Download your copy of our State of Authorization: Playbook Edition Get it now »

Identiverse 2024 Recap with David Brossard and Kelly O’Dwyer-Manuel

David & Kelly share highlights from this year's conference in Las Vegas - and what the identity industry is excited about.

We woke up in Las Vegas at Identiverse a few weeks ago to discuss the latest innovations and trends in the identity industry. But what happens in Vegas doesn’t always stay in Vegas!

Now that we have had time to collect our thoughts, let’s recap the highlights from Identiverse with our Chief Technology Officer, David Brossard, and VP Brand & Communications, Kelly O’Dwyer-Manuel.

What were the most prominent topics or discussions at this year’s event?

David: Key topics included AI, of course, decentralized identities & verifiable credentials, passkeys, and authorization. Much like last year, Andre Durand highlighted how AI breaks the most fundamental basics of trust. We can no longer trust what we see or hear. Deep fakes are increasingly convincing. And that’s scary.

Identiverse 2024 also highlighted emerging standards such as AuthZEN, CAEP, and RISC all of which can support a stronger authorization approach. WIMSE is another standard focusing on workload identities which my peer, Pieter Kasselman, from Microsoft is spearheading alongside Justin Richer at IETF.

Kelly: As David mentioned, the topic that permeates most discussions is around how AI will impact technology. Discussions as to how to leverage generative AI to help identity teams augment their never-ending to-do lists as well as discussions as to how to secure AI systems trying to access critical assets. Many vendors participating in the event have already announced how they’ll incorporate AI into their identity and access management (IAM) offerings, a trend only likely to grow.

Securing non-human identities, the evolution of standards and battling deepfakes were also topics raised consistently throughout the week.

Last year, there was a lot of conversation about authorization, including a discussion which laid the foundation for the OpenID Foundation’s AuthZEN Working Group. How did this year’s event build on that?

David: Leading up to Identiverse, the folks in the AuthZEN Working Group did a stellar job of building a demo app, an interop use case and scenario, and a framework for companies to test and prove their interoperability. Omri Gazitt< of Aserto led the effort. The result? A total of 14 interoperable authorization suites including one built on a business rules engine (Kogito). It shows the breadth and versatility of the standards being built.

During the conference, many of us delivered talks on varying aspects of authorization. I have a good summary of those talks on my blog.

Kelly: Expanding on David’s first point, the event started with an announcement of the AuthZEN Working Group’s Interop results, where several authorization vendors (including Axiomatics) achieved conformance with the AuthZEN request/response protocol. It’s hard to overstate how much progress this group has made in a year. We’ve gone from discussions and meetings to concrete results, with more vendors anticipated to complete the Interop in the coming weeks.

More than that, the news this week was the result of several vendors – many competitors – coming together to support a significant milestone for the authorization market. That type of communal action is exceedingly rare and validates that moving the market forward will take a community; it will not be the result of one vendor claiming victory over all others.

How does Identiverse 2024 shape the authorization market through the rest of the year?

David: Speaking with my OpenID hat on, it’s fuelling our desire to go even further. My co-chairs and I have already got plans to work on batch authorization requests as well as a search API. Stay tuned for that.

Switching gears, I’m also garnering interest in a second iteration of Abbreviated Language for Authorization (ALFA) [ALFA 2.0 please!]. Several of my peers are jumping on the bandwagon. Next stop? IETF 120 in Vancouver.

Also, check out our podcast episode with special guests Eve Maler and Gerry Gebel where we discuss the future of authorization.

Kelly: There was a great call to action during the closing keynote from Sarah Cecchetti and Pieter Kasselman for people to get involved in the various authorization projects out there, from ALFA to AuthZEN. It was great to see and hopefully this will spur folks to continue so much of the good work that’s going on.

That said, the same call to action also highlighted that there’s still a LOT going on in the market, which is a lot for enterprises to digest.

What was the most impactful session?

David: George Roberts of McDonalds gave us insights on McDonald’s IAM journey. Because they’re partly franchise-based and because a huge part of their workforce is staff in the restaurant, behind the cash register or the grill, their environment is different from the average 9-to-5 office worker. That creates challenges in terms of IAM. Listening to George (while admiring his on-brand sneakers) was an eye opener.

Ian Glazer’s Counselors in the Modern Era: Advancing Identity Management provides a fresh take on the human dimensions of digital identity.

Kelly: There were a lot of great sessions, including those David has mentioned. One more that stood out for me – a presentation by Southern New Hampshire University on their success 12 months post-CIAM (customer identity & access management) deployment. The presentation was straightforward, factual and clear – they had a great picture on what challenges existed prior to deployment and what metrics they used to call out success. Like the McDonald’s presentation, SNHU’s requirements were complex, as they had to think about identity for their workforce, current students, prospective students, and another stakeholders. Addressing that type of complexity and balancing ongoing requirements for diverse audiences is a pretty big challenge.

This was impactful for me because it underscored the need to have more end users talk about their projects. Those stories are hard to come by, but boy, are they ever compelling. Though SNHU initially didn’t call out the vendor they replaced (as well as who contributed to their success), the story was so compelling the audience started asking those questions.

What are you looking forward to next year at Identiverse in 2025?

David: More authorization 🙂 and hopefully a new interop and an updated language.

Kelly: More end user stories. Vendor stories are awesome (we’re a vendor and we tell good stories, I think!), but those ‘stories from the trenches’ are incredibly powerful, so I hope there are more next year.

Thank you to those who visited us at Identiverse!

It was a pleasure getting to meet new and familiar faces at our booth and the many sessions David spoke at. We talked about policy-driven authorization and how it can leverage attributes to define detailed access policies across an organization and much more.

Want to read more about what we talked about at the conference? Here are three great resources for you to look into:

Didn’t get the chance to talk with us at Identiverse? Request a demo and join the movement towards modernized, scalable authorization and access control.

Have 30 minutes? Let's show you a demo!

See how our award-winning solution can help you meet today's access control and Zero Trust needs.

Request a demo

  Join us on LinkedIn for more insights
Archived under:
About the author

As the Marketing Communications Specialist, Emme Reichert helps execute content that resonates with customers, partners, and influencers. She has experience with marketing in the healthcare and tourism industries.