Identiverse 2023 recap with David Brossard and Matt Luckett

Emme Reichert   ·   Monday, June 12th, 2023

Our team had a great time at Identiverse last week, getting together to discuss the latest innovations and trends in the identity industry.

What happens in Vegas doesn’t always stay in Vegas.

We spoke with our Chief Technology Officer David Brossard, and VP of Customer Success Matt Luckett about their time at the conference, and to share some of their own highlights.

What was your biggest takeaway from the event?

David: In a nutshell, 2024 will be the year of authorization!

I am glad we’re seeing momentum to tie standards together. Many of us got together to discuss interoperability between specs such as ALFA, IDQL, and OAuth.

I clearly see a new momentum for attribute-based access control (ABAC). It was the icing on the cake of a conference that started with Andre Durand, CEO Ping Identity mentioning authorization is the new frontier, and ended with a panel with ForgeRock founder Allan Foster, Ford IAM specialist Galina Livit, and myself.

The second biggest takeaway was the rapid growth of artificial intelligence (AI) and its impact on identity and trust.

Matt: I agree with David’s thoughts. I think authorization is at the point where authentication was a few years ago.

More and more organizations are coming to the table recognizing that authorization is key to their long term security success. Whether it’s for compliance standards, risk management, or adopting a Zero Trust model, organizations understand that externalizing policy management from their applications, in either a centralized or decentralized approach, is how they handle the last mile of security.

What was the biggest surprise or hidden gem?

David: With Identiverse back in full swing, I was happily surprised to see many new IAM initiatives, especially in the authorization space.

I was delighted to see XACML and ALFA called out several times during keynotes. Alex Simons of Microsoft suggested applications of AI for authorization (As an epoxy between standards? As an analysis tool?). Customers should expect some serious new innovation from us in that space.

Matt: For me, the education in the market was the biggest surprise.

In most cases, people coming to learn more at the booth came with an understanding of Axiomatics and/or authorization as a whole compared to two years ago where most organizations had to be educated.

Do you have a favorite quote that you heard? If so, what did you takeaway from it?

David: There are so many but perhaps the one that stands out to me is Alex Simons’ remark that AI will help us deliver the ‘epoxy’ of authorization – a glue that can tie together different approaches and languages.

This shifts the focus from the need to create yet another standard to dedicating ourselves to building a better management plane for policy authoring, testing, deployment, and auditing. In his keynote, Alex listed “authorization policy” in his top four key standards initiatives. This is so inspiring!

@Alex_A_Simons keynote underway @Identiverse – #authorization policies are part of the 🗝️ initiatives @axiomatics @Microsoft pic.twitter.com/ZZInznMAa8

— David Brossard (@davidjbrossard) May 31, 2023

Matt: The idea of ‘centralized’ policy management came up quite a bit and was a main focus in the closing remarks from Allan Foster, who thought next year’s Identiverse should be focused on centralizing policy management.

While I think this is a great idea in concept, what we’ve learned through the last sixteen years of successfully working with customers worldwide is that a fully centralized approach isn’t always in your best interest.

We suggest that policies should be available in a centralized approach, but should be created and managed in both a centralized and decentralized approach.

This means some applications should be managed from a central team, but there are other times where the application owner should own their policies and manage them outside of the central team.

While these policies can be managed decentrally, they can still be accessed centrally which helps give the business insight into the policies and also helps the auditing process better understand and sign off that only the right user has access to the right information at the right time.

Are there any trends that you see growing based on what you heard at the conference?

David: I see three major trends:

First, passwordless is increasingly becoming a reality (thank you WebAuthN and Passkeys). The FIDO Alliance has poured a tremendous amount of energy into making the standard easy-to-use for all.

Second, AI is tearing apart what it means to trust. The first five minutes of Andre Durand’s keynote were all AI-generated and delivered. We can no longer trust our ears or eyes.

Lastly, authorization. Policy-driven authorization, user-driven authorization, graph-based, attribute-based. This year, authorization was everywhere. It’s amazing to see AWS jump on our authorization bandwagon. It’s a validation that developers and app owners need externalized authorization more than ever before.

Matt: For me, there are two trends I’m seeing from the market as a whole:

The first is that this is the year of authorization. David’s covered that above – it was everywhere at the conference.

Similar to David, AI, and more specifically, ChatGPT, is on everyone’s minds. These two trends are interesting and will push the market to deliver authorization products that are easier to implement and manage.

What was one of your favorite sessions or moments?

David: Justin Richer’s take on standards and specifications was insightful and delivered tongue-in-cheek. It shows that no matter how careful standards editors are, if there is a gap, implementers will (often unwittingly) fall through the cracks and implement a standard differently.

On a personal level, it was a pleasure and honor to be part of the closing panel. I’m glad to be part of the team relentlessly driving innovation for authorization and our customers.

Matt: The closing remarks were great as it was really exciting to see common trends may drive authorization to be the focal point of Identiverse 2024.

What are you looking forward to next year at Identiverse in 2024?

David: I’d love to reach even more consensus around authorization. I’d love to see AI and IAM closely intertwined, and I’d love even more standards interoperability. The more we build on top of standards, the better it’ll be for our customers.

Matt: Seeing more growth in the market.

Thank you to those who visited us at Identiverse!

It was a pleasure getting to meet new and familiar faces at our booth and at our power breakfast session. We discussed some ideas on measuring success, return on investment on fine-grained authorization initiatives, the adjacent worlds of identity management, provisioning, access reviews, and much more.

Didn’t get the chance to talk with us at Identiverse? Request a demo and join the movement towards modernized, scalable authorization and access control.

We look forward to seeing you again next year for Identiverse in 2024!