorite one to go to, That's a much harder one because, you
know, I enjoy all of them. But the, the, the two that I never miss is EIC and identifiers, simply because those are the ones where not only do I, you know, see what's new in the industry and things like that, but I get to hang out with, with my peeps, right? These are where the, the, the people who do this stuff hang out. And so I enjoy the social aspects of both of those. My my first conference was Digital ID World circa O five O 6. I think you might have been there. Possibly.
Open my eyes to this identity industry and I was like, it's not just technology, but it's like philosophy. Like what is an identity? You know, like like mind blowing question, mind expanding stuff. And then you had Kim, Kim Cameron come on and talk about the laws of identity. And literally it was like it made so much sense. But like you can see the reverence from him for him in real time. I think it was like around the year where he was joining Microsoft.
So it was like he was coming from his previous life into Microsoft. It was just like a really cool time, a really cool conference. Jeff, what was your first conference? You know, I was, I, I, I was hoping he wouldn't ask me because I'm trying to remember it was. Probably right? What's that? Weren't you at the first Identiverse? Well, like. Yes, but I think it was Cloud Identity conference or something like that at the time that cloud.
Identity Summit. That cloud identity summit, yeah, that was probably one of the first I'd been to. So my background identity was really more heads down in enterprise doing, you know, real IM work. I wasn't a thinker, still not a thinker was doing provisioning of accounts, right. So my, my solar system, my universe of identity and access management was Walgreens and SC Johnson. That's what I knew because that's what I was doing. That's where I worked. I knew how accounts are provisioned.
I knew how operations ran, I knew how technology worked, etcetera. And then I, when I got into consulting, that's when like everything just kind of blew up. You know, I was like, oh, wait, there's so much more to this, which is really why I wanted to do consulting was to learn more about it, right? So you know, the 1st ten of the 20 plus years I've had in this was not even in this industry of IAM, as we'll call it, it was doing identity work like that
was my thing. So I really didn't attend conferences until 2016, I guess. And now you know, I I try to hit every identity. I think I've been to every Cloud identity summit slash identity since then, but.
It's pretty cool though. Yeah, I mean, I I enjoy going to conferences mostly because like Alan, I get to talk to people and meet new people and my historic being a wallflower and and not really being that outgoing despite the, you know, obvious charm that I exhume on this podcast doesn't manifest itself typically in the real world.
So I've kind of gotten out of that shell a little bit and, you know, meeting people and being more open to, you know, shaking hands and kissing babies, right, and all that good stuff. So every, every conference I go to has been better than the last. But I especially, I particularly enjoy the Identiverse conference and the authenticate conferences. For whatever reason, the vibe at the the at those just seem very welcoming and appealing. So much for the rapid fire succession.
The next question, though, was for Alan. So what is Alan's future hold? You're in retirement now for officially, but you're still doing things. So the I, I answered this one a lot at, at both EIC and Identiverse, people would come to me. What are you doing here? I thought you were retired.
And, you know, for me, retirement simply means I stopped doing the things I had to do and could not concentrate on the things that I want to do and, and the conferences I want to do because that's where I get to meet all the cool kids, right? And, and where we hang out. But what's in it for me now? Well, I've just, I, I enjoy sailing. So this is actually about 3 weeks ago, I got my Blue Ocean passage maker certification from
ASA. So that was, we sailed from Bermuda to New York, which was a, a really fun sail. And I'm working on my instrument pilot's license. I have a, one of my, my side hobbies is, well, I, I guess I bought a, my wife and I went down to Argentina last year and ended up buying a small farm in Argentina, which has a great find on it. And so now I'm signed up at UC Davis doing a wine makers course. So I'm busier now than I ever was.
And you know, I love, I love just learning about things, doing new things, working out how things work. And I've I've enjoyed the drinking side of wine, so I thought I may as well go and see how it gets made. And. Save so much money if you make your own. So that's some of the things last. Question for you, Alan. It's kind of a deep, deep thought question, but what is your identity and access management legacy going to be?
Wow. The, the, I don't know that it's specifically to identity or to IAM and things like that, but I think the legacy that that I would like to be remembered for is in encouraging people to ask why. It's, it's, it's one thing to be able to know how to do something, but to be able to ask why are we doing it that way?
Why does it work that way? Why, why is it not working, etcetera, means that we can open up is, and you sort of mentioned this at the very beginning of the podcast where it, it gives you their creativity to look at a problem, to troubleshoot it and to ask why. And I've always tried to get people to sort of think, whether it's thinking outside of the box or thinking about what's going wrong. I've never been a fan of the, well, reboot it and see if it
goes away model that. That's never, for me, a good solution. So that's probably where I'd like to be remembered. So I'm going to, I'm going to try to add some levity to it. Kind of a morbid question, but would your would your tombstone just say why on it? Why you had to know Alan to know why that was there. All right, why don't we go ahead?
Because I, I have an, I have a little bit of a trivia question for Jim. What do Charlie's Charlize Theron, Elon Musk and Alan Foster all have in common? See if you can figure this out. Well, what do they have in common? Alan. Well, I'm not as good looking as Charlize Theron, but a, we're actually all South Africans, or at least we were all born in South Africa. But more importantly, we were all born within 30 miles of each other and, and probably within a
couple of years of each other. I don't know quite how that works out, but yeah, we, we were all born within about half an hour's drive from, from each other. That's my my little bit of trivia, my little brush with greatness. Does that give us like a, is there like a, a Six degrees of Kevin Bacon? Can we do like a a three degrees of Alan Foster somehow?
And, well, 1° from Alan Foster is Elon Musk, so there's that one sitting there, so. So I've never been to South Africa. I know very little. I don't think we've ever had anyone on the show from South Africa. What is something that I should know as someone who knows only? That. Those people were born there and Trevor Noah, that's about it. And, and Trevor Noah, yeah, I mean, as, as a country, it is a, it is a fascinating country, right?
It's a very beautiful country. And if you get an opportunity to visit, it's well worth taking the visit. I mean, the, a country that goes from heavy tropical banana trees and, and to high deserts to sugar cane and swamplands. You know, it's all there and, and you know, as a visit it, it's, it has had an awful lot of impact across the world, right. You run into people who were originally from South Africa,
They, they came from there. And, and so that's where we grew up originally as a British colony. Can't we can't blame us for that. But the and interestingly, South Africa and the US have a very parallel history in terms of time frames. When when the Pilgrims came to the US was about the same time that the Dutch colonized South Africa and and there's some being repeated history events. So, Alan, one question I had is, you know, American shrink coffee, Brit's drink tea, What
is South Africa's shrink? Mainly coffee. The, the, we were definitely a coffee family or it's sort of on both sides. There's tea and coffee, right? But we were definitely a coffee, coffee family and, and most everybody I had drank coffee down there. And then of course. What is your coffee consumption like? I mean, do you start your day with a coffee? Do you drink it all the way to you go to bed? How much coffee is is the right amount for you. So I, I normally go through six
or seven cups a day. So I, I start my day with, I mean, this is my, my, my Ford rock cup. And that's my, my start, my starting cup of coffee. And I normally have my last one sort of just before I open up a bottle of wine to go with dinner. So you know about 5:00 is sort of the last coffee. OK. So now let me ask you one final question. If I wrap things up, you're flying back to South Africa and you're landing. What's the first food thing that you go for in South Africa?
Is there like a go to place or meal or something that you're like for me, like I go back to Chicago and it's like I got to go to Portillo's and get a hot dog. For you going to South Africa, where are you? Where are you headed to right after the airport to get somebody? So we we have a a social event which is called a bra and a bra is about as close as a BBQ. It's basically a fire and grilled meat. And that is how we live like every weekend.
And so the idea having that and all the compliments that go along with a bride, obviously there's a beer or two or three that go along with that. But yeah, that outdoor, that outdoor BBQ, that outdoor grill is, is sort of the standard. That's that's home. I'm sold. I can get behind that. All right, why don't we go ahead and wrap it up for this week? Alan, thank you so much for taking the time with us. This, this stroll down I am
memory lane. I don't know, still working on a title in my head here, but it's been really eye opening. It's, it's, it's always fascinating for me to hear the stories behind the things right, from the people who are sort of in the room or at the pub or wherever things kind of started right, or, or whatever it may be. So, and now you're part of the Digital Identity Advancement Foundation and you've done work with ID Pro. We want to make sure we get plugs out for them.
ID pro.org, fantastic organization, we're all part of that. The Slack channel, definitely worth its money just just for that alone. For the conversation standpoint, DIAF dot link, that's the the link for the Digital Identity Investment Foundation. So for folks who are newer to identity, there's ways there that people who are in the space or anyone really can kind of support make sure that we have the next generation coming
through. So I'll have links in our show notes for that kind of stuff that people hopefully will go check out. Let's see what else. We're on the web, idacpodcast.com. We're on X Twitter, whatever it's called by the time your your face or ears consume this at IDAC podcast, we're on YouTube. If you're not watching us on YouTube, do us a favor, go over and like and subscribe. We're trying to grow to the YouTube channel.
Make it super easyidacpodcast.tvsoidacpodcast.tv will take you right to our YouTube channel and would appreciate a, a subscribe and A and a like on a video. Let's see what else Connect with us on LinkedIn. I'll have Alan's LinkedIn connection information in our show notes so you can either share stories about Bry's or coffee consumption. Wine. My wife is very into wine, so she'll be very much tuning into that conversation. And anything else, Jim, that I
forget or are we good to go? No, you mentioned everything. I did want to just thank Ellen, not only for being on the show, but just all the contributions you're making and people like you have made over the years. I mean, it's made things a lot easier for the practitioners today. And I think what you're doing with DIAF is, you know, really important. It's about the next generation of identity people. And we all have that
responsibility. Pass it on, you know, pay it forward however you want to. You want to refer to it. I think we've all received and we should all make sure that we give back. Great way to end it. So we'll leave it there. Thanks everyone for watching or listening. Thanks, Alan. Thanks, Jim. And we'll talk to everyone in the next one. You've been listening to Identity at the center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon.
But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.
