1
00:00:00,160 --> 00:00:03,720
I kind of disagree with that. 
I think much better is kind of a

2
00:00:04,120 --> 00:00:08,240
a network of informed actors all
sharing information, right? 

3
00:00:08,560 --> 00:00:09,560
Do you have risk? 
Yes. 

4
00:00:09,560 --> 00:00:10,840
Do you have a risk assessment? 
Yes. 

5
00:00:10,840 --> 00:00:12,720
Do you have an idea of what's 
dangerous or not? 

6
00:00:13,000 --> 00:00:15,600
You do as well. 
And so let's share information, 

7
00:00:15,840 --> 00:00:19,280
kind of like dolphins saying, 
hey, the fish are coming to talk

8
00:00:19,280 --> 00:00:21,840
about dangerous actions or 
identities that aren't trusted 

9
00:00:21,840 --> 00:00:25,520
anymore or people aren't using 
trusted devices or whatever 

10
00:00:25,520 --> 00:00:28,320
else. 
And saying whoever is listing, 

11
00:00:28,320 --> 00:00:31,000
we're broadcasting this 
information out so that you, 

12
00:00:31,080 --> 00:00:34,560
another component in my client's
infrastructure, can take the 

13
00:00:34,560 --> 00:00:38,200
appropriate informed action. 
Now, just like the dolphins and 

14
00:00:38,200 --> 00:00:40,880
the Fisher people, the dolphins 
give the signal. 

15
00:00:41,040 --> 00:00:43,880
The Fisher people don't have to 
throw their Nets. 

16
00:00:43,920 --> 00:00:46,520
They have complete volition. 
They have complete control, 

17
00:00:46,520 --> 00:00:48,040
right? 
They can just sit there and do 

18
00:00:48,040 --> 00:00:51,640
nothing if they want. 
Shared signals is a way of 

19
00:00:51,640 --> 00:00:55,560
sharing information about 
identity context that let gives 

20
00:00:55,560 --> 00:00:58,040
that freedom to the receiver of 
the information. 

21
00:01:03,400 --> 00:01:08,560
This is identity at the center 
if it has anything to do with 

22
00:01:08,600 --> 00:01:13,200
IAM. 
This is the go to podcast now 

23
00:01:13,200 --> 00:01:17,120
your hosts Jim McDonald and Jeff
Steadman. 

24
00:01:23,480 --> 00:01:25,120
Welcome to the Identity of the 
Center podcast. 

25
00:01:25,120 --> 00:01:26,440
I'm Jeff, and that's Jim. 
Hey, Jim. 

26
00:01:26,640 --> 00:01:28,440
Hey, Jeff, how are you? 
Not so bad yourself. 

27
00:01:28,800 --> 00:01:31,560
I'm doing good, man. 
I've got all my beverages lined 

28
00:01:31,560 --> 00:01:34,560
up. 
I've got coffee, Pepsi, water. 

29
00:01:34,960 --> 00:01:36,000
I'm all set. 
You got a. 

30
00:01:36,000 --> 00:01:38,960
Primary, a secondary and a 
tertiary beverage. 

31
00:01:38,960 --> 00:01:43,040
Yes, in terms of caffeine order.
OK, and this is a crinkly water 

32
00:01:43,040 --> 00:01:44,920
bottle that's going to drive me 
crazy when you try to open that 

33
00:01:44,920 --> 00:01:45,680
later. 
Oh, yeah. 

34
00:01:46,080 --> 00:01:46,640
Oh, yeah. 
That's. 

35
00:01:46,720 --> 00:01:49,640
You see, Jeff, I do things to 
drive you crazy. 

36
00:01:49,680 --> 00:01:51,800
Yeah. 
I think all of the listeners and

37
00:01:51,800 --> 00:01:55,680
viewers know that by now. 
Yeah, I think it's an accurate 

38
00:01:55,680 --> 00:02:00,240
statement, yeah. 
So in for those of you who are 

39
00:02:00,240 --> 00:02:04,760
watching on YouTube, you'll see 
I'm wearing my white jacket with

40
00:02:04,760 --> 00:02:07,240
black lapel. 
So it's a, it's like a white 

41
00:02:07,240 --> 00:02:10,919
tuxedo jacket. 
And Ian Singh made a comment on 

42
00:02:10,919 --> 00:02:13,720
one of the pictures of us from 
the Authenticate conference that

43
00:02:13,720 --> 00:02:16,800
said, I've never seen Jim and 
Jeff wearing the same jacket. 

44
00:02:17,320 --> 00:02:20,600
And that's because I'm kind of 
known for wearing silly jackets.

45
00:02:20,920 --> 00:02:22,880
It's actually not silly. 
It's just a nice jacket. 

46
00:02:22,880 --> 00:02:26,920
But, you know, it's kind of like
within the spectrum. 

47
00:02:26,920 --> 00:02:30,280
It's off the spectrum in terms 
of, you know, bold style. 

48
00:02:30,320 --> 00:02:34,480
It is definitely a bold style 
choice or as I am, more of a 

49
00:02:34,480 --> 00:02:36,360
traditional, you know, blue 
spore coat. 

50
00:02:36,720 --> 00:02:38,720
I love the blue, the the blue 
polo. 

51
00:02:38,760 --> 00:02:40,800
This is my my jam. 
So I'm happy when I don't have 

52
00:02:40,800 --> 00:02:42,400
to wear a jacket or anything 
like that. 

53
00:02:42,400 --> 00:02:45,920
You like to do it Me now, I'd 
rather be cool temperature wise 

54
00:02:47,080 --> 00:02:48,920
before I'm not going to give you
that opening to get out. 

55
00:02:48,920 --> 00:02:51,760
I'd rather be cool. 
So we're here at Sale Point 

56
00:02:51,760 --> 00:02:56,080
navigate 2024 in Orlando, which,
you know, is my favorite place 

57
00:02:56,080 --> 00:02:57,440
in the world. 
Yeah, exactly. 

58
00:02:57,440 --> 00:02:59,920
When it's 70°, you're hot. 
Yeah, it was last night. 

59
00:02:59,920 --> 00:03:03,680
It was 70° and it was like, I 
think 146% humidity. 

60
00:03:04,200 --> 00:03:05,440
So there was like, you know, 
water. 

61
00:03:05,440 --> 00:03:06,680
What are we just forming in the 
air? 

62
00:03:06,920 --> 00:03:08,720
But yeah, most of the time we're
spent indoors in air 

63
00:03:08,720 --> 00:03:11,000
conditioning, so that's good. 
Yeah. 

64
00:03:11,000 --> 00:03:14,240
And The thing is like the 
allergy, you know, people don't 

65
00:03:14,240 --> 00:03:17,320
tune into the podcast here about
the allergies, allergy forecast 

66
00:03:17,320 --> 00:03:19,680
in Orlando. 
So we can probably cut right to 

67
00:03:19,680 --> 00:03:22,120
the good stuff. 
I will say that one of the 

68
00:03:22,120 --> 00:03:26,440
requests I got from a person 
named Rainer was a navigate 

69
00:03:26,440 --> 00:03:29,440
discount code. 
By the time this airs, it's 

70
00:03:29,440 --> 00:03:33,200
going to be too late for that to
for this information to be 

71
00:03:33,200 --> 00:03:35,560
valuable. 
But what I will commit to is 

72
00:03:35,560 --> 00:03:38,120
that I'm going to keep that in 
mind thinking about 

73
00:03:38,120 --> 00:03:40,600
international conferences and 
getting discount codes. 

74
00:03:40,840 --> 00:03:43,160
But I think that's one of the 
reasons people listen to the 

75
00:03:43,160 --> 00:03:46,240
podcast, right, is that we're 
able to get these special 

76
00:03:46,240 --> 00:03:48,480
discount codes, put them all in 
one place. 

77
00:03:48,480 --> 00:03:52,040
And what we always commit to is 
that we won't publish a discount

78
00:03:52,040 --> 00:03:53,800
code unless it's the best one 
that's out there. 

79
00:03:53,800 --> 00:03:54,840
Yeah. 
We don't want to be in 

80
00:03:54,840 --> 00:03:58,720
competition with better codes. 
That's a losing argument for us.

81
00:03:58,720 --> 00:04:00,600
So I do keep them on our 
website. 

82
00:04:00,600 --> 00:04:03,320
So if you go to our website, 
idacpodcast.com, you Scroll down

83
00:04:03,320 --> 00:04:04,960
a little bit, you'll see 
whatever the current discount 

84
00:04:04,960 --> 00:04:06,680
codes are. 
So I have them in there. 

85
00:04:06,920 --> 00:04:09,120
Identity Week actually gave us 
discount codes from around the 

86
00:04:09,120 --> 00:04:10,760
world. 
So when they had their Europe, 

87
00:04:11,280 --> 00:04:14,600
the America and the Asia 
conference that that same code 

88
00:04:14,600 --> 00:04:16,440
work for all that. 
But yeah, we, we will keep that 

89
00:04:16,440 --> 00:04:18,200
in mind and try to get as many 
as it can. 

90
00:04:18,200 --> 00:04:21,920
Doesn't cost anything for us, 
doesn't cost anything for, you 

91
00:04:21,920 --> 00:04:24,920
know, the person who uses it. 
And if somebody wants to partner

92
00:04:24,920 --> 00:04:27,160
with us to promote their 
conference or whatever and shoot

93
00:04:27,160 --> 00:04:30,120
us a discount code. 
You know, it does cost money as 

94
00:04:30,160 --> 00:04:32,480
us getting here. 
It does does cost money to get 

95
00:04:32,480 --> 00:04:34,320
here. 
So thanks to sale points and 

96
00:04:34,320 --> 00:04:38,000
thanks to RSM for bringing us 
out here and sponsoring this. 

97
00:04:38,000 --> 00:04:40,360
So we're we're upping our video 
games slightly. 

98
00:04:40,360 --> 00:04:43,840
We've got ARSM logo on that one.
When we get to our guests, 

99
00:04:43,840 --> 00:04:45,280
you'll see an RSM thing logo for
that. 

100
00:04:45,280 --> 00:04:48,280
So that is our day job that Jim 
and I do and we are actually 

101
00:04:48,280 --> 00:04:50,320
sponsors here at Navigate. 
So Full disclosure, right, We're

102
00:04:50,320 --> 00:04:54,200
part of that Sale Point 
ecosystem when it comes to 

103
00:04:54,200 --> 00:04:57,640
integration, things like that. 
So yes, thank you to Sale Point 

104
00:04:57,640 --> 00:04:59,800
RSM. 
And then before we get to our 

105
00:04:59,800 --> 00:05:01,280
guests, we're going to talk 
about Gartner. 

106
00:05:01,560 --> 00:05:03,560
Yeah. 
So the Gartner I am Summit is 

107
00:05:03,560 --> 00:05:05,600
coming up. 
It's December. 

108
00:05:05,600 --> 00:05:07,760
What is that 6th through 9th? 
I don't know. 

109
00:05:08,200 --> 00:05:11,560
I don't want to start like a 
disinformation campaign as 

110
00:05:11,560 --> 00:05:14,960
someone shows up in the 
Grapevine, TX area and there's 

111
00:05:14,960 --> 00:05:19,120
no conference. 
So check the it's in early 

112
00:05:19,120 --> 00:05:22,960
December and we have a discount 
code IDAC 375. 

113
00:05:22,960 --> 00:05:24,040
Guess how much that saves you? 
I'm. 

114
00:05:24,960 --> 00:05:27,480
Going to guess $375. 
That's a good guess. 

115
00:05:27,480 --> 00:05:29,880
I know I'm just a savant when it
comes to those numbers. 

116
00:05:29,880 --> 00:05:33,160
So we will have a link to the 
registration in the show notes. 

117
00:05:33,600 --> 00:05:38,000
And let's get on to today's main
topic in our awesome guest who 

118
00:05:38,240 --> 00:05:41,120
we I've been dying to get on 
this podcast for a long time. 

119
00:05:41,120 --> 00:05:43,560
Yeah, I'm really surprised. 
This is the first time we've had

120
00:05:43,560 --> 00:05:45,840
him on the show. 
We're going to talk about SSF, 

121
00:05:45,840 --> 00:05:48,520
We're going to talk about Cape, 
we're going to talk about risk, 

122
00:05:48,600 --> 00:05:52,040
we're going to talk about skim 
events and a whole bunch of 

123
00:05:52,040 --> 00:05:54,000
other IAM acronyms. 
Let me welcome to the show for 

124
00:05:54,000 --> 00:05:57,640
the first time, Mr. Mike Kyser. 
He's the director of Strategy 

125
00:05:57,640 --> 00:06:00,160
and Standards at Sale Point. 
Welcome to Dining at the Center.

126
00:06:00,720 --> 00:06:02,920
Thanks for having me guys, 
pleasure to be here. 

127
00:06:03,160 --> 00:06:04,360
This has been a long time 
coming. 

128
00:06:04,360 --> 00:06:07,680
While we actually spent a lot of
time last week for the 

129
00:06:07,680 --> 00:06:10,360
Authenticate conference and that
was great. 

130
00:06:10,360 --> 00:06:13,040
I want to talk about that. 
And then you're going to speak 

131
00:06:13,040 --> 00:06:16,280
here tomorrow in real time. 
So today for us is Tuesday, 

132
00:06:16,280 --> 00:06:19,560
October 22nd, but you're 
actually speaking tomorrow and 

133
00:06:19,560 --> 00:06:21,720
this episode is not going to 
come out till middle November 

134
00:06:21,720 --> 00:06:23,720
ish. 
Just the way things kind of work

135
00:06:23,720 --> 00:06:25,520
out. 
But I want to get into that. 

136
00:06:25,520 --> 00:06:28,120
But tradition, first time you're
on the show, we always like to 

137
00:06:28,120 --> 00:06:29,560
find out our identity 
backstories. 

138
00:06:30,280 --> 00:06:32,120
How did you get into the world 
of identity? 

139
00:06:32,120 --> 00:06:34,200
Is it something that you chose 
or did it choose you? 

140
00:06:35,160 --> 00:06:37,840
Good question. 
I think like most people like 

141
00:06:37,840 --> 00:06:43,120
kind of chose me, right? 
I started out in my early days, 

142
00:06:43,120 --> 00:06:47,240
back in ancient history, looking
to be a physicist, 

143
00:06:47,320 --> 00:06:50,600
astrophysicist, astronaut, 
politician. 

144
00:06:50,600 --> 00:06:53,720
There's a whole a whole thing 
there, a real Renaissance man. 

145
00:06:54,120 --> 00:06:56,760
You. 
Know or drunk for a thirst for 

146
00:06:56,760 --> 00:07:01,040
power or something, right? 
Eventually though, I did some 

147
00:07:01,200 --> 00:07:04,160
some stuff in in those arenas. 
Not the politics stuff, but the 

148
00:07:04,600 --> 00:07:07,200
physics and astrophysics. 
But eventually wound up 

149
00:07:07,200 --> 00:07:10,960
graduating from the glorious 
University of Texas gym with a 

150
00:07:11,400 --> 00:07:16,000
computer science degree and then
looked around for kind of hard 

151
00:07:16,000 --> 00:07:19,240
problems. 
And one of those was security. 

152
00:07:19,400 --> 00:07:24,800
And so kind of thinking, 
thinking about how to make sure 

153
00:07:24,800 --> 00:07:29,000
people had the right access, but
more from a authorization 

154
00:07:29,000 --> 00:07:32,240
authentication perspective. 
And then kind of did different 

155
00:07:32,240 --> 00:07:35,440
things with IBM for about 16 
years and wound up at sale 

156
00:07:35,440 --> 00:07:38,880
point. 
So it wound up combining 

157
00:07:39,400 --> 00:07:42,200
multiple streams of what I've 
done over the years, the 

158
00:07:42,200 --> 00:07:47,640
technology side, but also the 
culture impact to what's called 

159
00:07:47,640 --> 00:07:51,760
normal people side. 
I love things that combine 

160
00:07:51,760 --> 00:07:55,760
different areas and different 
angles on the same problem 

161
00:07:56,720 --> 00:07:59,160
because it it just helps people 
understand it and grasp it. 

162
00:07:59,160 --> 00:08:02,440
And I like questions that have 
no real straight up solid 

163
00:08:02,440 --> 00:08:03,440
answers. 
So I. 

164
00:08:03,440 --> 00:08:06,040
Think you have the job where a 
lot of people are like, I wanted

165
00:08:06,040 --> 00:08:07,560
to do that. 
I want to spend all my time 

166
00:08:07,560 --> 00:08:11,080
working on standards and getting
on stage and speaking at 

167
00:08:11,080 --> 00:08:15,600
conferences like how does 
somebody become Mike Kaiser? 

168
00:08:15,720 --> 00:08:17,720
How does somebody work their way
into a role like? 

169
00:08:17,720 --> 00:08:20,400
That First off, that's a 
terrible idea to become Mike 

170
00:08:20,400 --> 00:08:24,160
Kaiser. 
I, I think that you always see 

171
00:08:24,160 --> 00:08:29,680
the surface level of everything.
So I think while speaking and 

172
00:08:29,680 --> 00:08:32,080
writing is very visible, unless 
you're doing something of 

173
00:08:32,080 --> 00:08:35,799
substance on the back end, it's 
kind of all for naughty, right? 

174
00:08:37,000 --> 00:08:40,600
I grew up with a father who is 
in public relations. 

175
00:08:40,600 --> 00:08:42,280
And so I grew up speaking and 
writing. 

176
00:08:42,280 --> 00:08:43,919
And then I also had the 
technical side. 

177
00:08:44,400 --> 00:08:48,120
But I've always tried to to find
things that kind of combine 

178
00:08:48,120 --> 00:08:51,400
those, right? 
Putting things in ways that 

179
00:08:52,080 --> 00:08:56,760
people can understand and grasp 
and, and use and talk about the 

180
00:08:56,760 --> 00:09:00,120
next dinner party and not bore 
the entire room, right? 

181
00:09:00,120 --> 00:09:03,720
That's all kinds of things. 
So having substance working on 

182
00:09:03,720 --> 00:09:07,680
something either as standards or
developing products or educating

183
00:09:07,680 --> 00:09:10,960
people, whatever it is, and then
doing the other things on top of

184
00:09:10,960 --> 00:09:14,400
it is possibly the way to go. 
I've got to figure that there's 

185
00:09:14,400 --> 00:09:17,040
a lot of like doing the 
extracurricular right? 

186
00:09:17,040 --> 00:09:21,440
Because I'm, I'm trying to get 
for somebody who's trying to 

187
00:09:21,440 --> 00:09:26,160
figure out the path to become in
the position or the type 

188
00:09:26,160 --> 00:09:30,320
position that you're in. 
It's, this is my belief is that 

189
00:09:30,320 --> 00:09:34,840
it's working a lot of overtime. 
Not overtime, like for a job, 

190
00:09:34,840 --> 00:09:37,920
but volunteering to be part of 
these groups, the Kantara 

191
00:09:37,920 --> 00:09:43,320
initiative, things like that and
getting in the know, but meeting

192
00:09:43,320 --> 00:09:45,080
people, networking, things like 
that. 

193
00:09:45,320 --> 00:09:46,720
Yeah. 
And there there's a place for 

194
00:09:46,720 --> 00:09:48,920
everybody, I would say. 
I think it's one of the things 

195
00:09:48,920 --> 00:09:52,480
that ID Pro does really well is 
it gives that community where 

196
00:09:52,480 --> 00:09:55,680
you can come in and say how does
this work? 

197
00:09:55,680 --> 00:09:58,360
Where is my place? 
Your place might be standards or

198
00:09:58,360 --> 00:10:01,880
it might be doing technical 
stuff, might be architecture or 

199
00:10:01,880 --> 00:10:05,800
consulting or implementation. 
It might be education, writing. 

200
00:10:06,840 --> 00:10:09,880
The danger is saying, oh, I want
to be like that person, so I 

201
00:10:09,880 --> 00:10:11,760
have to be exactly like that 
person. 

202
00:10:12,440 --> 00:10:14,640
That's not really true. 
If you look at most of the 

203
00:10:14,640 --> 00:10:17,800
people in our industry who 
people know, most of them didn't

204
00:10:17,800 --> 00:10:21,880
start outgoing into identity. 
They kind of took a random path.

205
00:10:21,880 --> 00:10:24,680
I think that random path kind of
like you're implying Jim pays 

206
00:10:24,680 --> 00:10:26,680
off right. 
If you're interested, if you're 

207
00:10:26,680 --> 00:10:30,480
curious about lots of different 
things, then I think that that 

208
00:10:30,480 --> 00:10:33,720
pays off in in the longer term, 
right? 

209
00:10:33,720 --> 00:10:35,880
Because now you're more 
well-rounded person. 

210
00:10:36,600 --> 00:10:40,080
You see different angles, you 
see the implications for for 

211
00:10:40,080 --> 00:10:42,440
usage and everyday and and that 
kind of thing. 

212
00:10:42,560 --> 00:10:44,280
So. 
But that's identity, right? 

213
00:10:44,280 --> 00:10:46,760
I mean, identity is made-up of a
whole bunch of different 

214
00:10:46,760 --> 00:10:49,600
backgrounds, people, experience,
etcetera. 

215
00:10:49,600 --> 00:10:52,840
So all of those contribute 
really to the success of the 

216
00:10:52,840 --> 00:10:55,320
industry itself is we need those
viewpoints. 

217
00:10:55,720 --> 00:10:57,760
Because if you get into your 
little bubble, you start to 

218
00:10:57,760 --> 00:11:00,240
design only for your little 
bubble, and it falls apart very 

219
00:11:00,240 --> 00:11:02,640
quickly when you hit the real 
world where you have all those 

220
00:11:02,640 --> 00:11:04,000
other parameters you have to 
account for. 

221
00:11:04,360 --> 00:11:06,000
Yeah, completely, completely 
agree. 

222
00:11:06,680 --> 00:11:08,840
So you were at Authenticate last
week with us. 

223
00:11:09,120 --> 00:11:12,640
You gave a fantastic 
presentation that's I don't even

224
00:11:12,640 --> 00:11:14,400
know how to describe it. 
I want you to describe it 

225
00:11:14,400 --> 00:11:20,680
because it was a Sonic 
presentation and it included 

226
00:11:20,680 --> 00:11:23,000
bolero and graphics that you 
made. 

227
00:11:23,000 --> 00:11:25,480
We were geeking out about After 
Effects earlier. 

228
00:11:26,480 --> 00:11:28,920
Take people through who who 
weren't there, haven't seen 

229
00:11:28,920 --> 00:11:30,800
this. 
Tell us about that presentation.

230
00:11:30,960 --> 00:11:35,400
Sure. 
It's I wanted to talk about a is

231
00:11:35,400 --> 00:11:40,680
impact on authentication and 
authenticity and culture, right.

232
00:11:41,120 --> 00:11:44,600
And so I had heard about in 
talking about doing homework, 

233
00:11:44,600 --> 00:11:46,760
I'm always listening for ideas 
and stories. 

234
00:11:47,160 --> 00:11:49,600
There's a writer named Michael 
Korost who writes for Wire 

235
00:11:49,600 --> 00:11:51,960
magazine. 
And a couple of years ago, he, 

236
00:11:52,200 --> 00:11:55,240
he posted an article talking 
about how he had a hearing 

237
00:11:55,240 --> 00:11:58,840
deficiency, had hearing aids 
from a young age, but he loved 

238
00:11:58,880 --> 00:12:02,640
Bolero and he could, he had had 
difficulty enjoying music except

239
00:12:02,640 --> 00:12:05,840
for this one piece. 
And Bolero is repetitive and 

240
00:12:05,840 --> 00:12:08,560
it's clear and it's easy to 
grasp and it's got a clear 

241
00:12:08,560 --> 00:12:10,240
message. 
And he heard it when he was 15, 

242
00:12:10,480 --> 00:12:13,400
loved it, became part of his 
kind of authentic identity. 

243
00:12:14,120 --> 00:12:17,920
In 2001, within 4 hours, he went
completely deaf. 

244
00:12:17,920 --> 00:12:19,680
He couldn't hear anything 
anymore. 

245
00:12:20,000 --> 00:12:21,720
And he went and got cochlear 
implants. 

246
00:12:22,600 --> 00:12:25,360
And when he did that, he turned 
on Bolero again. 

247
00:12:25,360 --> 00:12:29,240
Instead of hearing his beloved 
melody, he heard nothing but 

248
00:12:29,240 --> 00:12:32,080
kind of distorted static, the 
signals coming to his brain. 

249
00:12:32,320 --> 00:12:34,640
The way cochlear implants work 
as they bypass your outer ear 

250
00:12:34,640 --> 00:12:37,160
and go right into your brain 
directly, your brain can't 

251
00:12:37,160 --> 00:12:40,720
really handle the change and the
side effects of technology 

252
00:12:40,720 --> 00:12:43,720
adoption. 
Easy translation to AI, right? 

253
00:12:43,720 --> 00:12:47,600
We're rushing to adopt AI, in 
particular generative AI, and 

254
00:12:47,600 --> 00:12:49,800
we're dealing with the side 
effects as a culture. 

255
00:12:49,800 --> 00:12:51,520
It's kind of eroding 
authenticity. 

256
00:12:51,840 --> 00:12:56,000
You combine Cross Story with the
story of Bolero, which pits 

257
00:12:56,320 --> 00:13:01,440
technology with a rhythm section
and a recurring melody for 18 

258
00:13:01,440 --> 00:13:03,720
long minutes. 
It builds up into this conflict 

259
00:13:03,720 --> 00:13:06,280
with you in the middle trying to
decide what's going to win. 

260
00:13:06,280 --> 00:13:08,800
You know, classic late afternoon
thriller. 

261
00:13:08,800 --> 00:13:11,240
Is technology going to destroy 
humanity or is humanity going to

262
00:13:11,240 --> 00:13:12,080
survive? 
Right. 

263
00:13:13,200 --> 00:13:14,680
Listen to the song. 
It's pretty great. 

264
00:13:14,680 --> 00:13:18,200
I think. 
Jeff, you did recently that 

265
00:13:18,200 --> 00:13:20,520
poses the same questions we 
should be asking yourself. 

266
00:13:20,800 --> 00:13:25,040
What is being ceded to AI and 
technology and these kinds of 

267
00:13:25,040 --> 00:13:26,760
things. 
So I was raising some of those 

268
00:13:26,760 --> 00:13:31,800
issues from claiming authorship 
versus using AI as a tool to 

269
00:13:31,800 --> 00:13:36,160
wholly ceding control. 
There's a a mayoral candidate in

270
00:13:36,160 --> 00:13:39,840
Cheyenne, WY you can vote for 
Who's Day chatbot literally or 

271
00:13:39,840 --> 00:13:43,160
dealing with grief and loss 
through AI creations. 

272
00:13:43,440 --> 00:13:45,560
It's all those questions we need
to ask what's being seated 

273
00:13:45,560 --> 00:13:48,680
technology and then the end the 
end of The thing is I've totally

274
00:13:48,680 --> 00:13:52,440
ruined my whole talk is that 
cochlear patients actually they 

275
00:13:52,440 --> 00:13:55,360
remember their brains remember 
what the truth was that they 

276
00:13:55,360 --> 00:13:58,800
knew the sound to be and so the 
signals eventually get remapped 

277
00:13:58,800 --> 00:14:02,560
in their brain to that truth. 
And so my argument was we need 

278
00:14:02,560 --> 00:14:06,440
to remember our authentic 
humanity and embrace those use 

279
00:14:06,440 --> 00:14:10,120
cases, whether it's a personal 
assessment of what we do or 

280
00:14:10,120 --> 00:14:14,680
using ethics canvases to guide 
our use of AI or supporting data

281
00:14:14,680 --> 00:14:17,800
provenance efforts through 
things like watermarking and, 

282
00:14:17,800 --> 00:14:20,560
and the like, or combating 
disinformation campaigns. 

283
00:14:20,920 --> 00:14:23,400
Or the closest one in my heart 
right now is the death and 

284
00:14:23,400 --> 00:14:26,080
digital estate with the Open ID 
Foundation, where we're trying 

285
00:14:26,080 --> 00:14:29,280
to give people volition over 
their digital life and their 

286
00:14:29,280 --> 00:14:32,200
digital identity, even after 
they're gone, how they're 

287
00:14:32,200 --> 00:14:34,640
represented, how they're 
preserved or not, how to get 

288
00:14:35,000 --> 00:14:37,960
their to their controls or the 
resources, all that kind of 

289
00:14:37,960 --> 00:14:40,120
stuff. 
And so like I said, I wasn't 

290
00:14:40,120 --> 00:14:42,360
trying to say, hey, here's the 
easy solution because I don't 

291
00:14:42,360 --> 00:14:44,240
think there's necessarily an 
easy solution. 

292
00:14:44,240 --> 00:14:48,440
It's more of a let's think about
this and as a collective, as a 

293
00:14:48,440 --> 00:14:51,640
community, have these 
discussions so that we can try 

294
00:14:51,640 --> 00:14:54,320
and safeguard as much of what I 
would consider to be authentic 

295
00:14:54,320 --> 00:14:57,040
humanity as we could so. 
It was a really good 

296
00:14:57,040 --> 00:14:58,840
presentation. 
And you gave homework at the 

297
00:14:58,840 --> 00:14:59,880
end. 
I did. 

298
00:14:59,880 --> 00:15:02,560
And if we have time at the end 
of the show, I want to get back 

299
00:15:02,560 --> 00:15:05,560
into that homework because I 
shared with you kind of before 

300
00:15:05,560 --> 00:15:07,880
we hit record, here's kind of 
what I thought, but I'm curious 

301
00:15:07,880 --> 00:15:10,760
to see and have that kind of 
recreate that, that discussion. 

302
00:15:11,600 --> 00:15:13,680
And you're, you're here at sale 
point navigate just like 

303
00:15:13,720 --> 00:15:15,560
obviously we are and you're 
going to give a conversation 

304
00:15:15,560 --> 00:15:18,720
tomorrow around Cape risk and 
skin events. 

305
00:15:18,720 --> 00:15:20,800
Give us a preview of what we can
expect to see for that. 

306
00:15:21,160 --> 00:15:24,440
Yeah. 
So with that talk, I'm starting 

307
00:15:24,440 --> 00:15:27,920
from kind of the ground up with 
the shared signals framework 

308
00:15:27,920 --> 00:15:32,200
and, and what that implies for 
all of us as practitioners. 

309
00:15:32,960 --> 00:15:34,480
Since this isn't going out till 
later. 

310
00:15:34,480 --> 00:15:37,240
I can tell you what I'm 
basically I'm talking about 

311
00:15:37,240 --> 00:15:39,400
dolphins. 
The reason I'm talking about 

312
00:15:39,400 --> 00:15:45,120
dolphins in South America, there
is a pod, pod of dolphins, pod 

313
00:15:45,120 --> 00:15:49,440
of dolphins, OK, nailed it. 
Pod of dolphins that cooperates 

314
00:15:49,440 --> 00:15:54,640
with Fisher people on the coast 
to the point where the dolphins 

315
00:15:54,640 --> 00:15:56,600
swim up. 
People with Nets are waiting on 

316
00:15:56,600 --> 00:15:59,560
the shore. 
The dolphin gives a signal. 

317
00:16:00,360 --> 00:16:03,400
Fishermen cast their net, the 
the dolphins drive the school of

318
00:16:03,400 --> 00:16:07,320
fish in the Nets descend, they 
get they catch fish as they do, 

319
00:16:07,320 --> 00:16:10,480
dolphins come in and take a 
couple fish and everybody's 

320
00:16:10,480 --> 00:16:13,800
happy. 
Scientific paper released this 

321
00:16:13,800 --> 00:16:18,280
year early last year shows that 
that cooperation makes people 

322
00:16:18,280 --> 00:16:22,080
catch more fish, makes a dolphin
survive longer because they're 

323
00:16:22,080 --> 00:16:24,720
not caught up in other fishing 
mechanisms. 

324
00:16:25,120 --> 00:16:29,240
So mutual cooperation is the 
name of the game and benefits 

325
00:16:29,240 --> 00:16:31,280
both. 
Combine that with the idea that 

326
00:16:31,280 --> 00:16:34,320
the dolphins are giving a 
signal, saying hey, you need to 

327
00:16:34,320 --> 00:16:38,480
know the fish are coming and 
they take action on that is a 

328
00:16:38,480 --> 00:16:40,680
great stand in for shared 
signals. 

329
00:16:40,680 --> 00:16:43,880
Because the whole idea is to say
for far too long we've been 

330
00:16:43,880 --> 00:16:48,600
isolated in our knowledge base. 
Vendors tend to say we have all 

331
00:16:48,600 --> 00:16:51,200
the information you need, just 
buy from us or our suite of 

332
00:16:51,200 --> 00:16:53,360
products and we'll solve every 
problem you have. 

333
00:16:54,240 --> 00:16:57,760
I kind of disagree with that. 
I think much better is kind of a

334
00:16:58,200 --> 00:17:02,320
a network of informed actors all
sharing information, right? 

335
00:17:02,640 --> 00:17:03,600
Do you have risk? 
Yes. 

336
00:17:03,600 --> 00:17:04,880
Do you have a risk assessment? 
Yes. 

337
00:17:04,880 --> 00:17:06,760
Do you have an idea of what's 
dangerous or not? 

338
00:17:07,079 --> 00:17:09,680
You do as well. 
And so let's share information, 

339
00:17:09,880 --> 00:17:13,319
kind of like dolphins saying, 
hey, the fish are coming to talk

340
00:17:13,319 --> 00:17:15,920
about dangerous actions or 
identities that aren't trusted 

341
00:17:15,920 --> 00:17:19,599
anymore or people aren't using 
trusted devices or whatever 

342
00:17:19,599 --> 00:17:22,400
else. 
And saying whoever is listing, 

343
00:17:22,400 --> 00:17:25,040
we're broadcasting this 
information out so that you, 

344
00:17:25,119 --> 00:17:28,600
another component in my client's
infrastructure, can take the 

345
00:17:28,600 --> 00:17:32,280
appropriate informed action. 
Now, just like the dolphins and 

346
00:17:32,280 --> 00:17:34,960
the Fisher people, the dolphins 
give the signal. 

347
00:17:35,080 --> 00:17:37,920
The Fisher people don't have to 
throw their Nets. 

348
00:17:38,000 --> 00:17:40,600
They have complete volition. 
They have complete control, 

349
00:17:40,600 --> 00:17:42,120
right? 
They can just sit there and do 

350
00:17:42,120 --> 00:17:45,680
nothing if they want. 
Shared signals is a way of 

351
00:17:45,680 --> 00:17:49,600
sharing information about 
identity context that let gives 

352
00:17:49,600 --> 00:17:52,120
that freedom to the receiver of 
the information. 

353
00:17:52,320 --> 00:17:55,520
It's it's not prescriptive, it's
descriptive. 

354
00:17:55,680 --> 00:17:59,840
This is going on heads up, you 
choose what you want to do 

355
00:17:59,960 --> 00:18:01,680
right? 
And that's important and 

356
00:18:01,680 --> 00:18:03,400
important to the success of the 
standard. 

357
00:18:03,520 --> 00:18:06,960
But we've a tool originally 
talked about Cape at an Internet

358
00:18:06,960 --> 00:18:09,000
identity workshop. 
I was there, it was really great

359
00:18:09,320 --> 00:18:11,600
and he kind of launched this 
discussion. 

360
00:18:11,880 --> 00:18:16,160
But as it's grown, I think those
kinds of keys help with the ever

361
00:18:16,160 --> 00:18:19,080
present struggle within 
standards of incentives, right? 

362
00:18:19,320 --> 00:18:21,840
What's the incentive for a 
vendor to support it or 

363
00:18:21,840 --> 00:18:24,360
something to adopt the standard?
It has to be mutually 

364
00:18:24,360 --> 00:18:25,960
beneficial. 
And so I think that's that's 

365
00:18:25,960 --> 00:18:27,440
really helpful if that makes 
sense. 

366
00:18:27,440 --> 00:18:30,840
So I love the analogy because 
that brings it to a level that I

367
00:18:30,840 --> 00:18:33,760
think everybody can understand. 
Like, OK, what are we aiming 

368
00:18:33,760 --> 00:18:36,520
toward? 
What I want to talk about is the

369
00:18:36,520 --> 00:18:39,960
shared signals framework. 
So this framework, who are the 

370
00:18:40,000 --> 00:18:42,640
actors in the framework? 
Who's providing the information?

371
00:18:42,640 --> 00:18:46,520
Is that applications, its 
infrastructure? 

372
00:18:46,720 --> 00:18:49,320
Give us some examples. 
Who's receiving it? 

373
00:18:49,480 --> 00:18:51,360
What are they doing with that 
information? 

374
00:18:51,760 --> 00:18:55,640
And then from a framework 
standpoint, is this going to be 

375
00:18:55,640 --> 00:18:59,240
like an industry standard for? 
Is that how you see it playing 

376
00:18:59,240 --> 00:19:00,840
out? 
Yeah. 

377
00:19:00,840 --> 00:19:04,120
I think it's important to sense 
that a lot of times people 

378
00:19:04,120 --> 00:19:06,880
conflate some of these terms. 
They combine them and think they

379
00:19:06,880 --> 00:19:09,080
mean the same thing. 
You'll hear Shared Signals 

380
00:19:09,080 --> 00:19:12,560
framework, you'll hear Cape, 
which is Continuous Access 

381
00:19:12,560 --> 00:19:16,000
Evaluation protocol. 
You'll hear RISK, which I don't 

382
00:19:16,000 --> 00:19:19,240
remember what the actual 
expansion of that acronym is. 

383
00:19:19,360 --> 00:19:22,760
Ranks risk and incident sharing 
and collaboration. 

384
00:19:22,760 --> 00:19:24,120
There's a lot. 
Of ands in that one right. 

385
00:19:24,160 --> 00:19:26,520
And so you'll kind of hear those
together, especially Cape and 

386
00:19:26,520 --> 00:19:28,400
shared signal. 
So first thing I want to say is 

387
00:19:28,400 --> 00:19:31,960
that shared signals is the 
transport layer kind of pub sub 

388
00:19:31,960 --> 00:19:33,800
sender, transmitter, receiver 
kind of vibe. 

389
00:19:34,440 --> 00:19:38,160
Cape is the one that focuses on 
some of the session based use 

390
00:19:38,160 --> 00:19:40,360
cases, which is great because 
Pete, that's where as you're 

391
00:19:40,400 --> 00:19:43,840
implying people say, OK, why do 
I need this? 

392
00:19:43,840 --> 00:19:46,320
What is the OR some use cases 
that benefit me? 

393
00:19:46,800 --> 00:19:52,320
Some examples say there is a 
single sign on provider that 

394
00:19:53,080 --> 00:19:56,480
knows that an identity has 
travelled impossibly or done 

395
00:19:56,480 --> 00:19:59,080
something else, that they're 
going to take action now and 

396
00:19:59,080 --> 00:20:03,160
they revoke all of that identity
sessions within their their 

397
00:20:03,160 --> 00:20:05,800
vision of the world. 
They send out a session revoked 

398
00:20:05,800 --> 00:20:11,080
event, say to an IGA vendor. 
Now we get that event and we 

399
00:20:11,080 --> 00:20:13,400
decide what to do based off of 
that, right? 

400
00:20:13,400 --> 00:20:16,240
We can say, well, we could just 
say this is a high risk user, 

401
00:20:16,880 --> 00:20:19,480
you know, take a stereotypical 
case CFO or something and we're 

402
00:20:19,480 --> 00:20:21,720
just going to suspend all of his
identities. 

403
00:20:22,040 --> 00:20:24,360
Throughout the enterprise, 
because we want to start a 

404
00:20:24,360 --> 00:20:28,440
certification or do some other 
sanity checks or we can wait 

405
00:20:28,440 --> 00:20:30,480
until we get multiple of those, 
right? 

406
00:20:30,840 --> 00:20:33,560
And then we can kick off a 
workflow and start a 

407
00:20:33,560 --> 00:20:38,160
certification or suspend or it 
really depends on each side. 

408
00:20:38,560 --> 00:20:41,560
The the event can be shared and 
then the actions on each side 

409
00:20:41,800 --> 00:20:44,840
are best practice for that 
sphere of influence. 

410
00:20:45,280 --> 00:20:49,680
So I think about traditionally 
your SSO vendors, anyone with a 

411
00:20:49,880 --> 00:20:55,480
authorization Oauth token or 
single sign on or in play, but 

412
00:20:55,480 --> 00:20:58,240
also additional people, people 
that know about the network or 

413
00:20:58,240 --> 00:21:02,200
about the device. 
They're all kind of in play as a

414
00:21:02,200 --> 00:21:04,360
transmitter or a receiver now, 
depending on. 

415
00:21:04,360 --> 00:21:05,600
Either one, right? 
Right. 

416
00:21:05,600 --> 00:21:08,480
And you can be both. 
And I think most likely in my 

417
00:21:08,480 --> 00:21:11,520
ideal world, everyone's going to
be a bit of both. 

418
00:21:11,720 --> 00:21:14,400
In other words, it's like from 
an IGA perspective, just because

419
00:21:14,400 --> 00:21:17,240
that's because that's my world, 
right? 

420
00:21:17,560 --> 00:21:21,840
If, if I I want information 
about devices, are you on now on

421
00:21:21,840 --> 00:21:25,000
an untrusted device, maybe I 
change your access. 

422
00:21:25,480 --> 00:21:29,000
From an IGA perspective, maybe I
lock you out from particularly 

423
00:21:29,360 --> 00:21:32,120
applications because you need to
be on a trusted device for that.

424
00:21:34,600 --> 00:21:38,680
And the other way around too, if
I suspend an identity, what 

425
00:21:38,680 --> 00:21:40,200
happens? 
Well, I use my connectivity 

426
00:21:40,200 --> 00:21:42,000
layer to go out and suspend 
accounts throughout. 

427
00:21:42,000 --> 00:21:44,680
But even if I do that 
immediately, and that takes 

428
00:21:44,680 --> 00:21:48,600
effect immediately, a lot of 
those identities have Oauth 

429
00:21:48,600 --> 00:21:51,080
tokens or some kind of session 
token with a time to live. 

430
00:21:51,600 --> 00:21:55,880
And until that expires, Jeff can
happily be Jeff, even though 

431
00:21:55,880 --> 00:21:57,960
he's no longer trusted by the 
enterprise, right? 

432
00:21:58,360 --> 00:22:01,800
And so it's those kinds of use 
cases where people are like, oh,

433
00:22:01,800 --> 00:22:04,160
we don't already have that 
today. 

434
00:22:04,160 --> 00:22:08,000
And like you do in places with 
specific API, you know, 

435
00:22:08,040 --> 00:22:09,200
endpoints and that kind of 
thing. 

436
00:22:09,200 --> 00:22:11,280
And there are other movements as
well, but there's a lot of 

437
00:22:11,280 --> 00:22:14,720
motion to kind of to make these 
all work together. 

438
00:22:14,760 --> 00:22:17,560
So, and it's not just the 
extreme use cases either. 

439
00:22:17,560 --> 00:22:23,920
You can change levels of access.
If something changes in an 

440
00:22:23,920 --> 00:22:26,320
attribute about a user changes, 
you can send out an event 

441
00:22:26,320 --> 00:22:30,160
saying, hey, you probably want 
to re evaluate all the tokens 

442
00:22:30,560 --> 00:22:33,480
for this user because their 
access has changed. 

443
00:22:33,600 --> 00:22:38,760
And so moving to a continuous or
event based to pick who you're 

444
00:22:38,760 --> 00:22:42,000
talking to, right, The 
particular flavor of it, it's a 

445
00:22:42,000 --> 00:22:43,720
continuous process of 
evaluation. 

446
00:22:43,800 --> 00:22:47,000
Every time I access something in
an ideal world, I want the 

447
00:22:47,000 --> 00:22:49,520
latest information, the latest 
attributes, the latest version 

448
00:22:49,520 --> 00:22:51,640
of the policy, all of that to be
evaluated. 

449
00:22:52,200 --> 00:22:54,440
And that's kind of what this 
what this does. 

450
00:22:55,080 --> 00:22:59,000
So it's the idea then to have 
essentially instead of a, a, you

451
00:22:59,000 --> 00:23:02,080
know, a vendor specific, this is
what we do for security. 

452
00:23:02,520 --> 00:23:03,920
And I think we're familiar with 
things like, you know, the 

453
00:23:03,920 --> 00:23:05,520
impossible travel conditional 
assets, right? 

454
00:23:05,840 --> 00:23:08,360
Any authentication provider 
typically will have that sort of

455
00:23:08,360 --> 00:23:12,720
thing is let's open this up to 
really the identity ecosystem or

456
00:23:12,720 --> 00:23:16,000
security ecosystem and say, hey,
we've collected this data, we 

457
00:23:16,000 --> 00:23:19,520
have this thing and we're both 
a, a sender and a receiver of 

458
00:23:19,520 --> 00:23:21,400
this information. 
So that leads me to believe that

459
00:23:21,400 --> 00:23:25,600
there is something that is sort 
of outside of a specific 

460
00:23:25,600 --> 00:23:28,360
technology stack to collect all 
this information. 

461
00:23:29,120 --> 00:23:30,720
That's how it works. 
It's a standard. 

462
00:23:31,280 --> 00:23:34,560
So if you were going to do this 
without shared signals, I would 

463
00:23:34,560 --> 00:23:36,920
have to call up every vendor I 
wanted to integrate with. 

464
00:23:36,920 --> 00:23:38,320
I have to say, what are your 
APIs? 

465
00:23:38,320 --> 00:23:40,240
What are my APIs? 
My legal department would have 

466
00:23:40,240 --> 00:23:41,360
to get involved. 
We all have to. 

467
00:23:41,360 --> 00:23:44,800
It's a long road. 
And then anytime your API 

468
00:23:44,800 --> 00:23:48,080
changed or my API changed, now 
we have to do it all over again,

469
00:23:48,400 --> 00:23:49,920
regression testing, etcetera, 
etcetera. 

470
00:23:50,360 --> 00:23:53,560
Using a standard to share this 
information means I can hook in 

471
00:23:53,560 --> 00:23:56,160
really easily without that 
overhead, right? 

472
00:23:56,680 --> 00:23:59,640
And so I, I don't think there's 
necessarily a, a centralized 

473
00:23:59,640 --> 00:24:02,640
repository for this information.
It's more like, hey, I know 

474
00:24:02,640 --> 00:24:05,480
this, you might want to know. 
And the receiver signs up to 

475
00:24:05,480 --> 00:24:09,800
say, Hey, these are optionally 
the, the users I'm interested in

476
00:24:09,800 --> 00:24:11,520
or the groups of users I'm 
interested in. 

477
00:24:11,720 --> 00:24:13,600
And here are the event types I'm
interested in. 

478
00:24:13,920 --> 00:24:16,640
And so you subscribe, you 
basically set up a, a pipeline 

479
00:24:16,640 --> 00:24:20,240
to call the stream basically 
saying I want all your these 

480
00:24:20,240 --> 00:24:22,720
types of events for this class 
of users or just all these 

481
00:24:22,720 --> 00:24:25,240
events period. 
And then they either get pushed 

482
00:24:25,240 --> 00:24:27,120
or pulled across the across the 
pipe. 

483
00:24:27,480 --> 00:24:29,560
See, I think it opens up an 
opportunity for another part of 

484
00:24:29,560 --> 00:24:32,000
the market and we're kind of 
infringing here now in the SIM 

485
00:24:32,000 --> 00:24:35,560
space, right or other sort of 
event and logging and monitoring

486
00:24:35,560 --> 00:24:39,720
type tools where you know it is 
historically been well, let me 

487
00:24:39,720 --> 00:24:42,320
send you my Windows logs or 
applications logs and it goes to

488
00:24:42,320 --> 00:24:44,520
the central spot. 
Now we've got a standard and 

489
00:24:44,520 --> 00:24:49,720
say, OK, this is how 
technologies can interact very 

490
00:24:49,720 --> 00:24:52,000
similar to like SAML, right? 
And this is how we want to 

491
00:24:52,000 --> 00:24:53,440
authenticate. 
Now we've got something to 

492
00:24:53,600 --> 00:24:58,440
provide data around events that 
are taking place in a 

493
00:24:58,440 --> 00:25:01,920
standardized way to say if I 
wanted to, I could build a 

494
00:25:01,920 --> 00:25:07,320
product that is ASSF type 
product or maybe I'm a Splunk or

495
00:25:07,320 --> 00:25:09,800
some other, you know, SIM that 
someone I can think of as. 

496
00:25:10,160 --> 00:25:11,920
Well, sure. 
Where I say, OK, we want to be 

497
00:25:11,920 --> 00:25:15,080
able to, you know, pull those 
into our system because it's 

498
00:25:15,080 --> 00:25:16,360
it's great to have it in one 
spot. 

499
00:25:16,360 --> 00:25:19,360
But I think the power here is 
what if we could leverage our 

500
00:25:19,360 --> 00:25:25,160
IGA platform and our IDP and our
privileged access and maybe even

501
00:25:25,440 --> 00:25:29,040
a non security platform like a 
work day maybe where our people 

502
00:25:29,040 --> 00:25:31,640
data is. 
Let's pull that all together and

503
00:25:31,640 --> 00:25:33,840
have sort of like this 
overarching ecosystem and say 

504
00:25:34,040 --> 00:25:38,400
here's Mike, Mike is in Orlando.
We know that here's what IGA is 

505
00:25:38,400 --> 00:25:40,160
going to do You guys do your own
thing. 

506
00:25:40,160 --> 00:25:42,880
But by the way, if we know this 
about Mike, let's put this 

507
00:25:42,880 --> 00:25:45,920
somewhere where people can, you 
know, receive that data and do 

508
00:25:45,920 --> 00:25:48,920
other things with that. 
You, you will see, I do think 

509
00:25:48,920 --> 00:25:53,640
you'll see a space pop up for 
transceivers, trans, you know, 

510
00:25:53,640 --> 00:25:56,320
translators of some of these 
signals, relays, those types of 

511
00:25:56,320 --> 00:25:57,760
things and architectural 
choices. 

512
00:25:58,360 --> 00:26:05,040
I think that the impact I see is
avoiding a single point of of 

513
00:26:05,040 --> 00:26:09,080
this is where this is the keeper
of the Kingdom. 

514
00:26:09,280 --> 00:26:11,200
Just to have some of that. 
If I were an identity 

515
00:26:11,200 --> 00:26:16,680
practitioner, I want a team 
working together right now. 

516
00:26:16,800 --> 00:26:18,680
Each of them are going to have a
different perspective. 

517
00:26:18,680 --> 00:26:21,280
IGA is going to have a different
perspective than my SSO will, 

518
00:26:21,280 --> 00:26:25,320
then my VPN will, then my HR 
system, then my sales force, 

519
00:26:25,320 --> 00:26:27,480
whatever. 
You're relying party kind of 

520
00:26:27,480 --> 00:26:31,160
application. 
But what it does is it provides 

521
00:26:31,160 --> 00:26:35,680
an event oriented, close to real
time process for sharing 

522
00:26:35,680 --> 00:26:37,440
information that didn't exist 
before. 

523
00:26:37,640 --> 00:26:40,200
I'm sure people will suck it 
into a SIM, right? 

524
00:26:40,800 --> 00:26:43,520
I mean, I feel like that's the 
natural inclination of a 

525
00:26:43,520 --> 00:26:46,600
security team in an enterprise 
environment is we want all the 

526
00:26:46,600 --> 00:26:49,560
data and we want to do something
with it. 

527
00:26:50,440 --> 00:26:53,320
Right, I think the I think the 
power to me, the usefulness 

528
00:26:53,320 --> 00:26:59,800
right now is actually giving 
that real time response and 

529
00:26:59,800 --> 00:27:02,680
control to all these individual 
distributed players. 

530
00:27:02,920 --> 00:27:06,440
I don't picture a centralized 
hub for controlling everything 

531
00:27:06,440 --> 00:27:10,440
about identity and organization.
I picture to use a, you know, 

532
00:27:11,080 --> 00:27:14,320
lingo identity fabric kind of 
approach where there are 

533
00:27:14,320 --> 00:27:18,120
deciders everywhere and informed
understandings of thing 

534
00:27:18,120 --> 00:27:21,440
everywhere, right. 
So it's, it's, it's more like 

535
00:27:21,440 --> 00:27:22,760
that. 
And then when you when you 

536
00:27:22,760 --> 00:27:27,120
couple on things that aren't 
just session based, then you 

537
00:27:27,120 --> 00:27:31,480
start to touch more and more, 
not just Cape which does 

538
00:27:31,480 --> 00:27:34,440
continuous access evaluation, 
but more account level things 

539
00:27:34,440 --> 00:27:38,000
and the risk stuff, suspending 
accounts, activating accounts. 

540
00:27:38,800 --> 00:27:42,160
And then the more recent stuff, 
which I'm particularly about 

541
00:27:42,160 --> 00:27:45,200
excited about, which is the skim
events, which could optionally 

542
00:27:45,200 --> 00:27:48,720
sit on top of this. 
And now you're starting to 

543
00:27:48,720 --> 00:27:51,840
impact a broader and broader 
spectrum. 

544
00:27:52,160 --> 00:27:54,880
Yeah. 
So I want to back up to some of 

545
00:27:54,880 --> 00:27:57,640
these that are, this is about 
developing a standard. 

546
00:27:57,640 --> 00:28:01,880
And I heard Heather Flanagan say
there's two approaches to 

547
00:28:01,880 --> 00:28:06,440
developing a standard. 
One is kind of got an ideal of 

548
00:28:06,520 --> 00:28:10,200
how the technology should work, 
you can develop a standard. 

549
00:28:10,400 --> 00:28:13,760
The other is there's all the, 
it's already been deployed, it's

550
00:28:13,760 --> 00:28:16,040
out in the wild. 
Everybody's doing it now. 

551
00:28:16,040 --> 00:28:18,040
You're trying to pull it 
together into a standard. 

552
00:28:18,360 --> 00:28:21,040
I think this is like the latter,
right? 

553
00:28:21,040 --> 00:28:23,320
This is trying to build a 
picture of what it should work 

554
00:28:23,320 --> 00:28:25,440
like. 
Or is it the other way? 

555
00:28:25,600 --> 00:28:28,120
I think I, it's a good question 
up for debate. 

556
00:28:28,120 --> 00:28:31,600
I think it's the first way 
actually, only because people 

557
00:28:31,600 --> 00:28:34,840
were kind of doing this a little
bit, but they're one off 

558
00:28:34,840 --> 00:28:36,640
integration. 
So maybe that's not even up for 

559
00:28:36,640 --> 00:28:39,000
the second way. 
But I think this was such a 

560
00:28:39,000 --> 00:28:42,280
different way of saying, why 
don't we just straight up share 

561
00:28:42,280 --> 00:28:46,400
this data and not hold on to it 
really tightly and say we're the

562
00:28:46,400 --> 00:28:49,160
only option here. 
So in that sense, I feel like 

563
00:28:49,160 --> 00:28:54,440
there was a lot of idealism in 
the original assessment, but the

564
00:28:54,440 --> 00:28:59,120
use case was so strong that your
session needs to needs to change

565
00:28:59,120 --> 00:29:02,160
in in close to real time and 
share information about that, 

566
00:29:02,640 --> 00:29:06,240
that it was powerful enough to 
to pull people in, I think. 

567
00:29:06,240 --> 00:29:09,320
I think it gets to the question 
though is are these logs? 

568
00:29:09,320 --> 00:29:11,640
Are these identity bits of data 
that we're collecting? 

569
00:29:11,640 --> 00:29:15,280
Is that secret sauce for a 
vendor, for example, or is it 

570
00:29:15,280 --> 00:29:18,720
something that, yeah, a vendor 
is willing to share with others?

571
00:29:19,200 --> 00:29:21,160
Obviously, you know, you're not 
sharing code, but you're 

572
00:29:21,160 --> 00:29:23,040
sharing. 
You have, if you have an API 

573
00:29:23,040 --> 00:29:26,640
connection or a standard to say,
hey, this is what sale point is 

574
00:29:26,640 --> 00:29:29,720
collecting and here's what we're
going to do with it. 

575
00:29:30,680 --> 00:29:33,800
But we have an API or we've got 
a shared signals framework that 

576
00:29:33,800 --> 00:29:36,640
you can tap in to say if you 
want to do other things with it,

577
00:29:36,640 --> 00:29:39,960
with other things, be our guest.
Right. 

578
00:29:40,080 --> 00:29:43,520
And I, what you're hearing me 
too, is that you're hearing me, 

579
00:29:43,600 --> 00:29:46,240
the idealist talking because 
that's usually how I approach 

580
00:29:46,240 --> 00:29:48,880
standards. 
It's not, you know, how can we, 

581
00:29:49,080 --> 00:29:51,680
it's always like, oh, what if we
could do this, wouldn't that be 

582
00:29:51,680 --> 00:29:53,080
cool? 
And then I have to think about, 

583
00:29:53,080 --> 00:29:54,680
well, how does this monetize 
itself? 

584
00:29:54,800 --> 00:29:56,480
Right? 
I, I think you're right. 

585
00:29:56,480 --> 00:29:59,800
I think it's, it's the we're 
going to take this knowledge 

586
00:29:59,800 --> 00:30:04,120
that we know and we are also 
trying to monetize internally as

587
00:30:04,120 --> 00:30:07,520
a vendor, as a vendor, and we're
going to make that known for 

588
00:30:07,520 --> 00:30:10,480
other people to use. 
And I think that's the only way 

589
00:30:10,480 --> 00:30:13,440
for us to protect. 
I'd use identity to protect 

590
00:30:13,440 --> 00:30:16,520
things in real time. 
So that's that even kind of 

591
00:30:16,520 --> 00:30:19,560
rules out a little bit of the 
same, same kind of stuff because

592
00:30:19,560 --> 00:30:21,120
it's a little bit more after the
fact. 

593
00:30:21,480 --> 00:30:25,040
This is more right now. 
How can I share information for 

594
00:30:25,040 --> 00:30:27,320
you so you can take a more 
informed choice. 

595
00:30:27,760 --> 00:30:30,560
And if I know there's a danger, 
now everybody knows there's a 

596
00:30:30,560 --> 00:30:32,040
danger. 
And that's got to be the way to 

597
00:30:32,040 --> 00:30:33,720
go. 
Team sport would be my. 

598
00:30:34,400 --> 00:30:37,480
On take and that's my I guess 
that's the key part here is this

599
00:30:37,480 --> 00:30:40,600
is a real time. 
This is a a quicker way to get 

600
00:30:40,600 --> 00:30:43,040
that information right. 
Because what we don't want to do

601
00:30:43,040 --> 00:30:46,800
is where we've been for the last
20-30 years is hey, there's data

602
00:30:46,800 --> 00:30:49,200
sitting in our SIM yeah, we 
didn't do anything about it 

603
00:30:49,200 --> 00:30:52,040
because what is the average 
bridge takes like half a year to

604
00:30:52,040 --> 00:30:54,760
even discover right? 
The name of the game is speed. 

605
00:30:55,000 --> 00:30:59,520
So yes, I want my IGA platform 
to detect this thing and I want 

606
00:30:59,520 --> 00:31:03,960
it to move very quickly to 
mitigate risk that that event 

607
00:31:04,040 --> 00:31:07,960
might indicate. 
But the quicker that I can get 

608
00:31:07,960 --> 00:31:10,880
it not just in my IJ platform, 
but into other platforms, right?

609
00:31:11,400 --> 00:31:14,520
How do I control my IDP? 
Do I prompt for an extra MFA? 

610
00:31:14,520 --> 00:31:18,040
Do I shut down access to a 
privilege access management 

611
00:31:18,040 --> 00:31:19,400
vault, Right? 
There's all kinds of stuff that 

612
00:31:19,400 --> 00:31:22,120
can happen. 
And that orchestration really, I

613
00:31:22,120 --> 00:31:25,240
don't think can happen unless 
there is this standard to 

614
00:31:25,240 --> 00:31:27,560
communicate that these events 
are even taking place, right? 

615
00:31:27,600 --> 00:31:29,360
Totally, totally. 
And what you're also seeing in 

616
00:31:29,360 --> 00:31:35,680
the industry is a slow move to 
event based architectures, and 

617
00:31:35,680 --> 00:31:37,760
this is a reflection of that as 
well, right? 

618
00:31:37,760 --> 00:31:40,640
Are you going to use shared 
signals to do everything and 

619
00:31:40,640 --> 00:31:42,280
every identity and every 
application? 

620
00:31:43,080 --> 00:31:45,400
No, right. 
Because it's not worth it. 

621
00:31:45,400 --> 00:31:49,160
There's right now it's not 
probably in your best interest 

622
00:31:49,160 --> 00:31:52,720
because of speed and scale and 
other reasons to put event based

623
00:31:52,720 --> 00:31:55,760
architectures everywhere. 
Some applications, some portions

624
00:31:55,760 --> 00:31:57,920
of them. 
Yeah, I think it makes a lot of 

625
00:31:57,920 --> 00:31:59,680
sense. 
And so while you're seeing 

626
00:31:59,680 --> 00:32:04,320
vendors in the Interop, right, I
think you're going to see more 

627
00:32:04,320 --> 00:32:08,840
and more relying parties and 
application owners and that kind

628
00:32:08,840 --> 00:32:11,840
of stuff adopted as well 'cause 
like, oh, that information is 

629
00:32:11,840 --> 00:32:16,040
available to me, 'cause if you 
think about it, say, say skim 

630
00:32:16,040 --> 00:32:18,920
events where you're updating 
information about the account, 

631
00:32:18,920 --> 00:32:20,880
about the attributes, about the 
identity, right? 

632
00:32:21,160 --> 00:32:25,920
If you have that in place, well,
now I've got a policy in my 

633
00:32:25,920 --> 00:32:29,600
application that's only as good 
as the last update of that 

634
00:32:29,600 --> 00:32:32,680
information, right? 
So it's like updating a policy 

635
00:32:32,680 --> 00:32:36,320
information point saying, hey, 
the attributes about Jim have 

636
00:32:36,320 --> 00:32:38,120
changed. 
Everyone needs to do this so 

637
00:32:38,120 --> 00:32:40,440
that when you go make the 
decision, you're making the 

638
00:32:40,440 --> 00:32:43,520
right choice, right? 
And so that is really powerful 

639
00:32:43,520 --> 00:32:45,760
because now we're into the 
authorization space, we're into 

640
00:32:45,760 --> 00:32:49,280
the policy space we're in. 
It's all of this working 

641
00:32:49,280 --> 00:32:51,640
together, right? 
The stuff that's going on in 

642
00:32:51,640 --> 00:32:54,080
Oauth, the stuff that's going on
in shared signals, stuff that's 

643
00:32:54,080 --> 00:32:57,120
going on in Skim and, and all 
these various working groups 

644
00:32:57,440 --> 00:33:01,440
kind of combining to. 
So, so Jeff made the point about

645
00:33:01,440 --> 00:33:05,120
having one place. 
I want to go even further and 

646
00:33:05,120 --> 00:33:07,720
say why? 
Because I think you're talking 

647
00:33:07,720 --> 00:33:11,640
about within your enterprise, 
but why is, why couldn't there 

648
00:33:11,640 --> 00:33:16,240
be one place that everybody goes
to get these signals, right? 

649
00:33:16,240 --> 00:33:19,480
Or maybe the maybe there's a 
commercial landscape where a 

650
00:33:19,480 --> 00:33:23,200
couple companies focus on this 
and it's pulling signals from 

651
00:33:23,440 --> 00:33:27,800
all the major ID PS social 
networks, you know, Microsoft 

652
00:33:29,440 --> 00:33:32,200
and pick building 1 picture of, 
you know, these are the 

653
00:33:32,200 --> 00:33:34,080
identities that look to be 
compromised. 

654
00:33:34,080 --> 00:33:40,200
Rather than it being kind of a 
competitive advantage, Why not 

655
00:33:40,200 --> 00:33:42,120
all kind of row in the same 
direction? 

656
00:33:42,120 --> 00:33:46,560
Because we're all trying to to 
solve the same problem, which is

657
00:33:46,560 --> 00:33:48,200
don't get compromised, right, 
right. 

658
00:33:48,360 --> 00:33:53,400
And if everybody's contributing,
everybody's pulling it, it seems

659
00:33:53,440 --> 00:33:55,680
maybe I'm being too idealistic. 
What do you? 

660
00:33:55,680 --> 00:33:58,600
Think well, I think is a First 
off is a distributed approach, 

661
00:33:58,680 --> 00:33:59,840
right. 
So we're not going to have 

662
00:33:59,840 --> 00:34:04,080
necessarily one repo with all 
the stuff it's live events being

663
00:34:04,080 --> 00:34:08,719
sent back and forth. 
So that kind of to have one 

664
00:34:08,719 --> 00:34:12,159
repository kind of defeats a 
little bit of the, the way that 

665
00:34:12,199 --> 00:34:15,600
the approach is done. 
Secondarily, not every vendor is

666
00:34:15,600 --> 00:34:18,840
going to buy in, not every app 
is going to buy in, right? 

667
00:34:18,880 --> 00:34:23,120
And so to that end, there are 
major vendors that are not doing

668
00:34:23,120 --> 00:34:25,840
shared signals right now and 
they have their reasons and 

669
00:34:25,840 --> 00:34:30,040
their incentives for doing so. 
The idealist in me is like, why 

670
00:34:30,040 --> 00:34:32,400
don't we all do this and just 
set it up right? 

671
00:34:32,480 --> 00:34:34,880
And then as a practitioner, what
am I doing? 

672
00:34:35,360 --> 00:34:39,040
I'm looking at my environment 
and my business policy and 

673
00:34:39,040 --> 00:34:40,920
saying this is really what I 
want to see. 

674
00:34:41,280 --> 00:34:43,880
And then I'm setting up those 
relationships. 

675
00:34:44,080 --> 00:34:47,360
The technology is secondary. 
The technologist enables me to 

676
00:34:47,360 --> 00:34:51,080
do this and share information in
near real time, right? 

677
00:34:52,120 --> 00:34:55,080
But it's really the policy and 
what I want to have give people 

678
00:34:55,080 --> 00:34:58,080
access to and updating that near
real time. 

679
00:34:58,080 --> 00:35:00,120
That's the, the key for me as a 
practitioner. 

680
00:35:00,120 --> 00:35:03,560
So just like single sign on, 
right is commoditized right now,

681
00:35:03,560 --> 00:35:05,680
right? 
I, the policies, I want access 

682
00:35:05,680 --> 00:35:09,680
to these five things, SSO and 
SAML is just the technology that

683
00:35:09,680 --> 00:35:12,880
lying behind that, right? 
And so as a practitioner, I get 

684
00:35:12,880 --> 00:35:15,760
to decide, I want these people 
groups, these identities, people

685
00:35:15,760 --> 00:35:18,440
groups, these identities and, 
and these events. 

686
00:35:18,480 --> 00:35:20,480
And I want this to happen and 
that to happen. 

687
00:35:20,800 --> 00:35:22,520
When I talk, people are like, 
well, what, what's going to 

688
00:35:22,520 --> 00:35:25,360
happen when I do this? 
And I say, well, each end is 

689
00:35:25,360 --> 00:35:29,440
going to make their own choices.
Each application and each 

690
00:35:29,440 --> 00:35:31,680
vendor, whoever it is, it's 
going to say this is the default

691
00:35:31,680 --> 00:35:34,720
action. 
We see something happen, we're 

692
00:35:34,720 --> 00:35:36,560
going to suspend you, we're 
going to send out these events, 

693
00:35:36,560 --> 00:35:39,720
and then the other side takes it
in and has probably a default 

694
00:35:39,720 --> 00:35:42,680
approach. 
But again, if I'm an identity 

695
00:35:42,680 --> 00:35:45,760
owner, I wouldn't control over 
what that actually looks like, 

696
00:35:46,120 --> 00:35:48,160
right? 
Just because you sold me a 

697
00:35:48,160 --> 00:35:51,840
product that sends these massive
alerts anytime anyone goes out 

698
00:35:51,840 --> 00:35:54,440
and gets a Taco, maybe I don't 
want, you know, Trisha, you'll 

699
00:35:54,440 --> 00:35:56,240
have to go get a Taco. 
I don't want to shut down your 

700
00:35:56,240 --> 00:35:57,240
whole thing. 
So I'm. 

701
00:35:57,280 --> 00:35:59,200
Talking events that I can get 
behind, I want to know. 

702
00:35:59,200 --> 00:36:02,800
Where this Taco is so. 
Let me know how do I subscribe 

703
00:36:02,800 --> 00:36:04,640
to? 
That event as an event, right? 

704
00:36:04,760 --> 00:36:06,120
Tacos service. 
How about that? 

705
00:36:06,160 --> 00:36:08,840
Yeah, there we go. 
So yeah, there's, there's, 

706
00:36:08,840 --> 00:36:11,360
there's balance there, right. 
I think there will people be 

707
00:36:11,360 --> 00:36:13,480
people that suck all these 
things in and put them in a 

708
00:36:13,480 --> 00:36:15,720
repository. 
I don't think that's really the 

709
00:36:15,720 --> 00:36:20,640
idea because we're trying to 
move to a real time distributed 

710
00:36:20,640 --> 00:36:23,840
kind of approach rather than 
let's build 1 big repository. 

711
00:36:24,480 --> 00:36:27,040
And I think you can be an 
aggregator and keep it real 

712
00:36:27,040 --> 00:36:30,480
time. 
And that was like, I guess I 

713
00:36:30,480 --> 00:36:34,120
live with that minor point. 
My bigger point was, you know, 

714
00:36:34,120 --> 00:36:39,800
it feels to me like we need big 
tech to get behind this, to say,

715
00:36:39,800 --> 00:36:43,840
all right, we've got massive 
numbers of authentication 

716
00:36:43,840 --> 00:36:46,600
events. 
We have this repository of what 

717
00:36:46,600 --> 00:36:50,440
we think are compromised 
accounts I think. 

718
00:36:50,440 --> 00:36:52,160
Some of that is secret sauce for
those vendors. 

719
00:36:52,560 --> 00:36:54,680
That's the. 
Service that people pay for, 

720
00:36:54,680 --> 00:36:59,040
that's what I hate and and it it
it, it, it, it does sound 

721
00:36:59,320 --> 00:37:01,440
altruistic to say, hey, why 
don't we all do the same thing? 

722
00:37:01,440 --> 00:37:03,600
But the reality is there are 
different vendors that are 

723
00:37:03,600 --> 00:37:06,400
paying that are they've done the
work and they are trying to 

724
00:37:06,400 --> 00:37:08,440
monetize that. 
They're saying, hey, if you join

725
00:37:08,440 --> 00:37:13,600
our IDP network, not only are 
you going to get this product, 

726
00:37:13,600 --> 00:37:17,200
but we also have these other 
events and we can help do an 

727
00:37:17,200 --> 00:37:20,320
internal sort of product 
specific thing around that. 

728
00:37:20,520 --> 00:37:22,800
I'm with you. 
I wish there was more openness 

729
00:37:22,800 --> 00:37:24,320
around that. 
And I think it's coming. 

730
00:37:24,320 --> 00:37:27,600
I think there are large enough 
people in the working group, 

731
00:37:27,600 --> 00:37:31,960
large enough people in the 
Interop in December that I 

732
00:37:32,680 --> 00:37:36,240
certain standards survive or die
because of adoption, right? 

733
00:37:36,240 --> 00:37:41,040
Look at SPML, may die in a 
dumpster fire forever, but Skim 

734
00:37:41,800 --> 00:37:44,480
had a lot more success. 
Has it been 100% successful? 

735
00:37:44,600 --> 00:37:48,520
Not at all right? 
But I think shared signals and 

736
00:37:48,520 --> 00:37:53,040
the event types that sit on top 
of it Cape risk Skim events 

737
00:37:53,040 --> 00:37:56,560
someday. 
Like I think those have enough 

738
00:37:56,560 --> 00:38:01,280
backing to pressure 
organizations to adopt and 

739
00:38:01,280 --> 00:38:03,920
incentives, like I said, 
incentives matter, right? 

740
00:38:03,920 --> 00:38:06,720
So I expect some vendors to say,
no, we're not going to 

741
00:38:06,720 --> 00:38:10,360
participate until enough large 
customers say no. 

742
00:38:11,040 --> 00:38:14,240
We have to have this until 
analysts like Gartner at the 

743
00:38:14,240 --> 00:38:18,440
last Interop in March said you 
need to demand this from your 

744
00:38:18,440 --> 00:38:21,080
vendors. 
That helped tremendously, I 

745
00:38:21,080 --> 00:38:24,480
think, right. 
And so it's all a, a, a push 

746
00:38:24,480 --> 00:38:28,760
together of paving the way 
technologically, paving the way 

747
00:38:28,760 --> 00:38:32,280
politically, paving the way for 
demand, customer demand, right? 

748
00:38:33,000 --> 00:38:37,160
So, and you can still keep your 
secret sauce, 'cause just 

749
00:38:37,160 --> 00:38:40,000
because I tell you an account is
compromised, it's not like I'm 

750
00:38:40,000 --> 00:38:42,920
saying, and here's all the Intel
I have and all the data. 

751
00:38:43,120 --> 00:38:47,920
Now you get this event saying I 
have taken this action, you 

752
00:38:47,920 --> 00:38:49,120
might want to do something about
it. 

753
00:38:49,200 --> 00:38:53,080
And optional additional reasons 
or something, but you're not 

754
00:38:53,080 --> 00:38:57,160
getting my internals. 
I've taken a section you do. 

755
00:38:58,200 --> 00:39:00,560
You right, right. 
And instead of us, instead of me

756
00:39:00,560 --> 00:39:04,560
building this API based thing to
go into your system and cause 

757
00:39:04,560 --> 00:39:08,040
action, now I'm like, let's do 
this standards wise. 

758
00:39:08,080 --> 00:39:11,000
And the person who owns both of 
our products will demand it. 

759
00:39:11,000 --> 00:39:12,760
They own both. 
So they can say you're going to 

760
00:39:12,760 --> 00:39:15,840
do this and you're going to do 
this and you're going to like it

761
00:39:15,880 --> 00:39:18,120
or I'm going to walk away and 
take my money to another vendor,

762
00:39:18,240 --> 00:39:21,720
you know, or another offering is
my is my ideal anyway. 

763
00:39:21,720 --> 00:39:22,760
Well. 
I think the important thing 

764
00:39:22,760 --> 00:39:24,840
there is customers need to 
demand it. 

765
00:39:25,200 --> 00:39:26,800
That's really who's going to 
drive the adoption. 

766
00:39:26,800 --> 00:39:31,320
If you're listening to this and 
you are probably a customer of 

767
00:39:31,320 --> 00:39:34,640
an identity solution or a 
security solution, that's where 

768
00:39:34,840 --> 00:39:36,160
that's where the sport's going 
to come from. 

769
00:39:36,760 --> 00:39:40,000
Put it in your RF PS and your RF
fives, put it in your requests 

770
00:39:40,000 --> 00:39:43,800
for whatever and say, hey, does 
your product support shared 

771
00:39:43,800 --> 00:39:46,320
signals framework? 
How does IT support it? 

772
00:39:46,680 --> 00:39:49,640
And and really that's, you know,
it's, it's almost like a 

773
00:39:49,640 --> 00:39:52,040
grassroots campaign, right? 
You've got smart people who are 

774
00:39:52,040 --> 00:39:54,240
really thinking about this. 
You mentioned a tool. 

775
00:39:54,480 --> 00:39:58,640
There's Sean yourself other 
Yeah, exactly. 

776
00:39:58,640 --> 00:40:00,760
So there's there's a lot of 
thought behind this. 

777
00:40:01,000 --> 00:40:03,920
There's only so much creating 
the standard can do. 

778
00:40:04,280 --> 00:40:07,760
People have to actually ask for 
it and desire it and want it. 

779
00:40:08,160 --> 00:40:10,080
Right. 
Just like the fishing and the 

780
00:40:10,080 --> 00:40:13,480
dolphins, right? 
Both parties benefit, I think in

781
00:40:13,480 --> 00:40:16,960
the long term we all benefit 
from this level of cooperation 

782
00:40:16,960 --> 00:40:20,600
because just like the dolphins 
gets more fish and the Fisher 

783
00:40:20,600 --> 00:40:23,080
people do as well. 
The same thing is here is true 

784
00:40:23,080 --> 00:40:25,320
here. 
If if our goal is securing the 

785
00:40:25,320 --> 00:40:30,640
enterprise via identity, then 
let's cooperate and I think we 

786
00:40:30,640 --> 00:40:33,280
all catch more fish or 
something. 

787
00:40:33,280 --> 00:40:34,640
So we. 
Promised we'd get you out of 

788
00:40:34,640 --> 00:40:36,280
here at a certain time. 
But they do have one more 

789
00:40:36,280 --> 00:40:39,840
question. 
So we've had one of our most 

790
00:40:39,840 --> 00:40:42,760
popular episodes. 
We had several folks like 

791
00:40:42,760 --> 00:40:44,920
yourself help us out with a 
question. 

792
00:40:44,920 --> 00:40:48,680
So we've talked about what's the
difference between I am and 

793
00:40:48,680 --> 00:40:51,720
digital identity. 
But now this term identity 

794
00:40:51,720 --> 00:40:55,880
security has become popular. 
To me, this feels like it's the 

795
00:40:55,880 --> 00:41:00,840
definition of identity security 
because it's taking the 

796
00:41:00,840 --> 00:41:06,040
cybersecurity area and digital 
identity and combining it into a

797
00:41:06,040 --> 00:41:09,120
solution. 
Am I on the right track? 

798
00:41:09,120 --> 00:41:10,760
How do you see it? 
Yeah, I think so. 

799
00:41:10,880 --> 00:41:15,600
I think, you know, identity 
security is, is the idea that, 

800
00:41:15,760 --> 00:41:17,560
you know, identity is the key, 
right? 

801
00:41:17,600 --> 00:41:20,840
Identity is, is that the center?
Yeah, it's the old working my 

802
00:41:20,840 --> 00:41:22,200
way to you. 
I know my audience. 

803
00:41:23,360 --> 00:41:26,160
Yeah. 
So I I think that information 

804
00:41:26,160 --> 00:41:30,440
becomes power and becomes the 
operational knowledge on which 

805
00:41:30,440 --> 00:41:33,600
to take action or not, right. 
And so now we're saying I've got

806
00:41:33,600 --> 00:41:35,720
identity information, you've got
identity information. 

807
00:41:35,720 --> 00:41:38,480
Let's share it and and use it 
together. 

808
00:41:38,480 --> 00:41:42,280
It's one aspect of that right 
now whether it fits into a 

809
00:41:42,280 --> 00:41:45,800
particular market segment 
defined by someone or some of 

810
00:41:45,800 --> 00:41:49,440
the other, sure, I think you'll 
see it in different places. 

811
00:41:49,720 --> 00:41:52,920
You'll see it in base platforms.
I think in the long term, in the

812
00:41:52,920 --> 00:41:58,200
short term, you'll probably see 
it in more risk based or ITVR 

813
00:41:58,200 --> 00:41:59,640
environments, that kind of 
stuff. 

814
00:42:00,560 --> 00:42:03,000
Do I care where it exists? 
Not really. 

815
00:42:03,000 --> 00:42:05,920
As long as we have it right. 
I, I want it, I want it in 

816
00:42:05,920 --> 00:42:09,600
places and I want it pushed 
because I, I think the obvious 

817
00:42:09,600 --> 00:42:12,960
statement that we've already 
made is obvious that identity is

818
00:42:12,960 --> 00:42:15,600
the new key. 
It's not just the network, it's 

819
00:42:15,720 --> 00:42:17,800
everything. 
And how you define identity 

820
00:42:18,360 --> 00:42:20,200
becomes the second question of 
that right. 

821
00:42:20,280 --> 00:42:23,120
Is it, does it include device? 
Does it include location? 

822
00:42:23,120 --> 00:42:26,400
Does it include past action or 
past behavior? 

823
00:42:26,400 --> 00:42:29,280
Does it include the weather in 
Caracas? 

824
00:42:29,720 --> 00:42:32,520
It might, right? 
It depends on how you define the

825
00:42:32,520 --> 00:42:36,400
identity for that person, which 
by the way, was also part of my 

826
00:42:36,400 --> 00:42:38,840
talk at Authenticate as well. 
It's like how you define 

827
00:42:38,840 --> 00:42:44,040
identity influences how your 
policy expresses itself, and 

828
00:42:44,040 --> 00:42:47,080
ultimately how you safeguard all
that kind of stuff. 

829
00:42:47,840 --> 00:42:50,280
So I want to go back to the 
authenticate conference to close

830
00:42:50,280 --> 00:42:53,960
out the conversation you gave 
homework at the end, and then to

831
00:42:53,960 --> 00:42:57,200
listen to the whole 15 minutes 
of Bolero. 

832
00:42:57,920 --> 00:43:02,280
And what did people get? 
Well, tell me what the homework 

833
00:43:02,280 --> 00:43:04,120
was and I'll tell you what I got
of it and we can have a 

834
00:43:04,120 --> 00:43:08,680
conversation with it. 
So during the the presentation, 

835
00:43:08,680 --> 00:43:10,840
the talk I was giving, I played 
snippets. 

836
00:43:11,120 --> 00:43:14,600
It's 18 minutes long. 
I had a 25 minute slot. 

837
00:43:14,600 --> 00:43:17,320
I couldn't play the whole song. 
Find a very long song and just 

838
00:43:17,360 --> 00:43:18,680
play that. 
It's like playing a movie when 

839
00:43:18,680 --> 00:43:19,720
you're in school. 
Right. 

840
00:43:20,000 --> 00:43:22,920
So I played some and I and I 
played the rhythm section, which

841
00:43:22,920 --> 00:43:24,920
represents technology and I 
played the melody, which 

842
00:43:24,920 --> 00:43:27,160
represents humanity, and they 
get louder and they get 

843
00:43:27,480 --> 00:43:30,920
basically opposing each other. 
And I described the ending of 

844
00:43:30,920 --> 00:43:36,600
Bolero as amazing and crazy and 
brilliant and really fascinating

845
00:43:36,600 --> 00:43:38,800
and shocking. 
And then I told them I wasn't 

846
00:43:38,800 --> 00:43:41,880
going to play it for them to the
audience, which people groaned, 

847
00:43:41,920 --> 00:43:43,360
which is what I wanted them to 
do. 

848
00:43:43,680 --> 00:43:48,920
But I said go home and find 18 
minutes and carve out the space 

849
00:43:49,040 --> 00:43:51,200
and just listen to it end to 
end. 

850
00:43:51,720 --> 00:43:54,720
You know, I didn't say this, but
you either love Bolero or you 

851
00:43:54,720 --> 00:43:57,200
hate Bolero. 
But the homework I gave was, 

852
00:43:57,920 --> 00:44:00,760
given my premise, just running 
with my premise that it's 

853
00:44:00,760 --> 00:44:03,600
technology versus humanity. 
These two different sections, 

854
00:44:03,600 --> 00:44:05,240
half the orchestra, 1/2 the 
orchestra, the other. 

855
00:44:05,560 --> 00:44:11,160
The ending, I feel like gives a 
particular point of view that 

856
00:44:11,160 --> 00:44:14,480
Rebel has about which will win 
out. 

857
00:44:14,480 --> 00:44:17,200
Will technology destroy humanity
or humanity preserve itself 

858
00:44:17,200 --> 00:44:19,360
against technology? 
And so I said go home and listen

859
00:44:19,360 --> 00:44:24,120
to it and see what you think, 
and then come back and find me 

860
00:44:24,120 --> 00:44:27,560
and tell me what you think 
Ravel's point of view was. 

861
00:44:28,520 --> 00:44:31,800
So I did it. 
I did the homework because I'm a

862
00:44:31,800 --> 00:44:34,480
very good student. 
Good job A plus. 

863
00:44:34,640 --> 00:44:38,600
A+ for me. 
Here's what I got of it was two 

864
00:44:38,600 --> 00:44:45,840
things triumph and finality. 
So it Chris ends and ascends 

865
00:44:45,840 --> 00:44:48,840
throughout this entire, you 
know, track essentially. 

866
00:44:49,840 --> 00:44:55,240
And the way that I perceived it 
was humanity overcomes and it's 

867
00:44:55,240 --> 00:44:58,600
triumphant at the end, but 
there's an abrupt end. 

868
00:44:59,040 --> 00:45:03,000
It's final and we're done. 
And then you got me thinking 

869
00:45:03,000 --> 00:45:06,360
earlier today, I was like, well,
is the final because we lost? 

870
00:45:07,040 --> 00:45:10,120
My thought was OK, We we won. 
It's triumphant. 

871
00:45:10,200 --> 00:45:15,440
Humankind has always risen up 
and somehow evolved or, you 

872
00:45:15,440 --> 00:45:17,840
know, accommodated or figured 
out right how to survive. 

873
00:45:17,840 --> 00:45:21,160
We've made it this far. 
And then there's that finality 

874
00:45:21,160 --> 00:45:22,600
of it. 
Yeah, but. 

875
00:45:23,360 --> 00:45:25,160
We're going to be final unless 
you lost. 

876
00:45:25,360 --> 00:45:28,480
Well, that's, that's see, that's
what that's the thinking part of

877
00:45:28,480 --> 00:45:30,080
it right too. 
Right. 

878
00:45:30,120 --> 00:45:33,120
What what's really fascinating 
also about Valero is there's an 

879
00:45:33,120 --> 00:45:35,240
article that came out a couple 
years ago. 

880
00:45:35,760 --> 00:45:38,400
He and Edgar Allan Poe were 
contemporaries. 

881
00:45:39,000 --> 00:45:44,320
And this person thinks or argues
that Ravel was influenced by 

882
00:45:44,320 --> 00:45:47,600
Poe, who had written this piece 
about how you create a work of 

883
00:45:47,600 --> 00:45:52,000
art. 
And Bolero mimics the Raven from

884
00:45:52,000 --> 00:45:56,160
Edgar Allan Poe, where there's 
18 repetitions in each. 

885
00:45:56,160 --> 00:45:58,720
There's the Raven saying never 
more, never more. 

886
00:45:58,720 --> 00:46:01,680
And in Poe's poem and you have 
this rhythm section that is 

887
00:46:01,680 --> 00:46:03,840
inevitable and just going to 
hunt you down like a dog, 

888
00:46:03,840 --> 00:46:08,720
wherever you are. 
Whether or not that's true, I 

889
00:46:08,720 --> 00:46:11,400
think it it gives insight. 
I don't think Poe was nursely an

890
00:46:11,400 --> 00:46:15,080
upbeat kind of vibe. 
And so that kind of does. 

891
00:46:15,160 --> 00:46:16,400
He's like the original goth, 
yeah. 

892
00:46:17,400 --> 00:46:20,240
It kind of shades it shades how 
I think about it maybe, but the 

893
00:46:20,320 --> 00:46:24,200
the ending of Bolero after 18 
minutes of the same thing over 

894
00:46:24,200 --> 00:46:28,160
and over again, building up it 
it's always in this one, the key

895
00:46:28,160 --> 00:46:32,280
of CI believe the whole time 
right near the end it changes to

896
00:46:32,880 --> 00:46:35,800
a a different key, which you're 
like, Oh, finally some change in

897
00:46:35,800 --> 00:46:37,360
this piece that's been beating 
me down. 

898
00:46:37,800 --> 00:46:41,720
And then it the melody of the 
rhythm section. 

899
00:46:41,720 --> 00:46:46,040
But then, like you said, this is
chaos at the end that like 

900
00:46:46,120 --> 00:46:49,680
trombone's going to worm or worm
and just noise and then all of a

901
00:46:49,680 --> 00:46:57,520
sudden it goes BAM and silence. 
So I feel like he's worried that

902
00:46:57,520 --> 00:47:00,800
the machines are winning or that
they've they've won. 

903
00:47:00,800 --> 00:47:03,600
I would, I was telling you 
earlier, I feel like if, if the 

904
00:47:03,600 --> 00:47:06,520
humanity angle was winning, 
you'd have this like. 

905
00:47:08,000 --> 00:47:10,880
Like a soft landing almost. 
I would feel relaxed at the end 

906
00:47:10,880 --> 00:47:14,080
of Bolero and instead I feel 
myself holding onto the table. 

907
00:47:14,520 --> 00:47:16,640
So, Mike, what minute are we in 
right now? 

908
00:47:18,200 --> 00:47:20,840
Of. 
Of like in humankind. 

909
00:47:22,040 --> 00:47:27,440
What are we in 32? 
We are somewhere in the rising 

910
00:47:27,440 --> 00:47:31,480
crescendo part of it. 
I think we're hearing more and 

911
00:47:31,480 --> 00:47:34,880
more reverberations, right? 
I think culturally we're only 

912
00:47:34,880 --> 00:47:39,400
beginning and technology always 
outstrips culture and our 

913
00:47:39,400 --> 00:47:43,040
ethics. 
And I think that while AI and 

914
00:47:43,040 --> 00:47:47,040
Gen. 
AI, it's neither good nor bad 

915
00:47:47,040 --> 00:47:48,960
inherently, it's just 
technology. 

916
00:47:49,400 --> 00:47:53,360
It's how people use that that 
influences things, right? 

917
00:47:53,360 --> 00:47:57,600
And I do think, as I said last 
week, that our authenticity is 

918
00:47:57,600 --> 00:48:00,320
is suffering. 
It's not irretrievably lost. 

919
00:48:01,400 --> 00:48:04,680
We will change as a result of 
this adoption of technology. 

920
00:48:05,680 --> 00:48:09,360
Is that more of who we already 
were or is that because of the 

921
00:48:09,360 --> 00:48:11,600
technology? 
I, I think it's more revealing 

922
00:48:11,600 --> 00:48:15,000
just of who we already were and 
technology is just accelerating 

923
00:48:15,000 --> 00:48:18,240
and adding to, but we're getting
into deeper waters. 

924
00:48:18,240 --> 00:48:19,000
I would. 
Say deep thoughts. 

925
00:48:19,000 --> 00:48:22,240
I feel like this is this is just
the cycle of humanity right now.

926
00:48:22,240 --> 00:48:23,240
It's AI. 
Yeah. 

927
00:48:23,400 --> 00:48:27,120
Before it was electricity, it 
was running water, it was cars, 

928
00:48:27,120 --> 00:48:29,160
it was horses, it was Spears. 
Nang. 

929
00:48:29,160 --> 00:48:31,160
Indoor plumbing, I don't trust 
it right? 

930
00:48:31,520 --> 00:48:34,560
Well, as someone who was living 
it lives in Asheville area, 

931
00:48:34,720 --> 00:48:37,400
indoor plumbing is very 
important and I'm happy to have 

932
00:48:37,400 --> 00:48:40,000
my back. 
So all right, let's send on a 

933
00:48:40,000 --> 00:48:42,080
high note here. 
Thank you so much for taking the

934
00:48:42,080 --> 00:48:45,360
time with us. 
It was a fantastic conversation,

935
00:48:45,360 --> 00:48:47,280
both this but also again, just 
really well done to the 

936
00:48:47,280 --> 00:48:49,600
authenticate conference. 
I hope actually you'll do it 

937
00:48:49,600 --> 00:48:51,720
again so more people can 
experience it at some point. 

938
00:48:51,720 --> 00:48:53,760
Is it on YouTube? 
Not. 

939
00:48:53,760 --> 00:48:55,880
Yet I think it will end up 
probably in the authenticate. 

940
00:48:56,520 --> 00:48:59,680
Somewhere of some sorts, yeah, 
it's still I think for attendees

941
00:48:59,680 --> 00:49:03,560
for a while, but if anyone wants
to hear it again, I'm hoping to 

942
00:49:03,560 --> 00:49:05,360
do it again, so. 
There we go. 

943
00:49:05,480 --> 00:49:07,000
All right, so we'll wrap it up 
there for this week. 

944
00:49:08,200 --> 00:49:10,640
You can find us on the web 
idacpodcast.com. 

945
00:49:10,720 --> 00:49:13,800
We're on YouTube, 
idacpodcast.tv. 

946
00:49:13,800 --> 00:49:15,160
Gotta make sure to get that out 
for Jim this. 

947
00:49:15,680 --> 00:49:18,480
Is very I'm I'm just here making
sure that making sure we forget 

948
00:49:18,480 --> 00:49:20,880
YouTube. 
Got our checklist, connect with 

949
00:49:20,880 --> 00:49:22,080
us on LinkedIn. 
We'll have a link in our show 

950
00:49:22,080 --> 00:49:24,720
notes for people to connect with
Mike and to learn more about 

951
00:49:24,720 --> 00:49:26,240
Sale Point if you're not 
familiar with Sale Point as 

952
00:49:26,240 --> 00:49:28,080
well. 
And yeah, don't forget to like 

953
00:49:28,080 --> 00:49:30,600
subscribe, do all those fun 
social media things to help us 

954
00:49:30,600 --> 00:49:33,160
continue to grow the show and 
get great guests like Mike. 

955
00:49:33,160 --> 00:49:36,280
So thanks for joining us and 
thanks everyone for watching and

956
00:49:36,280 --> 00:49:38,440
or listening and we'll talk with
you all in the next one. 

957
00:49:41,480 --> 00:49:44,400
You've been listening to 
Identity at the Center. 

958
00:49:44,720 --> 00:49:48,840
We hope you've enjoyed the show.
Make sure to like, rate and 

959
00:49:48,840 --> 00:49:52,440
review, and we'll be back soon. 
But in the meantime, hit the 

960
00:49:52,440 --> 00:49:55,880
website at 
identity@thecenter.com. 

961
00:49:56,480 --> 00:50:00,560
See you next time on Identity at
the Center.

