Episode 98: Eclipse Decentralized Claims Protocol
The Eclipse Decentralized Claims specification defines “Dataspaces” which enable participants to secure data access using credentials associated with an identity. The specification defines a set of protocols for asserting participant identities, issuing verifiable credentials, and presenting verifiable credentials using a decentralized architecture for verification and trust. Is this an example of TBAC? Join the discussion to find out!
Episode 97: Patterns and Anti-patterns in Privileged Access Management (PAM)
Managing privileged access is one of the most critical aspects of cybersecurity, yet organizations often struggle with implementing it effectively. In this episode of Identerati Office Hours, we’re joined by Rainer Hörbe, Senior Manager at KPMG, to explore the key patterns and anti-patterns in Privileged Access Management (PAM).
We’ll discuss:
🔹 Common PAM pitfalls and how to avoid them
🔹 Best practices for securing privileged accounts
🔹 Strategies for balancing security, usability, and compliance
🔹 Real-world insights on what works—and what doesn’t—in PAM
Join us for a deep dive into the do’s and don’ts of PAM with one of the industry’s leading experts. Whether you’re designing a PAM strategy or optimizing an existing one, this session will provide actionable takeaways to strengthen your security posture.
Episode 91: Powering Continuous Identity with OAuth and OpenID
Continuous identity requires new enterprise infrastructure to publish events related to a login session and token lifecycle. One solution could be Shared Signals Transmitters (SSTs) based on the OpenID Shared Signals Framework (SSF) and the Continuous Access Evaluation Protocol (CAEP). Another solution could leverage recent OAuth drafts for global token revocation and OAuth Status List JWTs. Join us as we discuss why continuous identity is the future and if it fits into a token based access control model.
Episode 96: iShare: Bringing Trust to Data with JWT-Based Access
The iShare ecosystems have been leveraging Token-Based Access Control (TBAC) for years to address the complex challenges of secure and seamless data sharing across enterprise boundaries within the European Union. This innovative framework enables organizations to establish trust, enforce fine-grained access policies, and ensure compliance while facilitating interoperability between different entities. Join this discussion to gain insights into how iShare’s approach works, the benefits it offers for cross-organizational data exchange, and how it compares to other access control models. Whether you’re a security professional, developer, or business leader, this session will provide valuable knowledge on the future of data sovereignty and access management in the EU.
Episode 93: Is TBAC the Future? Gluu, SGNL & Strata Weigh In
TBAC is a new access control model that leverages the rich context encoded in tokens, such as JWTs, to make dynamic, fine-grained access decisions. Unlike existing models like RBAC, ABAC, or ReBAC, which rely on roles, attributes, or relationships, TBAC evaluates access based on the information embedded in a bundle of tokens, providing unparalleled flexibility and contextual awareness.
But is a new access control model needed? Is TBAC a re-hashing of other access control models, like ABAC or PBAC? Can tokens contain the context necessary to make decisions without access to other data sources? Could enterprises implement “Zero Standing Priviledge” using a TBAC approach?
In this episode of Identerati Office Hours, three of the leaders in modern enterprise identity will discuss the merits of TBAC and the arguments for and against the approach.
Episode 95: Are JWTs bad for authz?
Relying on data in token claims for authorization is a slippery slope that can lead to unexpected failures and painful debugging sessions. JWT bloat—caused by excessive claims—can run into header size limitations, triggering intermittent outages due to constraints on proxies, load balancers, and firewalls. Beyond sheer size, data encoding schemes introduce additional complexity, especially when dealing with binary-encoded claim values. Dynamic claims in tokens can also risk inconsistency if not handled properly. And then there’s the issue of revocation. In this episode, we’ll break down the hidden dangers of overloading JWTs, consider real-world horror stories, and discuss best practices for keeping your tokens lean or when you should consider reference tokens instead.
Episode 91: Powering Continuous Identity with OAuth and OpenID
Continuous identity requires new enterprise infrastructure to publish events related to a login session and token lifecycle. One solution could be Shared Signals Transmitters (SSTs) based on the OpenID Shared Signals Framework (SSF) and the Continuous Access Evaluation Protocol (CAEP). Another solution could leverage recent OAuth drafts for global token revocation and OAuth Status List JWTs. Join us as we discuss why continuous identity is the future and if it fits into a token based access control model.
Episode 94: The IPSIE Standard: A New Era of Identity Interoperability
IPSIE (pronounced “ip-see”) stands for Interoperability Profiling for Secure Identity in the Enterprise. Its mission is to develop interoperability and security profiles of existing specifications. The current situation is that the enterprise deployments of OpenID, OAuth, passkeys and other identity technologies are so varied, two implementations are NOT guaranteed to work together. For example, is it acr or amr that shows how the user was authenticated? Can re-usable IPSIE profiles enable much sought after IT consolidation? In this epsiode with working group contributors… we’ll see!
Episode 92: Tracking Identity Threats Before They Track You
As identity-based attacks grow more sophisticated, traditional IAM solutions need a boost. In this episode of Identerati Office Hours, we dive into Identity Threat Detection & Response (ITDR)—a critical enhancement for modern IAM strategies. How can ITDR go beyond access management to detect, mitigate, and respond to identity threats in real-time? Will a ITDR become essential for security teams to stay ahead of evolving threats? Tune into this IOH episode to learn more!
Episode 90: The Ecosystem Driving MOSIP’s Mission
MOSIP requires a foundation of complementary technologies and human expertise–no one company or firm can deploy robust digital public infrastructure for a nation. In this episode, we’ll explore how MOSIP is building an ecosystem of software vendors, infrastructure providers, IT integrators, custom development firms, and other domain experts who provide the business, legal and cloud technology capable of delivering their solution to diverse markets.
We’ll also discuss how this collaborative approach positions nations to expand MOSIP’s reach by linking identity credentials to critical public and private services.