Identerati Office Hours Episode

ZTAuth* redefines authentication, authorization, and trusted delegation to address the challenges of disconnected systems in edge and IoT environments. By leveraging transferable, versionable, and resilient models, it aligns with Zero Trust principles while embracing CAP theorem constraints and eventual consistency. PermGuard is actively implementing this architecture to deliver scalable and secure policy-driven solutions for distributed systems. The Permguard Auth* Provider allows enterprises to specify who or what can access resources by the means of fine-grained permissions: Who: Identities (Users and Actors) authenticated in the application Can Access: Permissions granted by attaching policies Resources: Resources targeted by permissions Developers use implement the Permguard Policy Enforcement Point using available SDKs, and call the PermGuard Authorization API, sending the principal with its JWT token–to protect against types of attacks such as: Authorization Inference Attack Excessive Data Exposure Side-Channel Attack on Authorization Privilege Escalation Passing the token JWT in the PDP authorization request can avoid sharing information with the PEP, adding a mechanism for trusted delegation. The Permguard PDP can run as a “remote service” or a “proximity service”, the latter of which achieves low network latency by operating on an eventual consistent basis for policies. In this livestream, we’ll discuss PermGuard and how why systems like this are causing enterprises to re-think authorization.

OpenID for Verifiable Presentations (OpenID4VP) is an implementers draft specification that defines a mechanism on top of OAuth that enables presentation of Verifiable Credentials (in any format) as Verifiable Presentations. Kristina, Torsten and others have been presenting OpenID4VP at conferences and IIWs for years. Where is it now? What can we expect in 2025? What is the feedback from early adopters? Join us for this discussion, and bring your own questions for two of the spec authors.

OpenID for Verifiable Presentations (OpenID4VP) is an implementers draft specification that defines a mechanism on top of OAuth that enables presentation of Verifiable Credentials (in any format) as Verifiable Presentations. Kristina, Torsten and others have been presenting OpenID4VP at conferences and IIWs for years. Where is it now? What can we expect in 2025? What is the feedback from early adopters? Join us for this discussion, and bring your own questions for two of the spec authors.

Decentralized Identifiers (DIDs) promise to reshape the digital identity landscape, empowering individuals and organizations with greater security, privacy, and control. Join us for a discussion with Daniel Buchner, a leading innovator in decentralized identity and former Microsoft executive, as he delves into the topic of “Achieving Standard DID Methods.” We’ll discuss the technical and organizational hurdles to interoperability, and learn how open standards and collaboration across the ecosystem are driving the adoption of decentralized identity.

In SAML, the entityID identifier is used for both IDPs and RPs. But in OpenID Connect, there is no stable identifier for the RP. This has become problematic for verifiable credential presentation. One solution is to enable the client to assert their identity, via an attestation. Oversight? Feature? Either way, it’s going to be really helpful! We’re going to save a few minutes at the end to talk about a new draft OAuth standard for Status Lists, which is like a more efficient “certificate revocation list” design to revoke JWT tokens. Clients should verify not only the signature, but also the status of the token–just like we check for revocation of X.509 certificates.

The Ayra Association is a new Swiss nonprofit association that will serve as the governing body for the Ayra Trust Network, which is a “trust network of trust networks”. The first trust networks are seeking to exchange and verify digital credentials. other “trust clusters” are forming in financial services, workforce credentials, supply chain, personhood credentials, and organizational ID. Join us for a discussion on this new network and how you can maybe even trust cluster your federation!

PlainID’s strengths lie in its ability to centralize and simplify policy management–enforcement, visibility, discovery, authoring, lifecycle management, consistency validation, and governance. This unified approach enables granular control of how identities access data and resources. Join us for a conversation with Gal Helemsky, co-founder and CTO of PlainID, as we explore the future of authorization in today’s complex enterprise environments.

Beware the threat of unmanaged Non-Human Identity! Join us for a discussion on what you need to know to survive the coming apocolyptic reckoning of unconstrained machine access! 🧑‍💻 What are Non-Human Identities ⏰ Why Now – Why Should You Be Concerned ♻️ Key Lifecycles Processes for managing NHI Risks ⚖️ Regulatory Perspective 📏 Standards e..g SPIFFE/SPIRE, WIMSE … 📊 The NHI Market 🔮 2025 Outlook and Predictions

“Ergonomic syntax” was a core design requirement of the Cedar language. In plain English, that means Cedar should be intutitive for developers to express complex access rules… and hopefully fun! By mapping easily to the application model, Cedar entites and resources integrate seamlessly with modern applications. Join us as we unpack Cedar’s core features and discuss how it empowers developers to deliver robust, secure authorization solutions without getting lost in complicated policy logic.

🚀 Join us for the first Identerati Office Hours Livestream of 2025 🎆 , as we dive into the Future of Identity Governance and Administration (IGA)! We’re thrilled to host identerati Radovan Semančík , Slávek Licehammer of Evolveum and André Koot of SonicBee for discussions on the IGA trends shaping the industry, and strategies to future-proof your identity governance program.

SSI adoption has been slow for years. Trinsic has iterated a great deal in the space and settled on a new business model in identity acceptance. Riley will walk us through lessons learned and how it led them to disrupt the identity verification market.

It’s been a long journey, but the first commercial release of Cedarling is finally here! Join Mike and Mike for a quick tour and demonstration of the Cedarling!