1 00:00:04,760 --> 00:00:10,360 This is identity at the center. Welcome to the Identity at the 2 00:00:10,360 --> 00:00:12,200 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,200 --> 00:00:14,320 Hey, Jim. Hey, Jeff, how are you? 4 00:00:14,840 --> 00:00:16,880 I'm pretty good yourself. Good. 5 00:00:16,880 --> 00:00:20,120 So many ways I thought that we could start this Episode 1 was 6 00:00:20,320 --> 00:00:23,960 Happy New Year, but I think I'd be far in violation of saying 7 00:00:23,960 --> 00:00:26,960 Happy New Year since this episode goes live in February. 8 00:00:27,240 --> 00:00:30,920 But I thought I'd start with a pun because it's been so cold on 9 00:00:30,920 --> 00:00:32,640 the East Coast of the US. But you know what? 10 00:00:32,640 --> 00:00:35,880 It's hot right now. Authorization. 11 00:00:36,280 --> 00:00:38,800 So hot right now. I think we need like the was it 12 00:00:38,800 --> 00:00:41,880 the oh, what's the movie? It's I'm blanking on it now. 13 00:00:43,320 --> 00:00:45,400 Zoolander, right? It's so hot right now. 14 00:00:45,400 --> 00:00:49,720 Author is authorization. Well, I think we should dive 15 00:00:49,720 --> 00:00:52,440 right into it because we've got a fantastic guest today. 16 00:00:52,800 --> 00:00:54,600 Yeah, we've got a sponsor spotlight today. 17 00:00:54,600 --> 00:00:57,080 So these are the folks that helped make this podcast 18 00:00:57,280 --> 00:00:59,760 available for so many people around the world and definitely 19 00:00:59,760 --> 00:01:01,920 appreciate that. So it's a fully sponsored 20 00:01:01,920 --> 00:01:03,560 episode. We're going to get into it today 21 00:01:03,560 --> 00:01:06,760 with Plain ID and really learn more about their solution. 22 00:01:07,200 --> 00:01:10,440 I've known Gal, our guests here for at least a couple years now, 23 00:01:10,440 --> 00:01:14,240 kind of way back 20/15/2016. I feel like maybe it was 24 00:01:14,240 --> 00:01:17,000 somewhere around that time frame, but a kind of a routine 25 00:01:17,000 --> 00:01:18,560 mainstay on the identity circuit. 26 00:01:18,560 --> 00:01:21,720 So if people want to learn more about Plane ID, you can go to 27 00:01:21,720 --> 00:01:29,280 the website planeid.com/I DAC. That's PLAIN id.com/I DAC. 28 00:01:29,280 --> 00:01:33,400 So welcome to the show Gal Holimsky, the Co founder and CTO 29 00:01:33,400 --> 00:01:37,400 of Plane ID. Thank you and it's very nice to 30 00:01:37,440 --> 00:01:40,520 be here again. Yeah, the last time you're with 31 00:01:40,520 --> 00:01:43,960 us was way back in episode 218. I thought it was last year, but 32 00:01:43,960 --> 00:01:45,160 you corrected me in your toy, right? 33 00:01:45,160 --> 00:01:48,480 It was a couple years ago. We recorded live from Ideniverse 34 00:01:48,480 --> 00:01:50,560 in one of the many conference rooms. 35 00:01:50,560 --> 00:01:53,560 And I think I don't know if that was like Mandalay or if it was 36 00:01:54,680 --> 00:01:56,920 one of the other, you know, one of the hotels that we were kind 37 00:01:56,920 --> 00:01:59,000 of out there. But we had a great conversation 38 00:01:59,000 --> 00:02:03,520 around back BAC something based access control, I think I called 39 00:02:03,520 --> 00:02:06,760 it like star back. So thank you for being part of 40 00:02:06,760 --> 00:02:09,440 this as well and coming back. So I got to ask your first 41 00:02:09,440 --> 00:02:10,960 questions like, all right, so why are you back? 42 00:02:10,960 --> 00:02:14,840 Why are we doing this episode? OK, excellent question to start 43 00:02:14,840 --> 00:02:17,040 with. So first of all, because I want 44 00:02:17,040 --> 00:02:21,360 to say that today authorization is a security decision. 45 00:02:21,560 --> 00:02:25,200 If in the past we struggled with which method to implement and 46 00:02:25,200 --> 00:02:29,920 even to even if to implement at all, that's no longer the case. 47 00:02:29,920 --> 00:02:33,240 Today, authorization is a security decision. 48 00:02:33,360 --> 00:02:37,000 Either you're secured or not and we'll see why is that. 49 00:02:37,560 --> 00:02:40,840 I mean, that's a pretty simple, simple statement, but it carries 50 00:02:40,840 --> 00:02:44,360 so many repercussions, right? It's like, OK, authorization is 51 00:02:44,360 --> 00:02:46,960 really the crux of what identity and access management is built 52 00:02:46,960 --> 00:02:48,640 around. You got to get it right. 53 00:02:49,520 --> 00:02:51,120 So tell me a little more about plane ID. 54 00:02:51,120 --> 00:02:53,800 For people who aren't familiar out there and the, you know, 55 00:02:53,800 --> 00:02:57,440 billions of listeners and watchers that we have, what is 56 00:02:57,440 --> 00:02:59,920 plane ID? OK, sure. 57 00:03:00,200 --> 00:03:02,360 So Plain ID is the authorization company. 58 00:03:02,400 --> 00:03:06,280 We are focused primarily on authorization, controlling 59 00:03:06,280 --> 00:03:09,240 authorization, managing authorization, providing 60 00:03:09,240 --> 00:03:12,120 authorizations. We have been focused in the 61 00:03:12,120 --> 00:03:17,160 space for quite some time and we work with large enterprises that 62 00:03:17,160 --> 00:03:21,640 trust our technology to manage and control their authorization 63 00:03:21,640 --> 00:03:24,840 solution. That is, that's Plain ID. 64 00:03:24,960 --> 00:03:28,000 And yeah, we'll learn more as we speak. 65 00:03:28,800 --> 00:03:30,560 We're definitely going to learn more about it, especially sort 66 00:03:30,560 --> 00:03:32,920 of like how does look in in sort of the real world and how it 67 00:03:32,920 --> 00:03:35,160 works like architecturally right within an environment. 68 00:03:35,680 --> 00:03:38,400 I got to ask though, how'd you come up with the name Plane ID? 69 00:03:39,160 --> 00:03:44,040 OK, so you know how in identity and access management there are 70 00:03:44,040 --> 00:03:47,600 so many aspects and it starts with maybe something simpler and 71 00:03:47,600 --> 00:03:51,080 get so complicated. Authorization traditionally is 72 00:03:51,080 --> 00:03:53,440 considered the most complicated area. 73 00:03:54,240 --> 00:03:58,440 We wanted to simplify that and therefore plain IDAYID. 74 00:03:58,440 --> 00:04:01,640 That's a different question, but still we wanted to resonate 75 00:04:01,640 --> 00:04:06,200 something which is simpler, solving a complex problem in a 76 00:04:06,200 --> 00:04:09,840 simpler way. Hello, it's a noble 'cause it's 77 00:04:09,840 --> 00:04:12,760 a hard one to address because I think authorizations get super 78 00:04:12,760 --> 00:04:14,960 complex sometimes, especially some applications. 79 00:04:15,560 --> 00:04:19,600 What is it that you think makes plain ID separate itself from 80 00:04:19,600 --> 00:04:21,720 others that are in the market? Because I know there's a lot of 81 00:04:21,720 --> 00:04:24,200 different kind of vendors right in the authorization space. 82 00:04:24,560 --> 00:04:26,800 You guys have been around for a long time at this point. 83 00:04:27,040 --> 00:04:28,760 What is it that makes your solution unique? 84 00:04:28,760 --> 00:04:31,720 As I put my jaded see so hat on like all right, create another 85 00:04:31,720 --> 00:04:33,320 tool in the stack that I have to think about. 86 00:04:34,000 --> 00:04:35,800 Yeah. So I believe it's the 87 00:04:35,800 --> 00:04:38,920 completeness of the solution and I'll explain again. 88 00:04:38,920 --> 00:04:42,280 Authorization, like I said, is the security decision, which 89 00:04:42,280 --> 00:04:46,280 means it's not a developer's decision, it's eventually a CSO 90 00:04:46,280 --> 00:04:49,360 decision. The authorization is meant to 91 00:04:49,360 --> 00:04:52,960 represent what can be done within our technology space, 92 00:04:52,960 --> 00:04:57,560 which basically translate into what data can be accessed, what 93 00:04:57,560 --> 00:05:01,880 tools, what APIs, what services can be used, who's making those 94 00:05:01,880 --> 00:05:04,320 decisions. Someone needs to make them, 95 00:05:04,320 --> 00:05:06,640 someone needs to govern them, and that's typically 96 00:05:06,640 --> 00:05:11,400 responsibility of the security. Plain ID places a lot of focus 97 00:05:11,600 --> 00:05:14,640 on managing and providing visibility into those 98 00:05:14,640 --> 00:05:19,400 authorization policies as well as enforcing them, providing the 99 00:05:19,400 --> 00:05:22,640 tools, the means to enforce them across the technology. 100 00:05:23,560 --> 00:05:27,680 I would say this is one of our major differentiators, our 101 00:05:27,680 --> 00:05:32,280 ability to see, to capture that whole scope of authorizations, 102 00:05:32,520 --> 00:05:36,760 not just one side of that challenge space. 103 00:05:38,080 --> 00:05:42,280 So authorization stretches beyond just people, all right? 104 00:05:42,280 --> 00:05:44,840 It gets into other things. So I'm curious, this is plain ID 105 00:05:44,840 --> 00:05:48,720 addressing both, like customer identity, access management, use 106 00:05:48,720 --> 00:05:51,400 cases, is it workforce? Is it both? 107 00:05:51,800 --> 00:05:55,280 And then how does it get into non humans or maybe agentic and 108 00:05:55,280 --> 00:05:57,720 things like that? Yeah, absolutely. 109 00:05:57,720 --> 00:06:01,200 So first of all, the answer is all of them. 110 00:06:01,280 --> 00:06:03,800 Why? Because they're all identities 111 00:06:03,800 --> 00:06:06,000 that need access. That's the bottom line. 112 00:06:06,240 --> 00:06:10,520 And eventually when you want to walk within your application 113 00:06:10,520 --> 00:06:15,040 space, data APIs, it doesn't really matter to the data if 114 00:06:15,040 --> 00:06:18,560 it's an end user, a human who's trying to access, or an 115 00:06:18,560 --> 00:06:21,720 application user or even an agent user. 116 00:06:22,120 --> 00:06:26,040 It's a user, an identity that tries to access the data or 117 00:06:26,040 --> 00:06:28,200 tries to consume the API or whatever. 118 00:06:28,360 --> 00:06:31,600 So an identity is an identity, by the way. 119 00:06:31,600 --> 00:06:35,600 It's the responsibility of, you know, all those Ibps to make 120 00:06:35,600 --> 00:06:38,560 sure the identity is there and it's authenticated and all of 121 00:06:38,560 --> 00:06:40,480 that. But then what happens 122 00:06:40,480 --> 00:06:43,840 afterwards? Afterwards those identities need 123 00:06:43,840 --> 00:06:46,240 the right access for whatever they're doing. 124 00:06:46,560 --> 00:06:50,680 And in some cases, maybe the combination of identities like 125 00:06:50,680 --> 00:06:55,680 in the identity earlier there's the agent identity and the end 126 00:06:55,680 --> 00:06:58,840 user identity. So you know very shortly all 127 00:06:58,840 --> 00:07:02,760 identities count, all identities need to be authorized. 128 00:07:03,800 --> 00:07:05,440 Hey, gal. I was so intrigued by what you 129 00:07:05,440 --> 00:07:09,040 said about authorization having an important role in the 130 00:07:10,280 --> 00:07:12,680 security stack. I was wondering if maybe you 131 00:07:12,680 --> 00:07:15,680 could talk a bit little bit more about that and what what it is 132 00:07:15,680 --> 00:07:19,440 that you're talking about? Yes, absolutely and thank you 133 00:07:19,440 --> 00:07:23,360 for that question. So you know the market has been 134 00:07:23,360 --> 00:07:28,160 investing a lot around managing identities whether human, non 135 00:07:28,160 --> 00:07:32,360 human authenticating identities. So we have all those controls in 136 00:07:32,360 --> 00:07:35,800 place. So our users are accessing the 137 00:07:35,800 --> 00:07:39,520 applications or you know all of our technology stack after they 138 00:07:39,520 --> 00:07:42,880 have gone through multiple multi factor authentications. 139 00:07:43,400 --> 00:07:44,920 But then what? What? 140 00:07:45,320 --> 00:07:48,640 How can we control what they can do, what they can see? 141 00:07:48,880 --> 00:07:50,720 That's where authorization comes in. 142 00:07:50,720 --> 00:07:54,840 It's like the last line of defence before accessing data 143 00:07:55,080 --> 00:07:57,640 and accessing all those tools and services. 144 00:07:57,960 --> 00:08:01,920 And why is it such an important topic now? 145 00:08:02,200 --> 00:08:07,400 Because the change in the market towards identic flows. 146 00:08:07,600 --> 00:08:13,080 That's when explosion of explosion of data usage, tool 147 00:08:13,080 --> 00:08:18,840 usage, API usage happens and no longer traditional controls are 148 00:08:18,840 --> 00:08:22,520 sufficient. We cannot rely just on having an 149 00:08:22,520 --> 00:08:26,280 identity or having the identity authenticated. 150 00:08:26,880 --> 00:08:30,040 Controls must be implemented in the right way. 151 00:08:30,200 --> 00:08:36,240 So the need for those controls are tripled even then they were 152 00:08:36,240 --> 00:08:37,840 before. That's why I'm saying it's a 153 00:08:37,840 --> 00:08:41,720 security decision. Every organization is evolving, 154 00:08:41,799 --> 00:08:45,920 evolving towards newer technologies, more specifically 155 00:08:45,920 --> 00:08:50,320 the identic space and authorization is a crucial 156 00:08:50,320 --> 00:08:54,680 component to secure that. So, Gal, you brought up an 157 00:08:54,680 --> 00:08:57,560 interesting topic there, Just authentication, right? 158 00:08:57,560 --> 00:09:00,600 And I realized that maybe we jumped right in because I think 159 00:09:00,600 --> 00:09:04,960 this is a topic that, you know, authentication, authorization, 160 00:09:05,200 --> 00:09:08,080 people get confounded sometimes or lump them together. 161 00:09:08,080 --> 00:09:12,160 And I think you see it even with some of the protocols where like 162 00:09:12,200 --> 00:09:17,080 the authorization data will get lumped in with the passing of 163 00:09:17,080 --> 00:09:19,240 the token. You got open ID, you've got 164 00:09:19,320 --> 00:09:22,760 Oauth. They're different, but unless 165 00:09:22,760 --> 00:09:26,120 you kind of are an expert in those areas, you might get them 166 00:09:26,120 --> 00:09:28,880 lumped together. Why is it that you think people 167 00:09:29,520 --> 00:09:30,840 are? Maybe you could just kind of 168 00:09:30,840 --> 00:09:34,040 start with the separation of the two, and then why do people get 169 00:09:34,040 --> 00:09:37,120 them lumped together? Yes, absolutely. 170 00:09:37,120 --> 00:09:40,040 So first of all, they should be lumped together because it's a 171 00:09:40,040 --> 00:09:44,360 continuous process, basically authentication, right, Defines 172 00:09:44,680 --> 00:09:47,840 who you are. But then authorization comes and 173 00:09:47,840 --> 00:09:52,240 says what can you do? Now if we rely just on 174 00:09:52,240 --> 00:09:57,800 authentication, it means who I am also carries what I do. 175 00:09:58,000 --> 00:10:03,440 So I'm walking around with a bag of privileges, which basically 176 00:10:03,480 --> 00:10:08,640 beats the purpose, right? We are now talking about 0 177 00:10:09,040 --> 00:10:12,800 standing privileges, which means who I am is just who I am. 178 00:10:12,800 --> 00:10:16,480 It doesn't mean what I can do. As I walk through in the 179 00:10:16,480 --> 00:10:20,760 application, as I try to access data, as I try to consume 180 00:10:20,760 --> 00:10:26,600 services, that's when I need to determine if that is is approved 181 00:10:26,600 --> 00:10:29,480 for me in the context which I'm working in, right? 182 00:10:29,640 --> 00:10:33,640 So there must be a very distinct separation between 183 00:10:33,920 --> 00:10:38,640 authentication, who you are, and then the continuous process of 184 00:10:38,640 --> 00:10:41,160 authorization. What can you do? 185 00:10:41,400 --> 00:10:44,960 But what can you do in a specific context which you're 186 00:10:44,960 --> 00:10:48,960 currently operating? It cannot be predefined, cannot 187 00:10:48,960 --> 00:10:51,920 be predetermined. How, if it makes sense? 188 00:10:52,960 --> 00:10:54,520 Yeah, perfect, perfect. Thank you. 189 00:10:54,840 --> 00:10:59,920 And you know, Jeff and I often say, and not just because you're 190 00:10:59,920 --> 00:11:02,560 here, right, is that authorization is having a stay 191 00:11:02,560 --> 00:11:05,280 in the sun. You know, you see the Austin 192 00:11:05,600 --> 00:11:10,840 Working Group, part of the Open ID Foundation, You see just so 193 00:11:10,840 --> 00:11:15,320 many more authorization vendors and focus at the identity 194 00:11:15,320 --> 00:11:18,200 conferences. I see you guys are still the 195 00:11:18,200 --> 00:11:21,840 lead in terms of kind of like pushing this boundary. 196 00:11:22,920 --> 00:11:27,760 But I guess my question is, why is it that it's so hot right 197 00:11:27,760 --> 00:11:30,240 now? And I say that because you guys 198 00:11:30,240 --> 00:11:32,600 have been around for decades, right? 199 00:11:32,600 --> 00:11:35,520 I mean, we didn't really get into what year you founded the 200 00:11:35,520 --> 00:11:39,000 company, but I feel like you guys have been around for most 201 00:11:39,000 --> 00:11:43,920 of my 20 years in the space. And why is it that right now 202 00:11:44,240 --> 00:11:46,320 it's getting this special attention? 203 00:11:46,920 --> 00:11:49,000 Yeah. Well, first of all, maybe not 204 00:11:49,000 --> 00:11:52,080 decades, but we do like to speak a lot, so we make a lot of 205 00:11:52,080 --> 00:11:53,200 noise. But thank you. 206 00:11:54,480 --> 00:11:58,800 I think the reason for the importance of now, why now is 207 00:11:58,800 --> 00:12:01,520 the moment. It's because the shift in 208 00:12:01,520 --> 00:12:06,520 technology authorization has always been the challenging part 209 00:12:06,520 --> 00:12:08,400 of identity and access management. 210 00:12:08,400 --> 00:12:13,480 And when it comes to traditional technology, it's complex, but 211 00:12:13,480 --> 00:12:18,200 when we are starting to look at a newer technology, APIs, micro 212 00:12:18,200 --> 00:12:22,600 services and now the identic space that when it becomes 213 00:12:22,600 --> 00:12:26,360 easier to implement more advanced controls. 214 00:12:26,640 --> 00:12:29,120 So that's the reason it's a hot topic now. 215 00:12:29,360 --> 00:12:34,320 Additionally, has the technology progress as we see again, I'm 216 00:12:34,360 --> 00:12:37,640 back to AI agents all the time because that's the hot topic 217 00:12:37,640 --> 00:12:41,480 now, yes. So as we see AI agent operates, 218 00:12:41,480 --> 00:12:43,640 what does it mean from technology perspective? 219 00:12:43,640 --> 00:12:49,600 It means a whole lot of little steps that are combined together 220 00:12:49,800 --> 00:12:53,960 to make something happen. And that means each and every 221 00:12:53,960 --> 00:12:58,440 one of those small steps in the process need to be authorized, 222 00:12:58,440 --> 00:13:01,280 not just authenticated, but needs to be authorized. 223 00:13:01,520 --> 00:13:05,800 And static standing permissions cannot address that. 224 00:13:06,160 --> 00:13:10,640 That's why the need for a true authorization system dynamic 225 00:13:10,640 --> 00:13:15,560 context aware is is very very much relevant for this time, 226 00:13:16,520 --> 00:13:19,520 which we are. So I think people are probably 227 00:13:19,520 --> 00:13:21,640 pretty familiar with authorization, at least the 228 00:13:21,640 --> 00:13:23,840 concept, especially when you start talking about humans. 229 00:13:23,880 --> 00:13:29,440 I want to get specifically into like agentic AI because that is 230 00:13:29,440 --> 00:13:31,080 the other thing that's so hot right now, right? 231 00:13:31,080 --> 00:13:35,680 It's is there are this explosion of agents that are running 232 00:13:35,680 --> 00:13:40,120 around sometimes amok inside of an organization with poorly 233 00:13:40,120 --> 00:13:42,880 scoped permissions or whatever it may be. 234 00:13:43,480 --> 00:13:47,600 Can you talk about authorization specifically in the context of a 235 00:13:47,640 --> 00:13:52,400 Gentek AI and sort of how does plane ID help me address that 236 00:13:52,400 --> 00:13:54,680 government, solve for it, things like that? 237 00:13:55,520 --> 00:13:58,440 Yes, absolutely. So there are several aspects to 238 00:13:58,440 --> 00:14:00,720 consider. First of all, who are we 239 00:14:00,720 --> 00:14:03,560 authorizing when it comes to the agentic process? 240 00:14:03,800 --> 00:14:07,320 We need to remember there are several identity types. 241 00:14:07,320 --> 00:14:10,120 I would say first of all, there is the agent, of course the 242 00:14:10,120 --> 00:14:14,400 agent, the agent identity, but there was also the end user 243 00:14:14,400 --> 00:14:19,560 identity always at least, well sometimes just one, but there 244 00:14:19,600 --> 00:14:22,800 can be two identities to consider. 245 00:14:23,120 --> 00:14:27,400 So when we are authorizing an action or access to something, 246 00:14:27,560 --> 00:14:30,440 we need to be able to evaluate both identities. 247 00:14:30,440 --> 00:14:32,040 Plain idea of course can do that. 248 00:14:32,800 --> 00:14:36,120 Second, when do we need to apply controls? 249 00:14:36,320 --> 00:14:40,800 Looking at the full identic flow, we have multiple control 250 00:14:40,800 --> 00:14:43,280 points to consider. It starts with a prompt. 251 00:14:43,280 --> 00:14:46,240 So every process starts with a prompt. 252 00:14:46,440 --> 00:14:49,080 The first control point is at that point. 253 00:14:49,080 --> 00:14:52,040 Exactly. Can whoever is asking the 254 00:14:52,040 --> 00:14:55,400 question or whoever is initiating the prompt actually 255 00:14:55,400 --> 00:14:58,600 do that? According to the security 256 00:14:58,600 --> 00:15:02,120 controls, in many cases people are talking about guardless. 257 00:15:02,320 --> 00:15:07,160 Guardless tend to be very operational in nature, but think 258 00:15:07,160 --> 00:15:09,880 about security guard. Those would be your 259 00:15:09,880 --> 00:15:13,760 authorization decisions. So again, one the prompt second 260 00:15:13,880 --> 00:15:19,360 data, an identic flow retrieves data whether it's via RAG or 261 00:15:19,400 --> 00:15:23,000 whatever other means, right data feeds into that flow. 262 00:15:23,640 --> 00:15:28,040 What data can be fed in the context of the end user identity 263 00:15:28,040 --> 00:15:32,320 and the agent identity? Then based on the question, the 264 00:15:32,320 --> 00:15:36,320 prompt, and the data, at least a process is generated. 265 00:15:36,320 --> 00:15:40,560 The LLM is suggesting all of that, and then the LLM might 266 00:15:40,560 --> 00:15:43,520 reach out to tools. You've probably heard of MCP, 267 00:15:43,840 --> 00:15:48,520 the standard for utilizing tools in the identic space. 268 00:15:48,520 --> 00:15:53,120 So again, the question is, can the agent at this point of time 269 00:15:53,120 --> 00:15:56,560 use those set of tools or which tools they can use? 270 00:15:56,560 --> 00:15:59,600 So we want to put some controls on tools as well. 271 00:16:00,240 --> 00:16:04,000 And the last part of that is the response and response is being 272 00:16:04,000 --> 00:16:07,120 generated. Maybe some of that response can 273 00:16:07,120 --> 00:16:12,000 expose data it shouldn't. So we want to consider masking 274 00:16:12,000 --> 00:16:16,800 the response plane ID today has the capability to control what 275 00:16:16,800 --> 00:16:21,280 questions can be asked, filter out the data which is fed into 276 00:16:21,280 --> 00:16:27,240 the process, control the usage of MCP tools and mask the 277 00:16:27,240 --> 00:16:30,280 response that is sent back to the user. 278 00:16:30,440 --> 00:16:34,800 So end to end control throughout the identic flow, and that's 279 00:16:34,800 --> 00:16:38,360 part of what an advanced authorization solution needs to 280 00:16:38,360 --> 00:16:42,440 do, cannot be done by just static permissions, needs to be 281 00:16:42,440 --> 00:16:46,880 governed by policies. So you mentioned the, the, the 282 00:16:46,880 --> 00:16:48,960 word guardrails and I've heard this a lot. 283 00:16:48,960 --> 00:16:53,480 And I wonder because is it guardrails or is it more of a 284 00:16:53,480 --> 00:16:56,120 railroad track? Because guardrails is kind of 285 00:16:56,120 --> 00:16:58,280 like, all right, it could be a 2 lane highway, it could be a one 286 00:16:58,280 --> 00:17:01,520 lane highway, it could be A8 lane highway with a lot of, you 287 00:17:01,520 --> 00:17:03,000 know, swerve in between all that. 288 00:17:03,000 --> 00:17:06,599 And I wonder do you have, you know, a, a, a different 289 00:17:06,599 --> 00:17:09,440 definition or distinction between something maybe that is 290 00:17:09,440 --> 00:17:13,520 from an authorization standpoint is OK, Is it guardrails or is it 291 00:17:13,520 --> 00:17:16,400 like a railroad track or maybe a roller coaster track, depending 292 00:17:16,400 --> 00:17:19,000 on you want to perceive that? Yeah. 293 00:17:19,000 --> 00:17:23,839 I think, I think it's a term is that the market has started 294 00:17:23,839 --> 00:17:27,680 using it's, it tends to be a more of a technical thing. 295 00:17:27,880 --> 00:17:33,920 It is very common to implement guardrails for prompt control, 296 00:17:33,920 --> 00:17:38,320 for output control. So we are, you know, we are 297 00:17:38,320 --> 00:17:41,200 aligning ourselves with the way the market is currently 298 00:17:41,200 --> 00:17:43,800 speaking. Basically it's a way to place 299 00:17:43,800 --> 00:17:46,640 controls. So controls are placed in the 300 00:17:46,640 --> 00:17:52,000 form of guardrails and they can be placed on the process that 301 00:17:52,000 --> 00:17:56,640 throughout the process input output data and tools. 302 00:17:57,520 --> 00:18:02,560 But I agree with the you know, the the the picture you draw 303 00:18:02,800 --> 00:18:05,440 absolutely. Well, I think, you know, when 304 00:18:05,440 --> 00:18:08,000 you have guardrails, especially when we're talking about agentic 305 00:18:08,000 --> 00:18:12,440 and generative AI, you, you almost need some leeway, right? 306 00:18:12,440 --> 00:18:15,320 Otherwise you kind of lose the benefits of having something 307 00:18:15,320 --> 00:18:17,600 that's generating that. So I just kind of brought it up 308 00:18:17,600 --> 00:18:20,080 because I was like, OK, well, I can see some people think out 309 00:18:20,080 --> 00:18:22,560 there like, OK, well, shouldn't authorization be like a single 310 00:18:22,560 --> 00:18:25,160 track or you can only do this one thing? 311 00:18:25,440 --> 00:18:29,800 But I, I guess my, my next question is, is there a right 312 00:18:29,800 --> 00:18:33,040 way to provide agentic authorization? 313 00:18:33,040 --> 00:18:35,400 Because you talked about, you know, the question is, can the 314 00:18:35,400 --> 00:18:38,520 person who is invoking the agent do the thing that you're asking 315 00:18:38,520 --> 00:18:42,400 it to do? So if I write an agent, does the 316 00:18:42,440 --> 00:18:45,920 agent mirror my permissions? Should it have its own set of 317 00:18:45,920 --> 00:18:47,760 permissions? What happens if the agent 318 00:18:47,960 --> 00:18:51,280 creates its own agent? And now you've got like this 319 00:18:51,560 --> 00:18:55,000 domino effect of agents creating agents, creating agents. 320 00:18:55,400 --> 00:18:57,680 How do you track permissions throughout that? 321 00:18:57,680 --> 00:19:00,000 And is there a right way in your mind of kind of how to control 322 00:19:00,000 --> 00:19:01,200 that? Yeah. 323 00:19:01,640 --> 00:19:04,800 So yeah, I think you asked me just, I don't know, four or five 324 00:19:04,800 --> 00:19:06,320 questions, but I'll try to answer. 325 00:19:06,320 --> 00:19:10,240 I'm great at that. Yeah, absolutely. 326 00:19:10,520 --> 00:19:13,000 OK. So first of all, you need to 327 00:19:13,000 --> 00:19:17,480 consider all identities involved in the context of the operation. 328 00:19:18,320 --> 00:19:22,480 So if there is an end user identity and an agent identity 329 00:19:22,480 --> 00:19:26,600 that is currently doing whatever operation in the decisioning 330 00:19:26,600 --> 00:19:28,800 process, both should be considered. 331 00:19:28,800 --> 00:19:30,840 You can't consider just one of them. 332 00:19:31,000 --> 00:19:35,040 Yes, an agent identity has authorization tied to it. 333 00:19:35,040 --> 00:19:39,240 Yes, an end user identity has different set of authorization 334 00:19:39,240 --> 00:19:42,840 tied to it. You need to consider that they 335 00:19:42,840 --> 00:19:47,520 both have more than just what is needed for that specific 336 00:19:47,520 --> 00:19:50,120 operation. And you know what that leads me 337 00:19:50,120 --> 00:19:52,480 to? What is the right method to 338 00:19:52,720 --> 00:19:55,360 control it all all and to manage it all? 339 00:19:55,720 --> 00:20:00,080 You know how the IEM market likes to create new acronyms 340 00:20:00,080 --> 00:20:01,920 every year, So we have a new one. 341 00:20:02,200 --> 00:20:04,480 It's called Intent Based access control. 342 00:20:04,640 --> 00:20:07,800 No, truly, this is a good. This is an important one to 343 00:20:07,800 --> 00:20:14,200 remember eventually to do the right authorization in process. 344 00:20:14,640 --> 00:20:18,600 You need to understand intent, and that means there is a 345 00:20:18,600 --> 00:20:21,560 specific agent designed for a specific purpose. 346 00:20:21,560 --> 00:20:25,680 Now, there might be a human who's using that agent or 347 00:20:25,680 --> 00:20:28,280 another agent who's initiating that agent. 348 00:20:28,560 --> 00:20:32,520 That's part of the intent. The second part is what are they 349 00:20:32,520 --> 00:20:36,520 trying to do? And then the last part is why 350 00:20:36,520 --> 00:20:42,120 are they doing that now? So in order to truly enforce is 351 00:20:42,120 --> 00:20:47,000 0 standing privileges, truly enforce security controls in the 352 00:20:47,000 --> 00:20:51,520 identic flow, you need to consider all of those facts, the 353 00:20:51,720 --> 00:20:55,120 aspects you need and to understand the intent of the 354 00:20:55,120 --> 00:20:57,600 operation and enforce accordingly. 355 00:20:58,240 --> 00:21:02,560 So gal, you, I want to come back to intent based access control 356 00:21:02,560 --> 00:21:05,360 because I think it's a fascinating topic, but I want to 357 00:21:05,360 --> 00:21:09,880 key on something you said to, you know, to Jeff's question. 358 00:21:10,200 --> 00:21:16,920 So first kind of the basis of my thought is a year ago we were 359 00:21:16,920 --> 00:21:21,400 talking about I am for AI and essentially what it boiled down 360 00:21:21,400 --> 00:21:24,440 to was like authentication to your AI. 361 00:21:24,440 --> 00:21:27,400 And I was like, that's not very exciting. 362 00:21:27,520 --> 00:21:30,840 But what you just said there was like, I was like, that's the 363 00:21:30,840 --> 00:21:33,320 hard part. I mean, that is the really hard 364 00:21:33,320 --> 00:21:38,160 part where you start talking about controlling what questions 365 00:21:38,160 --> 00:21:40,720 people can ask. And maybe this kind of blurs 366 00:21:40,720 --> 00:21:44,400 into the intent. But I figured the way I'd ask 367 00:21:44,400 --> 00:21:48,600 the question is this is because you've talked about addressing 368 00:21:48,600 --> 00:21:52,080 it with policy. And I'm wondering, you know, as 369 00:21:52,080 --> 00:21:56,760 you talk about the solution with customers or potential 370 00:21:56,760 --> 00:22:00,880 customers, are they presenting the same use cases? 371 00:22:01,200 --> 00:22:05,880 Are you seeing the same use cases or are people each client 372 00:22:05,880 --> 00:22:11,160 giving you kind of a a different set of use cases that hey, they 373 00:22:11,160 --> 00:22:13,680 need to solve and policy solves that? 374 00:22:14,560 --> 00:22:17,320 Yeah, So really excellent question. 375 00:22:17,320 --> 00:22:21,280 First of all, I want to say this is across the board, every 376 00:22:21,280 --> 00:22:25,360 customer I'm speaking with same challenges, they all want to 377 00:22:25,360 --> 00:22:28,640 adopt agents. They want to enable the 378 00:22:28,680 --> 00:22:32,680 organization to adopt agents. But then they need to do that in 379 00:22:32,680 --> 00:22:37,200 a secured way and they need a way to govern all those agents. 380 00:22:37,880 --> 00:22:42,040 I would even say many considered agent as a new type of 381 00:22:42,040 --> 00:22:44,560 employees. Remember how I don't know how 382 00:22:44,560 --> 00:22:48,920 many years ago we had to take care of our human employees? 383 00:22:49,000 --> 00:22:52,480 And I am struggled around that and we build a lot of 384 00:22:52,480 --> 00:22:57,320 technologies to solve that. And the, the thing about human 385 00:22:57,320 --> 00:23:01,880 employees, they do follow some, you know, rebuild controls, 386 00:23:01,880 --> 00:23:04,640 right? If we see a locked room, we are 387 00:23:04,640 --> 00:23:07,800 part of an organization. We wouldn't just walk in there. 388 00:23:08,200 --> 00:23:11,560 That's not the case with agents. That's that's really important 389 00:23:11,560 --> 00:23:14,960 to understand. Agents are your new type of 390 00:23:14,960 --> 00:23:17,760 employees, but they're very excited. 391 00:23:17,760 --> 00:23:23,160 They are like junior excited and employees that are meant to 392 00:23:23,160 --> 00:23:26,400 please. They are designed to provide you 393 00:23:26,400 --> 00:23:29,320 with a solution. They will do whatever they can, 394 00:23:29,680 --> 00:23:34,800 whatever is available to them, they would utilize in order to 395 00:23:34,800 --> 00:23:37,920 provide a solution. And that means if they have, 396 00:23:38,040 --> 00:23:41,920 they have more privileges they they should use, they can access 397 00:23:42,160 --> 00:23:44,680 more data than they should use. They will do that. 398 00:23:45,200 --> 00:23:50,760 And that would lead to either misuse of capabilities or data 399 00:23:50,920 --> 00:23:54,480 explosion exposure. Eventually that's that would be 400 00:23:54,480 --> 00:23:58,200 the reality. So that's why you need to treat 401 00:23:58,600 --> 00:24:03,480 those AI agent as a new type of employees and apply controls on 402 00:24:03,480 --> 00:24:06,040 top of them. But also understand that your 403 00:24:06,040 --> 00:24:08,800 traditional solutions are not sufficient. 404 00:24:09,120 --> 00:24:12,240 You need to apply the right controls here. 405 00:24:12,480 --> 00:24:15,960 And back to your question, yes, this is something I'm hearing 406 00:24:15,960 --> 00:24:19,200 across the board and speaking with a lot of organization, both 407 00:24:19,200 --> 00:24:23,000 from current customers and potential new customers. 408 00:24:23,440 --> 00:24:25,080 And they all have the same challenge. 409 00:24:25,120 --> 00:24:28,320 How do I control all those AI agents? 410 00:24:28,320 --> 00:24:31,680 How do I control what they do? How do I control what they 411 00:24:31,680 --> 00:24:34,280 expose? Because data exposure is 412 00:24:34,280 --> 00:24:37,120 certainly one of the biggest risk in this space. 413 00:24:38,520 --> 00:24:41,560 Can you, I, I don't want to put you on the spot here, but could 414 00:24:41,560 --> 00:24:46,640 you give me kind of a, a real world use case where you know, 415 00:24:46,760 --> 00:24:50,520 people are finding like, oh, you know, applying these policies or 416 00:24:50,520 --> 00:24:55,560 something I can really do to enhance the security of my AI 417 00:24:55,560 --> 00:24:58,640 agents? Yeah, absolutely. 418 00:24:58,640 --> 00:25:01,280 So, you know, let's start with very simple policy. 419 00:25:01,280 --> 00:25:05,920 First of all, let's prevent exposure of PII data. 420 00:25:06,360 --> 00:25:09,600 Just start with that. Any, I don't know, Social 421 00:25:09,600 --> 00:25:13,760 Security number or numbers you don't want to be exposed or 422 00:25:13,760 --> 00:25:16,320 whatever. Just start with applying that as 423 00:25:16,320 --> 00:25:21,720 a general rule, mask all PII data from your AI agents. 424 00:25:21,720 --> 00:25:25,960 Simple. OK, but other controls that I 425 00:25:25,960 --> 00:25:30,480 see I see being implemented controls such as cross-border 426 00:25:30,480 --> 00:25:35,000 controls. You want your AI agents to to 427 00:25:35,000 --> 00:25:38,160 serve your all of your employees in your companies or your 428 00:25:38,320 --> 00:25:41,360 partners or your customers, right? 429 00:25:41,680 --> 00:25:46,120 But you want to restrict access to data from different 430 00:25:46,120 --> 00:25:48,440 locations. Again, cross-border control. 431 00:25:48,440 --> 00:25:52,640 This is one of the top compliance requirements in many 432 00:25:52,640 --> 00:25:55,920 organizations. There's so much relevant here as 433 00:25:55,920 --> 00:25:59,280 well because the same data exposure that you could have 434 00:25:59,720 --> 00:26:03,560 gotten with previous technologies without a gentic 435 00:26:03,560 --> 00:26:05,440 are still very much relevant to you. 436 00:26:05,760 --> 00:26:09,920 If you have like, I don't know, MNPI data, again, exposure of 437 00:26:09,920 --> 00:26:11,880 data. Don't expose data. 438 00:26:11,880 --> 00:26:14,840 Take your most critical compliance policies. 439 00:26:15,000 --> 00:26:18,800 Apply them at the beginning of your identic journey. 440 00:26:19,360 --> 00:26:23,040 So you mentioned the intent based access control. 441 00:26:24,040 --> 00:26:25,760 I'm not. I mean it kind of sounded a 442 00:26:25,760 --> 00:26:29,040 little bit like it could be what you're talking about now or that 443 00:26:29,040 --> 00:26:31,240 it could be something different. Which is it? 444 00:26:32,400 --> 00:26:35,920 Yeah. So I think intent eventually is 445 00:26:35,920 --> 00:26:40,600 a way to achieve that that target. 446 00:26:40,600 --> 00:26:44,280 It's a way to achieve 0 standing privileges. 447 00:26:44,560 --> 00:26:47,720 So we I spoke before about 0 standing privileges. 448 00:26:47,720 --> 00:26:52,840 It basically means you enter the operation with nothing and then 449 00:26:52,920 --> 00:26:56,520 at each step it is determined what you can do right? 450 00:26:56,520 --> 00:27:01,480 That's zero standing privileges. How do you apply to 0 standing 451 00:27:01,480 --> 00:27:04,680 privileges? With intent based access 452 00:27:04,680 --> 00:27:07,680 control? Which is basically a nice name 453 00:27:07,680 --> 00:27:12,480 of saying consider everything when you give an access 454 00:27:12,480 --> 00:27:16,160 permission or reject that access permission. 455 00:27:16,160 --> 00:27:19,920 Which means they consider the identity, both end user 456 00:27:19,920 --> 00:27:22,480 identity, agent identity, consider what? 457 00:27:22,640 --> 00:27:25,520 What they're trying to do, what they're trying to access. 458 00:27:25,720 --> 00:27:29,600 Why are they doing that Now in this context, that's intent 459 00:27:29,600 --> 00:27:33,720 based access control. So achieving 0 standing 460 00:27:33,720 --> 00:27:36,880 privileges with intent based access control. 461 00:27:37,720 --> 00:27:41,840 Yeah, and it feels like everybody is trying to achieve 0 462 00:27:41,840 --> 00:27:44,920 standing privileges, right? Because when you have standing 463 00:27:44,920 --> 00:27:50,080 privileges, if accounts get compromised, it could be very 464 00:27:50,080 --> 00:27:54,320 destructive in your environment. My concern was your standing 465 00:27:54,320 --> 00:27:57,520 privileges has always been how scalable is it? 466 00:27:57,760 --> 00:28:02,360 Do you just kind of go after 0 standing privileges for your key 467 00:28:02,360 --> 00:28:09,160 applications, maybe for your most critical apps or your most 468 00:28:09,160 --> 00:28:11,880 critical accounts within those apps? 469 00:28:12,960 --> 00:28:14,720 What? What do you have to say about 470 00:28:14,720 --> 00:28:18,040 that? Yeah, I think that's a very true 471 00:28:18,040 --> 00:28:22,800 question as the, you know, every organization considers because I 472 00:28:22,800 --> 00:28:25,120 mean, you wouldn't want to change everything. 473 00:28:25,480 --> 00:28:30,800 So yes, prioritize what you want to start with and then implement 474 00:28:30,800 --> 00:28:33,400 a call, you know, implement accordingly. 475 00:28:33,400 --> 00:28:38,360 That's why new technologies are a good place to start. 476 00:28:38,360 --> 00:28:41,920 I mean, if you, we know we have done in the past bad 477 00:28:41,920 --> 00:28:44,680 implementations, we didn't implement the sufficient 478 00:28:44,680 --> 00:28:47,120 controls well, they needed to be right. 479 00:28:47,440 --> 00:28:51,520 But now we have a chance with new technologies to do that, 480 00:28:51,520 --> 00:28:55,720 right. So consider implementing as part 481 00:28:55,720 --> 00:28:59,160 of the development process, as part of the adoption of new 482 00:28:59,160 --> 00:29:02,080 technologies, meaning identity AI. 483 00:29:02,600 --> 00:29:05,800 Deploy that with the right controls in place. 484 00:29:05,800 --> 00:29:09,360 Don't do the mistakes, don't repeat the mistakes we have been 485 00:29:09,360 --> 00:29:12,960 doing over and over and over again, which means let's deploy 486 00:29:12,960 --> 00:29:17,880 our identic AI and then let's go back to security and figure out 487 00:29:17,880 --> 00:29:20,960 how to fix it. Now let's not do that. 488 00:29:20,960 --> 00:29:24,280 We know what we need to do. We have the market has a lot of 489 00:29:24,280 --> 00:29:26,880 experience. We know we need authentication. 490 00:29:26,920 --> 00:29:30,880 We know we need authorization. Going back to it is a security 491 00:29:30,880 --> 00:29:34,240 decision. Let's make those decisions now 492 00:29:34,480 --> 00:29:37,080 and start from scratch the right way. 493 00:29:37,720 --> 00:29:39,320 Yeah, I think you made a great point there. 494 00:29:39,320 --> 00:29:42,880 So if I was to put it into my own words, it would essentially 495 00:29:42,880 --> 00:29:48,200 be you might the scalability part really or it's the effort 496 00:29:48,200 --> 00:29:51,680 to go and do it for everything you've done the wrong way. 497 00:29:52,400 --> 00:29:55,320 And not because we're we're dumb or anything, but sometimes the 498 00:29:55,320 --> 00:29:58,760 technology wasn't there. Look, it's evolving quickly and 499 00:29:58,760 --> 00:30:01,240 we all are under. But if we get that 500 00:30:01,240 --> 00:30:05,280 infrastructure, if we get it right now and build it in bacon 501 00:30:05,280 --> 00:30:08,840 as part of the deployment process and our our standard 502 00:30:08,840 --> 00:30:12,160 security footprint, at least we'll get it right going 503 00:30:12,160 --> 00:30:15,600 forward. So I think that's a great way to 504 00:30:15,600 --> 00:30:19,080 look at it. You know, the other conversation 505 00:30:19,080 --> 00:30:23,200 that often kind of accompanies 0 standing privileges was around 506 00:30:23,200 --> 00:30:27,040 continuous identity, continuous authentication. 507 00:30:27,320 --> 00:30:29,040 I wanted to get your thoughts on that. 508 00:30:29,720 --> 00:30:34,200 Yeah. So I think the way I see that 509 00:30:34,200 --> 00:30:37,600 and the way the market typically speaks about that continuous 510 00:30:38,120 --> 00:30:42,040 authentication, continuous identity represents the process, 511 00:30:42,040 --> 00:30:45,960 the identity. Any identity goes through a in 512 00:30:45,960 --> 00:30:49,960 its digital journey, which means it always starts with a defined 513 00:30:49,960 --> 00:30:56,280 identity, authentication and then authorization, right? 514 00:30:56,280 --> 00:31:00,920 That's continuous because it doesn't end with authentication. 515 00:31:00,920 --> 00:31:03,600 It's not sufficient to know who you are. 516 00:31:04,160 --> 00:31:06,600 You also need to know what can you do? 517 00:31:06,840 --> 00:31:11,520 Can you see this piece of data? Can you access that tool of API 518 00:31:11,760 --> 00:31:14,600 right? Those are questions being asked 519 00:31:14,600 --> 00:31:18,040 throughout the process and that's what makes the process 520 00:31:18,040 --> 00:31:21,720 continuous. It starts with authentication, 521 00:31:22,440 --> 00:31:26,800 it proceeds with authorization and and you know, that's 522 00:31:26,800 --> 00:31:29,320 eventually what makes the full process secured. 523 00:31:30,720 --> 00:31:34,040 I'd like to take this from theory to reality. 524 00:31:34,520 --> 00:31:38,480 What does it look like when I set up plane ID in my 525 00:31:38,480 --> 00:31:39,960 environment? Like what does this look like 526 00:31:40,240 --> 00:31:43,520 architecturally? Is this an app that I run? 527 00:31:43,520 --> 00:31:46,360 Is it SAS? Is it something on Prem? 528 00:31:46,360 --> 00:31:48,680 How does this connect to my other stuff? 529 00:31:48,680 --> 00:31:52,640 Like let's start with OK you've got me hooked gal, let's try 530 00:31:52,640 --> 00:31:54,080 this out. Like what's next? 531 00:31:54,520 --> 00:31:56,600 Well, first of all, I'm happy to speak with you. 532 00:31:57,800 --> 00:32:00,200 Next step, we are a full SAS solution. 533 00:32:00,200 --> 00:32:05,520 We do have hybrid components. Many of our customers prefer the 534 00:32:06,080 --> 00:32:10,880 decisioning engine and you know access to data to be localized. 535 00:32:10,880 --> 00:32:15,160 So those would typically be implemented as hybrid component 536 00:32:15,520 --> 00:32:21,200 micro services, the design to scale design to for performance 537 00:32:21,200 --> 00:32:25,080 and security. So setting up the tenant, 538 00:32:25,080 --> 00:32:27,960 getting all those hybrid components in place and then you 539 00:32:27,960 --> 00:32:32,800 go for a process of discovery. Once you have discovery done, 540 00:32:33,040 --> 00:32:37,200 you can see all your ready to use policy elements. 541 00:32:37,200 --> 00:32:40,840 What would those be? Well, maybe your database 542 00:32:40,840 --> 00:32:44,440 tables. If it's vector databases, then 543 00:32:44,440 --> 00:32:48,880 it's all the categories that define the documents. 544 00:32:48,880 --> 00:32:53,040 If it's MCP or the MCP tools already categorized by the way, 545 00:32:53,040 --> 00:32:57,440 so it would be easy to authorize them all your identities, of 546 00:32:57,440 --> 00:32:59,600 course. And then it's just a matter of 547 00:32:59,680 --> 00:33:02,520 connecting between the two, which are the policies. 548 00:33:02,520 --> 00:33:06,360 Eventually policies connection between identities to what 549 00:33:06,360 --> 00:33:09,840 identities can access and adding some conditions on top. 550 00:33:11,320 --> 00:33:13,320 So you talked about this being a hybrid approach. 551 00:33:13,400 --> 00:33:16,120 The let's start with the on Prem stuff. 552 00:33:16,120 --> 00:33:18,400 You mentioned some things that that I have to install in my 553 00:33:18,400 --> 00:33:22,240 environment to connect. Pretty common, I think for most 554 00:33:22,240 --> 00:33:25,120 identity tools to have like some sort of proxy tool or 555 00:33:25,120 --> 00:33:27,600 connectivity sort of server that they can use. 556 00:33:28,320 --> 00:33:30,520 How does that work? Is it a virtual appliance? 557 00:33:30,520 --> 00:33:35,080 I set it up and then it's scanning my internal environment 558 00:33:35,120 --> 00:33:37,600 or permissions. Do I connect it to things like 559 00:33:38,320 --> 00:33:39,760 SAP? Like how does that work? 560 00:33:39,760 --> 00:33:40,920 Can't even learn more behind the scenes. 561 00:33:41,360 --> 00:33:44,000 Yeah. So it's a containerized by the 562 00:33:44,000 --> 00:33:45,920 way, it's an optional component, right? 563 00:33:45,920 --> 00:33:49,080 You can do full sauce and it works perfectly, but you can 564 00:33:49,080 --> 00:33:51,760 also choose that localized component. 565 00:33:52,360 --> 00:33:55,840 It's a container basically micro service deployed however you 566 00:33:55,840 --> 00:33:58,560 want, wherever you want, how many you want, by the way. 567 00:33:59,000 --> 00:34:02,200 And it has the function of a discovery. 568 00:34:02,280 --> 00:34:06,560 So it kind of scans whatever you want it to scan to fetch the 569 00:34:07,400 --> 00:34:09,920 elements. We call them assets. 570 00:34:09,920 --> 00:34:13,760 So those would be all protected assets, feeds them into the 571 00:34:13,760 --> 00:34:18,679 policy platform and then it supports enforcement and 572 00:34:18,840 --> 00:34:22,719 enforces data that would typically, and again, this is a 573 00:34:22,719 --> 00:34:27,639 bit of a technical jargon, so excuse me, but it includes APDP 574 00:34:27,960 --> 00:34:33,199 policy decision point, VIP policy information point that 575 00:34:33,199 --> 00:34:37,199 that's the component that connects to the data sources. 576 00:34:37,920 --> 00:34:44,159 And in the enforcement components, we call them again 577 00:34:44,159 --> 00:34:47,679 in the regular jargon, PEP policy enforcement point, but we 578 00:34:47,679 --> 00:34:52,360 like to call them authorizers. And those are components per 579 00:34:52,360 --> 00:34:55,880 technology. So for API gateways, the cycle 580 00:34:55,880 --> 00:35:01,000 for your service mesh, whatever library for your development 581 00:35:01,000 --> 00:35:04,040 platform and so on, we have many of those available. 582 00:35:05,240 --> 00:35:09,120 So how does this work from like a real time scanning or you 583 00:35:09,120 --> 00:35:11,520 know, set up right permissions change all the time. 584 00:35:11,520 --> 00:35:15,000 Are you detecting changes at the of permissions within 585 00:35:15,000 --> 00:35:19,080 applications and then pulling those into plane ID and then the 586 00:35:19,080 --> 00:35:20,880 PDP or PEP? And now you're speaking 587 00:35:20,880 --> 00:35:22,360 language, right? Policy based access controls, 588 00:35:22,720 --> 00:35:23,560 right? Those different terms. 589 00:35:23,800 --> 00:35:24,840 We've got a technical audience, right? 590 00:35:24,840 --> 00:35:28,520 They're probably flying along, but how do you stay on top of 591 00:35:28,520 --> 00:35:30,600 things that might be changing an environment? 592 00:35:30,600 --> 00:35:33,280 Is this scanning at real time or is it like once a day, once a 593 00:35:33,280 --> 00:35:35,080 week? Or is it like on demand? 594 00:35:35,920 --> 00:35:41,920 It's, it's on request actually. So we have the PIP component I 595 00:35:41,920 --> 00:35:44,360 mentioned before. It has the ability to connect to 596 00:35:44,360 --> 00:35:46,960 data sources. So let's say it connects to your 597 00:35:46,960 --> 00:35:52,120 IGA platform or maybe to your HR repository or maybe to 598 00:35:52,120 --> 00:35:55,200 certification system or to all, all of the above, right. 599 00:35:55,440 --> 00:35:59,640 It pulls data in the real time at the time of access. 600 00:35:59,640 --> 00:36:02,680 So let's say you're trying to access an application or 601 00:36:03,280 --> 00:36:08,200 database or whatever, right? So we can see that now you are 602 00:36:08,520 --> 00:36:12,960 defined as an employee in this department and you know in this 603 00:36:12,960 --> 00:36:15,880 region and make the decision accordingly. 604 00:36:16,240 --> 00:36:20,480 So it's true real time decisioning process according to 605 00:36:20,760 --> 00:36:24,040 a set of attributes which are out there. 606 00:36:24,040 --> 00:36:27,760 We are not replicating any data, not only for caching purposes, 607 00:36:27,760 --> 00:36:29,520 but that's on the technical discussion. 608 00:36:29,840 --> 00:36:34,520 So we are just pulling data when the data is needed to make the 609 00:36:34,520 --> 00:36:37,520 decision. So if I think about this from 610 00:36:37,520 --> 00:36:40,720 like a, a UML diagram, right, with things bouncing back and 611 00:36:40,720 --> 00:36:44,160 forth, I'm doing the authentication against my IDP 612 00:36:44,240 --> 00:36:48,240 and then I pull it back and it's like, OK, now where does the 613 00:36:48,240 --> 00:36:51,400 policy based authorization component come in? 614 00:36:51,400 --> 00:36:54,920 Is it as soon as I try to authenticate or is it when I try 615 00:36:54,920 --> 00:36:56,880 to reach reach a specific application? 616 00:36:57,320 --> 00:36:59,200 How does that chain of events occur? 617 00:36:59,680 --> 00:37:04,400 OK, so there are multiple patterns to to follow the first 618 00:37:04,400 --> 00:37:06,360 pattern. I'll try to quickly review some 619 00:37:06,360 --> 00:37:08,280 of them. So the first pattern is yes 620 00:37:08,280 --> 00:37:12,640 during authentication process. So when the IDP creates the 621 00:37:12,640 --> 00:37:17,760 authentication token, it is possible to reach out to the 622 00:37:17,760 --> 00:37:25,880 policy decision point to get a list of authorization values 623 00:37:25,880 --> 00:37:28,040 like claim keys, claim values and so on. 624 00:37:28,040 --> 00:37:30,120 This would be enriching the token. 625 00:37:30,280 --> 00:37:34,320 That is typically called a token enrichment pattern and it is 626 00:37:34,320 --> 00:37:36,600 part of login time authorization. 627 00:37:37,360 --> 00:37:40,920 So one pattern. Second pattern would be at your 628 00:37:40,920 --> 00:37:43,880 let's say API Gateway. So whenever there is a 629 00:37:43,920 --> 00:37:48,200 transaction through the API Gateway, the transaction is been 630 00:37:48,280 --> 00:37:53,680 is been evaluated against the policy with the addition of 631 00:37:53,680 --> 00:37:57,760 attributes as much as needed and then the transaction is either 632 00:37:57,760 --> 00:38:02,520 allowed to proceed or blocked. Another pattern would be an 633 00:38:02,520 --> 00:38:05,400 application trying to access a database. 634 00:38:05,680 --> 00:38:10,160 So the application sends a query, let's say it sends select 635 00:38:10,160 --> 00:38:13,880 all form table, no boundaries at all, no controls. 636 00:38:14,120 --> 00:38:19,080 We capture that and we add those controls according to the 637 00:38:19,080 --> 00:38:22,120 policy. So select all from table, but 638 00:38:22,240 --> 00:38:26,280 where location equals user location or whatever you see 639 00:38:26,440 --> 00:38:30,240 that's an example. Dynamic authorization can be 640 00:38:30,240 --> 00:38:32,840 positioned in all of those different locations. 641 00:38:32,840 --> 00:38:34,480 And there are other patterns as well. 642 00:38:34,640 --> 00:38:38,240 Didn't mention mention all of them, but we start with very 643 00:38:38,240 --> 00:38:42,800 coarse grained plug in time to be governed by policy to provide 644 00:38:42,800 --> 00:38:47,200 decisions dynamically and we go all the way to very fine grained 645 00:38:47,480 --> 00:38:51,720 at the data level. So low level filtering and 646 00:38:51,720 --> 00:38:55,480 column masking. I was reading your body language 647 00:38:55,480 --> 00:38:58,160 there, gal, when when Jeff was asking that question and you're 648 00:38:58,160 --> 00:39:02,440 like, oh, you want to go deep? And that was a great question. 649 00:39:02,440 --> 00:39:04,320 I'm sitting here enjoying the whole thing. 650 00:39:05,360 --> 00:39:09,000 My question is a little less technical, which is kind of from 651 00:39:09,800 --> 00:39:13,800 what you see with a typical customer approach. 652 00:39:13,800 --> 00:39:18,200 Is it they want to start off with one application or kind of 653 00:39:18,200 --> 00:39:23,560 how do they look at like I want to kind of test this and proof 654 00:39:23,560 --> 00:39:29,440 of concept or you know, I want to get my feet wet before I dive 655 00:39:29,440 --> 00:39:32,200 completely And so how do people start? 656 00:39:33,320 --> 00:39:35,280 Yes. So yes, typically with one 657 00:39:35,280 --> 00:39:39,520 application, maybe 2, but you want to start, you know, small 658 00:39:39,720 --> 00:39:42,880 because you want to see value as quick as possible. 659 00:39:43,120 --> 00:39:46,440 Let's say you want to start with an API use case. 660 00:39:46,440 --> 00:39:52,000 So just get your Swagger file, open API spec, whatever, send it 661 00:39:52,000 --> 00:39:55,600 over, it automatically maps to the policy elements and start 662 00:39:55,920 --> 00:39:58,720 enforcing policies. This is, by the way, with no 663 00:39:58,720 --> 00:40:01,320 change of code. It's so simple to implement. 664 00:40:01,520 --> 00:40:03,240 And there you go, you have your final. 665 00:40:03,520 --> 00:40:07,720 Controls at the business logic level, not just at the API 666 00:40:07,720 --> 00:40:10,040 level. Let's say you want to do the 667 00:40:10,040 --> 00:40:13,760 same with the data control. So it's a matter of discovering 668 00:40:13,760 --> 00:40:18,720 data structure, leading that into the policy, what we call 669 00:40:18,720 --> 00:40:22,000 policy building blocks and start building your policies. 670 00:40:22,480 --> 00:40:25,840 Obviously some implementation processes are more complex than 671 00:40:25,840 --> 00:40:27,760 other. No magic in technology. 672 00:40:27,760 --> 00:40:29,960 I wish they were, but no, that's not the case. 673 00:40:30,240 --> 00:40:32,920 But we are trying to make it as simple as possible. 674 00:40:32,920 --> 00:40:36,560 So back to our company name, plain ID. 675 00:40:36,720 --> 00:40:40,640 We are trying to make authorization as simple as 676 00:40:40,640 --> 00:40:45,040 possible so they will truly be implemented where they needed to 677 00:40:45,040 --> 00:40:49,720 be. So can can plain ID replace or 678 00:40:49,720 --> 00:40:53,600 centralized authorizations similar to how a lot of a lot of 679 00:40:53,600 --> 00:40:56,800 organizations might use like Active Directory groups, right 680 00:40:56,800 --> 00:40:59,960 as how they authenticate or I'm sorry, authorize into 681 00:40:59,960 --> 00:41:03,080 applications. Can plain ID act as that role? 682 00:41:03,080 --> 00:41:07,120 Or is it more on the policy side and relies on authorizations 683 00:41:07,120 --> 00:41:10,320 existing within an app? Can I shortcut essentially and 684 00:41:10,320 --> 00:41:15,440 say, OK people stop building your own authorization and let 685 00:41:15,440 --> 00:41:18,560 me centralized that and manage that for you as part of my IM 686 00:41:18,560 --> 00:41:19,560 program? Does that make sense? 687 00:41:20,320 --> 00:41:23,240 It actually makes sense. And yes, I do want to repeat 688 00:41:23,240 --> 00:41:25,920 that people, stop building your own authorizations. 689 00:41:26,000 --> 00:41:29,000 There are authorization solutions such as plane ID, 690 00:41:29,200 --> 00:41:31,320 Start using them. You don't need to build it by 691 00:41:31,320 --> 00:41:34,120 yourselves. However, it's not an Active 692 00:41:34,120 --> 00:41:37,480 Directory on it. And try the replacement, because 693 00:41:37,480 --> 00:41:42,520 what you, the example which you gave is providing users with 694 00:41:42,520 --> 00:41:45,800 roles or with group that is always still needed. 695 00:41:45,920 --> 00:41:49,600 Policies, authorization. In general, they do not replace 696 00:41:49,600 --> 00:41:52,560 roles. They do reduce the need the 697 00:41:52,560 --> 00:41:55,040 amount of them, but they do not replace them. 698 00:41:55,080 --> 00:41:59,960 Think of the role as an addition attribute on the identity, more 699 00:41:59,960 --> 00:42:02,520 information. Typically the information which 700 00:42:02,520 --> 00:42:06,440 identity holds is limited to, I don't know, job title, 701 00:42:06,440 --> 00:42:08,520 department, location and that's it. 702 00:42:08,720 --> 00:42:12,760 It's not sufficient when it comes to making decisions on 703 00:42:12,760 --> 00:42:15,480 which data you can access or whatever, right? 704 00:42:15,840 --> 00:42:21,000 So that's where roles would come in or other ways of enriching 705 00:42:21,000 --> 00:42:24,320 user data. So those would be all fits to 706 00:42:24,320 --> 00:42:26,960 the policy. So how do your customers 707 00:42:26,960 --> 00:42:29,600 typically measure that they're getting what they paid for out 708 00:42:29,600 --> 00:42:31,680 of this right? How do they measure success with 709 00:42:31,680 --> 00:42:35,760 the solution? I would assume faster, more 710 00:42:35,760 --> 00:42:38,680 streamlined, more secure authenticate authorizations. 711 00:42:38,680 --> 00:42:41,920 But are there other RO is that people look for when they say, 712 00:42:41,920 --> 00:42:44,400 OK, we've got plenty of D? Here's how we justified the 713 00:42:44,400 --> 00:42:47,080 spend. Yes, absolutely. 714 00:42:47,080 --> 00:42:50,240 So there are multiple metrics we can share. 715 00:42:50,520 --> 00:42:52,520 But you know I want to show one example. 716 00:42:52,520 --> 00:42:57,480 We have a customer which is a global bank and they implemented 717 00:42:57,480 --> 00:43:04,280 the whole like online back banking controls with plain ID. 718 00:43:04,600 --> 00:43:10,960 They used us at the API Gateway level, several API gateways and 719 00:43:10,960 --> 00:43:14,560 initially, you know, like every new technology, there is some 720 00:43:14,560 --> 00:43:18,320 resistance, don't know if that's the right solution and so on. 721 00:43:18,320 --> 00:43:22,480 Today they're at the point where the developer team, the 722 00:43:22,480 --> 00:43:27,000 application team, they are excited to, you know, send the 723 00:43:27,000 --> 00:43:29,520 APIs to the security team. Here you go. 724 00:43:29,520 --> 00:43:33,320 We want to deploy this API just logging to your policy and 725 00:43:33,320 --> 00:43:36,680 that's it. So it really reduced time to 726 00:43:36,680 --> 00:43:40,680 market for them. Every new API doesn't need to 727 00:43:40,680 --> 00:43:46,480 consider who the identity is. Does this identity can see this 728 00:43:46,480 --> 00:43:47,400 data? Whatever. 729 00:43:47,400 --> 00:43:52,400 No, they will focus on business logic they had to develop and 730 00:43:52,400 --> 00:43:56,440 all the enforcement was done by plane ID together with their API 731 00:43:56,440 --> 00:44:02,360 gateway in a very simplified way and it really helps them in 732 00:44:02,520 --> 00:44:05,240 provide faster value to their business. 733 00:44:06,560 --> 00:44:08,240 Well, actually kind of let off the episode, right? 734 00:44:08,320 --> 00:44:09,960 Authorization is so hot right now. 735 00:44:10,480 --> 00:44:13,080 So I feel like we need the Zoolander memes, you know, in 736 00:44:13,080 --> 00:44:15,080 full force here. This has been a great 737 00:44:15,080 --> 00:44:17,080 conversation and I would definitely encourage people go 738 00:44:17,080 --> 00:44:20,280 check out planeid.com/IDC, right? 739 00:44:20,280 --> 00:44:22,080 And check out what is going on there. 740 00:44:22,080 --> 00:44:27,160 I think you wrote a blog on the intent based access control. 741 00:44:27,600 --> 00:44:29,600 And so I think that'll be on that page of people check out. 742 00:44:30,320 --> 00:44:32,760 You know, there's, there's so much to unpack here, but 743 00:44:32,760 --> 00:44:35,520 hopefully this gives people kind of a sense of what they should 744 00:44:35,520 --> 00:44:39,120 be thinking about. So I want to end the episode on 745 00:44:39,120 --> 00:44:43,640 a little bit of a lighter note. We actually started to nerd out 746 00:44:43,640 --> 00:44:46,760 very, very slightly before we hit record when you mentioned 747 00:44:46,760 --> 00:44:50,760 that you're into science fiction and reading and things like 748 00:44:50,760 --> 00:44:52,880 that. And I am as well more on the 749 00:44:52,880 --> 00:44:54,600 listening side, the reading side. 750 00:44:54,600 --> 00:44:58,760 And so I want to ask you for either a recommendation for me 751 00:44:58,760 --> 00:45:00,160 or other people. I know there's a lot of sci-fi 752 00:45:00,160 --> 00:45:04,160 readers out there. What's the best sci-fi book that 753 00:45:04,160 --> 00:45:07,200 you've read within the last year or so that people should be 754 00:45:07,200 --> 00:45:08,520 checking out if they haven't already? 755 00:45:10,160 --> 00:45:13,080 OK, we'll continue that discussions for sure. 756 00:45:13,080 --> 00:45:18,360 So I want to recommend an old book, Isaac Asimov. 757 00:45:18,360 --> 00:45:22,440 So years ago I really enjoyed reading those books. 758 00:45:22,440 --> 00:45:27,920 I read them in cycle and everything that's happening now 759 00:45:27,920 --> 00:45:33,000 with the identic stuff made me go back to this to those books. 760 00:45:33,760 --> 00:45:38,760 The the one I just completed is Cave Caves of Steel, the first 761 00:45:38,760 --> 00:45:43,480 in the Robert series, I believe. I really recommend reading it 762 00:45:43,480 --> 00:45:46,440 again and the full series by the way, because it's really nice. 763 00:45:47,680 --> 00:45:51,080 You know, he saw something that's happening now. 764 00:45:51,080 --> 00:45:55,800 He saw that years ago. A lot of the stuff that he was 765 00:45:55,800 --> 00:45:59,600 writing about, I mean, people that are not familiar with us in 766 00:45:59,600 --> 00:46:03,040 all would probably say this is not sci-fi, what are you talking 767 00:46:03,040 --> 00:46:05,880 about? But it is, it's truly is. 768 00:46:05,880 --> 00:46:08,880 It was written like, I don't know, 40 years ago, something 769 00:46:08,880 --> 00:46:12,200 like that, maybe more. So it's really interesting to 770 00:46:12,200 --> 00:46:17,040 see the way he thought and how he thought technology would 771 00:46:17,040 --> 00:46:21,720 evolve, and especially what truly happened. 772 00:46:21,720 --> 00:46:26,000 And maybe, well, things did not happen as he predicted. 773 00:46:26,320 --> 00:46:30,360 And by the way, you know what's so intriguing about Tasimov? 774 00:46:30,360 --> 00:46:35,720 When he wrote the robot series, he actually placed the the free 775 00:46:35,720 --> 00:46:41,480 robot robot robot rules, right? So he actually defined robots 776 00:46:41,480 --> 00:46:46,080 with guardrails. By definition, that cannot be 777 00:46:46,080 --> 00:46:49,120 overcome. Obviously, as it evolved, 778 00:46:49,360 --> 00:46:52,480 another rule was added. But still, it's really nice to 779 00:46:52,640 --> 00:46:55,920 to go back to those books. So you mentioned Asimov and I 780 00:46:56,000 --> 00:46:58,360 and I feel like anything can be science fiction if you put your 781 00:46:58,360 --> 00:47:02,200 mind to it. But the Foundation series is one 782 00:47:02,200 --> 00:47:05,840 that I've always enjoyed and and now Apple TV has a series on it 783 00:47:05,840 --> 00:47:07,280 which I think is great. Not sure if you've checked that 784 00:47:07,280 --> 00:47:10,120 out yet, but Foundation is is definitely a good one too. 785 00:47:10,640 --> 00:47:14,360 Have you ever read the Bob Averse series of books? 786 00:47:16,520 --> 00:47:17,600 Not sure. OK. 787 00:47:17,880 --> 00:47:21,800 So this is one of my favorite series I think of of all time in 788 00:47:21,800 --> 00:47:23,960 science fiction. And it kind of follows the story 789 00:47:23,960 --> 00:47:31,400 of essentially an agentic AI and space exploration and humanity 790 00:47:31,400 --> 00:47:34,160 and all kinds of stuff. So if you like that sort of 791 00:47:34,160 --> 00:47:35,680 thing, I'm going to recommend the Bob verse. 792 00:47:35,920 --> 00:47:38,880 Shout out to my friend Aspen. I know he he's read it as well 793 00:47:38,880 --> 00:47:42,480 and I think there's like 6-6 books in the series and it's 794 00:47:42,480 --> 00:47:46,240 really kind of a really cool, I don't know, interesting 795 00:47:46,480 --> 00:47:47,720 approach. I just really like, I know I've 796 00:47:47,720 --> 00:47:49,840 talked about before on this show and other episodes, but Bob 797 00:47:49,840 --> 00:47:56,160 Averse, BOBIVERSE, Bob Averse are the ones that that I would 798 00:47:56,160 --> 00:47:59,520 check out. Jim, how into sci-fi are you? 799 00:47:59,520 --> 00:48:01,800 Because I don't I, I feel like you're not so much into the 800 00:48:01,800 --> 00:48:05,120 sci-fi side of things. Not really I, I feel like I'm, I 801 00:48:05,120 --> 00:48:09,040 feel like I live in sci-fi or that, you know, in the next few 802 00:48:09,040 --> 00:48:12,480 years with everything that's happening with AI, how quickly 803 00:48:12,480 --> 00:48:18,360 it's going, moving toward AGI, everything that's happening with 804 00:48:18,360 --> 00:48:21,120 robots and self driving cars. Think about it. 805 00:48:21,120 --> 00:48:24,680 I mean, we're of the generation where we grew up and we actually 806 00:48:24,680 --> 00:48:28,600 would watch black and white TV sometimes or we had color TV, 807 00:48:28,600 --> 00:48:32,800 but most people didn't have like color TV's in every room with a 808 00:48:32,800 --> 00:48:36,680 flat screen. And you know, so I already kind 809 00:48:36,680 --> 00:48:39,160 of feel like we're living a sci-fi a little bit. 810 00:48:39,640 --> 00:48:41,280 Now. I do want to send a shout out to 811 00:48:41,280 --> 00:48:43,040 one thing. So it's not a book that I've 812 00:48:43,040 --> 00:48:46,440 been reading, but are you guys familiar with Simulation Theory? 813 00:48:47,280 --> 00:48:49,680 That the fact that we might be living in a simulation. 814 00:48:49,920 --> 00:48:53,360 Yeah, exactly. I mean, that, like, makes me 815 00:48:53,360 --> 00:48:57,640 wonder, like, OK, well, things can't be that bad if we're just 816 00:48:57,640 --> 00:49:00,920 living in a simulation. Well, I mean, it depends on 817 00:49:00,920 --> 00:49:03,400 simulation. The entire story of the Matrix 818 00:49:03,400 --> 00:49:06,120 is essentially about living in a simulation. 819 00:49:06,800 --> 00:49:10,000 And if you follow the Matrix closely, which I do right, there 820 00:49:10,000 --> 00:49:11,560 were many versions of the Matrix. 821 00:49:11,560 --> 00:49:15,120 The first was, you know, ideally a utopia, and everyone was 822 00:49:15,120 --> 00:49:18,160 supposed to get along and the human mind rejected it, so they 823 00:49:18,200 --> 00:49:20,840 went the other way. So who knows? 824 00:49:21,320 --> 00:49:23,920 Are we there? I went out for a walk last night 825 00:49:23,920 --> 00:49:27,080 and there's somebody who has like a bunch of jeeps and stuff 826 00:49:27,080 --> 00:49:31,120 and they have all these Star Wars stickers and one says Sith 827 00:49:31,120 --> 00:49:34,280 security. I'm like, I know that Star Wars, 828 00:49:34,280 --> 00:49:38,840 but I have no idea what it is. And I kind of thought at the 829 00:49:38,840 --> 00:49:41,200 time it might come up in the podcast today. 830 00:49:41,200 --> 00:49:45,960 So I just wanted to let you know, like, I'm not into sci-fi. 831 00:49:45,960 --> 00:49:48,120 I've never seen a Harry Potter movie. 832 00:49:48,400 --> 00:49:52,800 I've never seen any any of those things. 833 00:49:53,440 --> 00:49:56,400 Well, first, we're only. Only a SIF deals and absolutes. 834 00:49:56,400 --> 00:49:58,120 So that's your first mistake right there. 835 00:49:58,720 --> 00:50:00,400 But shout out to that that bumper sticker. 836 00:50:00,400 --> 00:50:04,320 I think that's a great one is I'm getting the sense, Jim, that 837 00:50:04,320 --> 00:50:08,920 like us recording this podcast virtually is about as sci-fi as 838 00:50:08,920 --> 00:50:11,960 you get that fair. I mean, that's pretty sci-fi, 839 00:50:11,960 --> 00:50:13,560 right? I mean, could you imagine having 840 00:50:13,560 --> 00:50:16,000 done that when you were, like, a kid? 841 00:50:16,200 --> 00:50:19,400 We used to, like, record into tapes and splice it. 842 00:50:19,400 --> 00:50:22,880 Or you'd sit there and you'd listen to the radio station and 843 00:50:22,880 --> 00:50:25,000 hit record. When a new song was coming on. 844 00:50:25,520 --> 00:50:28,200 If it was one that you wanted, you keep recording. 845 00:50:28,200 --> 00:50:31,240 If it wasn't wasn't, you'd rewind and try to get right to 846 00:50:31,240 --> 00:50:35,200 the point on the tape. I mean, think about that to 847 00:50:35,200 --> 00:50:38,920 where we are today. I mean, yeah, we're living in 848 00:50:38,920 --> 00:50:40,840 sci-fi. Demure and old man, you're 849 00:50:40,840 --> 00:50:42,640 talking about black and white TV's. 850 00:50:42,640 --> 00:50:44,960 You're talking about making mixtapes on the stereo. 851 00:50:44,960 --> 00:50:46,960 Gal, I don't even know where to take like the rest of this 852 00:50:46,960 --> 00:50:51,000 conversation. Any comments for you gal before 853 00:50:51,000 --> 00:50:54,080 we close out? No, it's, it was an excellent 854 00:50:54,080 --> 00:50:56,360 discussion. I'm happy to catch up on that 855 00:50:56,560 --> 00:51:01,040 sci-fi book recommendation. You know, next time we'll meet. 856 00:51:01,080 --> 00:51:05,520 But thank you for hosting me in this episode. 857 00:51:05,520 --> 00:51:10,040 Absolutely enjoyable. Well, we appreciate, Yeah, thank 858 00:51:10,040 --> 00:51:12,560 you so much for sponsoring and definitely get the get out on 859 00:51:12,560 --> 00:51:15,520 the website show support for Plane ID, who's showing support 860 00:51:15,520 --> 00:51:19,280 for us here, planeid.com/IDAC. We'll have links in our show 861 00:51:19,280 --> 00:51:22,160 notes for that as well as gal to your LinkedIn profile. 862 00:51:22,160 --> 00:51:24,000 So people who can reach out either with sci-fi book 863 00:51:24,000 --> 00:51:28,040 recommendations or questions around anything BAC or maybe 864 00:51:28,960 --> 00:51:30,560 even AC access control at this point. 865 00:51:31,160 --> 00:51:33,600 Certainly appreciate it. So for that, we'll go ahead and 866 00:51:33,600 --> 00:51:36,000 meet it for this week. Thanks everyone for watching or 867 00:51:36,000 --> 00:51:37,520 listening. You can find us on the web 868 00:51:37,520 --> 00:51:41,040 idacpodcast.com and we'll talk with you all in the next one. 869 00:51:43,000 --> 00:51:46,080 You've been listening to Identity at the Center. 870 00:51:46,440 --> 00:51:50,520 We hope you've enjoyed the show. Make sure to like, rate and 871 00:51:50,520 --> 00:51:54,120 review, and we'll be back soon. But in the meantime, hit the 872 00:51:54,120 --> 00:51:57,560 website at identity@thecenter.com. 873 00:51:58,160 --> 00:52:02,280 See you next time on Identity at the Center.