Episode 92: Tracking Identity Threats Before They Track You
As identity-based attacks grow more sophisticated, traditional IAM solutions need a boost. In this episode of Identerati Office Hours, we dive into Identity Threat Detection & Response (ITDR)—a critical enhancement for modern IAM strategies. How can ITDR go beyond access management to detect, mitigate, and respond to identity threats in real-time? Will a ITDR become essential for security teams to stay ahead of evolving threats? Tune into this IOH episode to learn more!
Episode 90: The Ecosystem Driving MOSIP’s Mission
MOSIP requires a foundation of complementary technologies and human expertise–no one company or firm can deploy robust digital public infrastructure for a nation. In this episode, we’ll explore how MOSIP is building an ecosystem of software vendors, infrastructure providers, IT integrators, custom development firms, and other domain experts who provide the business, legal and cloud technology capable of delivering their solution to diverse markets.
We’ll also discuss how this collaborative approach positions nations to expand MOSIP’s reach by linking identity credentials to critical public and private services.
Episode 89: Detecting and Correcting API Drift
APIs are the lifeblood of modern digital ecosystems, driving 80% of internet traffic and enabling seamless integration between applications, services, and devices. The gap between API specifications and production behavior—known as “API drift”—is a major source of inefficiency and friction in the API ecosystem. Drawing insights from APIContext’s recent white paper, this discussion will explore the state of API specifications, their critical role in ensuring interoperability, and why keeping them up-to-date and accurate is essential for robust API governance.
Join us for Identerati Office Hours to uncover insights on:
🚀 The Role of APIs: Powering 80% of all internet traffic, APIs are the backbone of modern digital applications.
📉 The Problem of API Drift: 25% of APIs don’t conform to their specifications. What is the impact to performance and reliability?
🛠️ Best Practices for API Governance: Explore actionable strategies to mitigate API drift, from publishing clear OpenAPI Specifications to proactive monitoring.
🤖 Agentic AI: Amplifying API Drift: The rise of autonomous AI agents adds a new layer of complexity to the existing challenge of API drift. Managing agent interactions and ensuring they adhere to evolving API specifications makes maintaining accuracy and preventing drift even more critical.
Episode 88: Rethink AuthZ: Immutable, Versionable Auth* Models & Trusted Delegation
ZTAuth* redefines authentication, authorization, and trusted delegation to address the challenges of disconnected systems in edge and IoT environments. By leveraging transferable, versionable, and resilient models, it aligns with Zero Trust principles while embracing CAP theorem constraints and eventual consistency. PermGuard is actively implementing this architecture to deliver scalable and secure policy-driven solutions for distributed systems.
The Permguard Auth* Provider allows enterprises to specify who or what can access resources by the means of fine-grained permissions:
Who: Identities (Users and Actors) authenticated in the application
Can Access: Permissions granted by attaching policies
Resources: Resources targeted by permissions
Developers use implement the Permguard Policy Enforcement Point using available SDKs, and call the PermGuard Authorization API, sending the principal with its JWT token–to protect against types of attacks such as:
Authorization Inference Attack
Excessive Data Exposure
Side-Channel Attack on Authorization
Privilege Escalation
Passing the token JWT in the PDP authorization request can avoid sharing information with the PEP, adding a mechanism for trusted delegation.
The Permguard PDP can run as a “remote service” or a “proximity service”, the latter of which achieves low network latency by operating on an eventual consistent basis for policies.
In this livestream, we’ll discuss PermGuard and how why systems like this are causing enterprises to re-think authorization.
Episode 87: Why Identity Orchestration Matters
OpenID for Verifiable Presentations (OpenID4VP) is an implementers draft specification that defines a mechanism on top of OAuth that enables presentation of Verifiable Credentials (in any format) as Verifiable Presentations. Kristina, Torsten and others have been presenting OpenID4VP at conferences and IIWs for years. Where is it now? What can we expect in 2025? What is the feedback from early adopters? Join us for this discussion, and bring your own questions for two of the spec authors.
Episode 86: OpenID for Verifiable Credentials Update
OpenID for Verifiable Presentations (OpenID4VP) is an implementers draft specification that defines a mechanism on top of OAuth that enables presentation of Verifiable Credentials (in any format) as Verifiable Presentations. Kristina, Torsten and others have been presenting OpenID4VP at conferences and IIWs for years. Where is it now? What can we expect in 2025? What is the feedback from early adopters? Join us for this discussion, and bring your own questions for two of the spec authors.
Episode 82: Achieving Standard DID Methods
Decentralized Identifiers (DIDs) promise to reshape the digital identity landscape, empowering individuals and organizations with greater security, privacy, and control. Join us for a discussion with Daniel Buchner, a leading innovator in decentralized identity and former Microsoft executive, as he delves into the topic of “Achieving Standard DID Methods.”
We’ll discuss the technical and organizational hurdles to interoperability, and learn how open standards and collaboration across the ecosystem are driving the adoption of decentralized identity.
Episode 81: OAuth Status List and Attestation-Based Client Authentication
In SAML, the entityID identifier is used for both IDPs and RPs. But in OpenID Connect, there is no stable identifier for the RP. This has become problematic for verifiable credential presentation. One solution is to enable the client to assert their identity, via an attestation. Oversight? Feature? Either way, it’s going to be really helpful! We’re going to save a few minutes at the end to talk about a new draft OAuth standard for Status Lists, which is like a more efficient “certificate revocation list” design to revoke JWT tokens. Clients should verify not only the signature, but also the status of the token–just like we check for revocation of X.509 certificates.
Episode 80: Introducing Ayra
The Ayra Association is a new Swiss nonprofit association that will serve as the governing body for the Ayra Trust Network, which is a “trust network of trust networks”. The first trust networks are seeking to exchange and verify digital credentials. other “trust clusters” are forming in financial services, workforce credentials, supply chain, personhood credentials, and organizational ID. Join us for a discussion on this new network and how you can maybe even trust cluster your federation!
Episode 79: Authorization for the Modern Enterprise – Reschedule
PlainID’s strengths lie in its ability to centralize and simplify policy management–enforcement, visibility, discovery, authoring, lifecycle management, consistency validation, and governance. This unified approach enables granular control of how identities access data and resources. Join us for a conversation with Gal Helemsky, co-founder and CTO of PlainID, as we explore the future of authorization in today’s complex enterprise environments.