1 00:00:00,040 --> 00:00:03,440 Policy enforcement decisioning have to be very local, but the 2 00:00:03,440 --> 00:00:06,800 policy itself that's going to be used in the in the policy 3 00:00:06,800 --> 00:00:10,280 decision engine, it can be pushed in so it can be 4 00:00:10,280 --> 00:00:12,560 administered somewhere else and then pushed in. 5 00:00:12,560 --> 00:00:15,160 So that it basically is, you know the policy decisions 6 00:00:15,160 --> 00:00:18,720 running locally and that that addresses the performance 7 00:00:18,720 --> 00:00:21,120 concerns which a lot of these SAS applications are going to 8 00:00:21,120 --> 00:00:25,160 have in in these situations. So I guess that's the benefit of 9 00:00:25,160 --> 00:00:29,120 standard, right? Is that absolutely all the 10 00:00:29,120 --> 00:00:33,320 applications can kind of subscribe to the same standard 11 00:00:33,640 --> 00:00:35,880 and you get greater adoption of this model? 12 00:00:36,320 --> 00:00:39,920 Yep, yes, I mean that. And again, this is this is not 13 00:00:39,920 --> 00:00:42,040 available now, this is still early. 14 00:00:42,040 --> 00:00:44,640 This is some of the evolution of all of Zen and where it, you 15 00:00:44,640 --> 00:00:48,280 know, where it's sort of going to, but it's to enable some of 16 00:00:48,280 --> 00:00:52,640 these use cases where, you know, a policy can be developed, you 17 00:00:52,640 --> 00:00:56,280 know, and controlled by a, you know, a customer organization 18 00:00:56,560 --> 00:00:58,640 and pushed into lots of different SAS applications. 19 00:00:58,640 --> 00:01:02,040 So they all you know, so you all have individually different 20 00:01:02,040 --> 00:01:03,760 policy that you can use in those situations. 21 00:01:09,440 --> 00:01:14,640 This is identity at the centre if it has anything to do with 22 00:01:14,680 --> 00:01:19,280 IAM. This is the go to podcast now 23 00:01:19,280 --> 00:01:23,160 your hosts Jim McDonald and Jeff Stedman. 24 00:01:29,320 --> 00:01:31,800 Welcome to the Identity of Center podcast. 25 00:01:31,800 --> 00:01:35,440 I'm Jim McDonald. I am not joined today by Jeff 26 00:01:35,440 --> 00:01:37,920 Sedman. Unfortunately, he was not able 27 00:01:37,920 --> 00:01:42,200 to make it today due to business travel, but I've got a great 28 00:01:42,200 --> 00:01:46,040 show lined up for you today. We're going to talk about 29 00:01:46,280 --> 00:01:49,520 adaptive authentication and fraud prevention. 30 00:01:49,520 --> 00:01:52,440 So if that's right up your alley, you're on the you tuned 31 00:01:52,440 --> 00:01:55,280 into the right episode. You know, before we get started, 32 00:01:55,280 --> 00:01:57,680 it's our tradition to go through our discount codes. 33 00:01:58,000 --> 00:02:02,000 I've got only two today, but there are big ones if you're 34 00:02:02,000 --> 00:02:05,640 going to the European Identity and Cloud Conference that are 35 00:02:05,640 --> 00:02:10,880 known as EIC 2025. It's in Berlin and the dates are 36 00:02:10,880 --> 00:02:16,560 May 6th through May 9th. We've got a code, it's IDAC 25 37 00:02:16,720 --> 00:02:20,760 MKO that gets you 25% off the conference rate. 38 00:02:21,800 --> 00:02:25,920 The second conference discount code we have is for Identiverse 39 00:02:25,920 --> 00:02:28,800 2025. It's in Las Vegas. 40 00:02:29,040 --> 00:02:30,840 It's that's the Mandalay Bay this year. 41 00:02:30,920 --> 00:02:33,200 So if you haven't been to Mandalay Bay, it's going to be 42 00:02:33,200 --> 00:02:36,040 exciting for that reason, but it's always one of the best 43 00:02:36,040 --> 00:02:39,000 conferences of the year. That's June 3rd through June 44 00:02:39,000 --> 00:02:41,840 6th. We're going to have you use the 45 00:02:41,840 --> 00:02:50,680 code IDV 25, dash IDAC 25. That will get you 25% off these 46 00:02:50,680 --> 00:02:52,680 two codes. By the way, you're not going to 47 00:02:52,680 --> 00:02:57,040 find better out there. So I get the temptation to go 48 00:02:57,040 --> 00:02:59,120 out to Google and look for discount codes. 49 00:02:59,400 --> 00:03:02,680 I'm just going to let you know ours is the best one available. 50 00:03:03,080 --> 00:03:05,520 So as I mentioned, we're going to talk about adaptive 51 00:03:05,520 --> 00:03:07,440 authentication and fraud prevention. 52 00:03:07,720 --> 00:03:10,120 Joining me today is Patrick Harding. 53 00:03:10,320 --> 00:03:13,560 He's the chief product architect at Ping Identity. 54 00:03:13,920 --> 00:03:17,000 Welcome to the show, Patrick. Jim, thank you very much. 55 00:03:17,000 --> 00:03:18,600 Thanks for having me back. Appreciate it. 56 00:03:19,160 --> 00:03:21,080 Yeah, I'm really glad to have you here. 57 00:03:21,680 --> 00:03:23,560 Let me ask you a quick question. Are you going to be at night 58 00:03:23,560 --> 00:03:26,080 Danvers this year? I am actually going to be at 59 00:03:26,080 --> 00:03:29,080 universe, yes. Also probably going to be at EIC 60 00:03:29,080 --> 00:03:31,760 as well so I'll be at both. Oh good, good. 61 00:03:31,760 --> 00:03:34,240 We can. We can share a beer and one or 62 00:03:34,240 --> 00:03:37,280 both, or not share a beer. But I have a beer at the same 63 00:03:37,280 --> 00:03:38,720 time and the same. Value, Jim. 64 00:03:38,720 --> 00:03:40,040 I'll buy. I'll buy you a beer. 65 00:03:40,040 --> 00:03:41,040 How's that? Let's do that. 66 00:03:41,080 --> 00:03:42,640 All right. All right, And I don't have to 67 00:03:42,640 --> 00:03:44,720 share with anyone. That you can do. 68 00:03:44,720 --> 00:03:45,920 It's all yours. All yours. 69 00:03:45,920 --> 00:03:49,160 I can. Almost Yeah, my my girlfriend 70 00:03:49,160 --> 00:03:52,000 might have might argue with that, she might want me to share 71 00:03:52,000 --> 00:03:53,680 with her, but. Well, there you go. 72 00:03:54,640 --> 00:03:58,200 So Patrick, you, it's kind of our tradition around here to ask 73 00:03:58,560 --> 00:04:02,480 how did you get into identity and did they choose you or did 74 00:04:02,480 --> 00:04:06,120 you choose it? Actually, so Jim, I'd say it's a 75 00:04:06,120 --> 00:04:12,680 little bit of both. Back in the day, late 90s, I was 76 00:04:12,680 --> 00:04:15,800 doing cybersecurity before it was called cybersecurity, 77 00:04:15,800 --> 00:04:19,640 actually doing a lot of firewall infrastructure, network security 78 00:04:19,640 --> 00:04:21,120 infrastructure, things like that. 79 00:04:21,480 --> 00:04:25,280 In the kind of the early days of the web at a company called 80 00:04:25,280 --> 00:04:29,840 actually Fidelity Investments in Boston, I quickly realized at 81 00:04:29,840 --> 00:04:34,360 that time that poking hose holes through firewalls kind of wasn't 82 00:04:34,360 --> 00:04:38,040 going to be the right approach to secure web interactions and 83 00:04:38,040 --> 00:04:41,520 stuff like that. So I ended up looking and 84 00:04:41,520 --> 00:04:46,360 thinking about kind of identity and, you know, those sort of 85 00:04:46,360 --> 00:04:50,320 things. And actually coincidentally, at 86 00:04:50,320 --> 00:04:53,680 around the same time, Scott Mcneely, the CEO of Sun 87 00:04:53,680 --> 00:05:00,800 Microsystems, contacted the CEO at Fidelity and said, hey, Ned, 88 00:05:02,080 --> 00:05:04,840 there's this thing called Microsoft Passport that I'm sort 89 00:05:04,840 --> 00:05:07,960 of worried about basically. And, you know, think of it as 90 00:05:08,160 --> 00:05:11,360 centralizing all authentication on the web, owned and controlled 91 00:05:11,360 --> 00:05:13,040 by Microsoft. We don't think that's a good 92 00:05:13,040 --> 00:05:15,320 idea. We'd like you and a bunch of 93 00:05:15,320 --> 00:05:17,640 other companies to join us at this thing called Liberty 94 00:05:17,640 --> 00:05:21,680 Alliance and you know, come up with approaches to basically 95 00:05:21,680 --> 00:05:24,200 deal with that. Obviously back at that point in 96 00:05:24,200 --> 00:05:29,480 time, you know, 2000 and one 2002, Microsoft's reputation was 97 00:05:29,480 --> 00:05:31,400 very different than it was than it is today. 98 00:05:31,400 --> 00:05:34,760 I would say. So if Fidelity joined, I got 99 00:05:34,760 --> 00:05:39,160 involved and that work at Liberty Alliance ended up being 100 00:05:39,640 --> 00:05:44,120 the foundations of what was what became SAML or SAML 2 to be more 101 00:05:44,120 --> 00:05:48,640 specific. That work I did with SAML 2 led 102 00:05:48,640 --> 00:05:52,280 me to Ping Identity where we started to do the first, you 103 00:05:52,280 --> 00:05:54,880 know, Federated single sign on capabilities, dedicated 104 00:05:54,880 --> 00:05:59,520 Federated single sign on and you know, gives me 20 years later 105 00:05:59,840 --> 00:06:03,480 basically, you know, still, still solving identity problems 106 00:06:03,480 --> 00:06:07,160 because, you know, we, we, we, we, we never finished it seems 107 00:06:07,160 --> 00:06:09,480 basically. It's kind of a cool story. 108 00:06:09,560 --> 00:06:12,760 I kind of feel like you just said something like, so I was 109 00:06:12,760 --> 00:06:17,160 sitting there with Thomas Jefferson and John Adams and we 110 00:06:17,160 --> 00:06:21,320 were kind of talking about, Hey, what if everybody came to the 111 00:06:21,320 --> 00:06:26,280 table and voted for the leaders and, and, you know, like had 112 00:06:26,280 --> 00:06:28,520 that level of conversation because you just being dropped 113 00:06:28,520 --> 00:06:32,640 some some heavy hits in the beginning of, you know, identity 114 00:06:32,640 --> 00:06:36,080 kind of becoming what it is. So I thought that was a pretty 115 00:06:36,080 --> 00:06:39,520 cool, pretty cool story. Put you right there in the in 116 00:06:39,520 --> 00:06:41,960 the as a founding father. Yeah. 117 00:06:42,000 --> 00:06:43,920 Well, it was early days, definitely. 118 00:06:43,920 --> 00:06:48,120 And it's it's kind of come a long way. 119 00:06:48,360 --> 00:06:51,280 Obviously we'll talk later about the evolution of Samuel and Open 120 00:06:51,280 --> 00:06:53,800 ID Connect and stuff like that. But yeah, there's a there's been 121 00:06:53,800 --> 00:06:56,880 a lot going on over the years. Yeah, yeah. 122 00:06:56,880 --> 00:07:02,080 So I wonder every once in a while I like to do a topic that 123 00:07:02,480 --> 00:07:04,640 you kind of feel like, all right, we've been talking about 124 00:07:04,640 --> 00:07:09,440 this for a decade or more, maybe 2 decades. 125 00:07:09,440 --> 00:07:12,200 And it's kind of old hat. But we got to remember new 126 00:07:12,200 --> 00:07:15,680 people are coming into the industry and trying to kind of 127 00:07:15,680 --> 00:07:17,280 wrap their brains around some of those. 128 00:07:17,280 --> 00:07:22,680 And I had a recent conversation with one of my colleagues and he 129 00:07:22,680 --> 00:07:25,080 was asking me about authentication and more 130 00:07:25,080 --> 00:07:27,240 specifically adaptive authentication. 131 00:07:27,240 --> 00:07:33,000 So he had a SAS application that he had a particular part of this 132 00:07:33,000 --> 00:07:36,800 SAS application that this kind of that admin section and he 133 00:07:36,800 --> 00:07:42,880 wanted to force users when they access this part of the 134 00:07:42,880 --> 00:07:48,320 application to give a multi factor authentication. 135 00:07:48,320 --> 00:07:52,320 So it's kind of like the the classic use case for adaptive, I 136 00:07:52,320 --> 00:07:56,280 think. And so I was thinking this would 137 00:07:56,280 --> 00:08:00,560 be a great topic for a podcast and then you and I started to 138 00:08:00,560 --> 00:08:03,920 collaborate about having you on. I thought you'd be the perfect 139 00:08:03,920 --> 00:08:07,360 guess to talk about this. So I'm just starting with, I 140 00:08:07,360 --> 00:08:09,800 want to start, Patrick, with, you know, what are some of the 141 00:08:09,800 --> 00:08:13,760 questions that you had asked this friend of mine in terms of 142 00:08:13,760 --> 00:08:16,480 trying to uncover what he was trying to do? 143 00:08:17,480 --> 00:08:22,760 So what what he's trying to do is something we used to be able 144 00:08:22,760 --> 00:08:26,760 to do quite easily actually back in the days when we were, you 145 00:08:26,760 --> 00:08:29,200 know, when organizations were running these applications 146 00:08:29,200 --> 00:08:34,840 themselves in the data center. We had, we had much more 147 00:08:34,840 --> 00:08:40,640 flexibility in terms of being able to apply policy essentially 148 00:08:41,000 --> 00:08:44,400 to, to different things. And I would say I, I would point 149 00:08:44,400 --> 00:08:48,200 at the, the WAM products, the web access management products 150 00:08:48,200 --> 00:08:50,760 back in the day like the site minders, the Oracle access 151 00:08:50,760 --> 00:08:55,640 managers, you know, the Sun had a product in that world. 152 00:08:55,640 --> 00:08:57,080 Everybody had a product in that world. 153 00:08:57,640 --> 00:09:00,600 They, they were actually very good at helping companies 154 00:09:00,600 --> 00:09:05,000 actually do this. We can, we can talk about why, 155 00:09:05,280 --> 00:09:10,960 but with the evolution of SAS, you know, SAS really emerged 156 00:09:11,120 --> 00:09:16,400 where the, the point of SAS was that it's going to be easier and 157 00:09:16,400 --> 00:09:20,240 simpler for you to, you know, to, to use this application, you 158 00:09:20,240 --> 00:09:23,280 know, Mr. Enterprise, but we're going to take away a lot of 159 00:09:23,280 --> 00:09:26,200 flexibility, all right? We're not going to give you all 160 00:09:26,200 --> 00:09:28,960 the bells and whistles you might have had if you were able to run 161 00:09:28,960 --> 00:09:30,600 this same application on premise. 162 00:09:30,600 --> 00:09:33,080 And so that if you're going to get what you get and don't get 163 00:09:33,080 --> 00:09:35,480 upset, as I used to say to my kids basically. 164 00:09:36,920 --> 00:09:40,960 So you know, that's really, you know, the fundamental sort of 165 00:09:40,960 --> 00:09:44,480 issue here is that SAS applications have not done a lot 166 00:09:44,480 --> 00:09:50,560 over the years to cater to, you know, different enterprise 167 00:09:50,600 --> 00:09:54,080 requirements that might emerge on a case by case basis because 168 00:09:54,080 --> 00:09:55,440 they don't give you a lot of flexibility. 169 00:09:55,880 --> 00:09:59,280 I, I kind of had the same thought pattern that you just 170 00:09:59,280 --> 00:10:04,000 went over there where, you know, when you had what we call legacy 171 00:10:04,280 --> 00:10:08,680 authentication or web authentication, web auth and 172 00:10:08,680 --> 00:10:12,760 systems, you'd have essentially some sort of filter in front of 173 00:10:12,760 --> 00:10:16,440 your web server that would examine every request that 174 00:10:16,440 --> 00:10:19,280 you're making. And you can set a policy that it 175 00:10:19,280 --> 00:10:23,720 would look at that HTTP and say you're trying to access slash 176 00:10:23,720 --> 00:10:27,800 admin. We're going to kick it back and 177 00:10:27,800 --> 00:10:30,200 determine whether or not you're authenticated at the right 178 00:10:30,200 --> 00:10:32,480 level. And if not, we're going to step 179 00:10:32,480 --> 00:10:33,640 you up. Absolutely. 180 00:10:33,640 --> 00:10:36,200 That's where I started as well. And then I started to think, 181 00:10:36,200 --> 00:10:40,720 well, you know, there's the legacy piece, but there's also a 182 00:10:40,720 --> 00:10:43,760 lot of application now, single page applications. 183 00:10:43,760 --> 00:10:47,720 And you can't always just do URL filtering. 184 00:10:48,560 --> 00:10:53,360 So it's that too. So I think I so in, in terms of 185 00:10:53,360 --> 00:11:00,080 that really, you know, so where we are today, I think in so we 186 00:11:00,080 --> 00:11:03,720 don't see a lot of adaptive authentication being enabled on 187 00:11:03,720 --> 00:11:08,360 SAS applications. We are we still seem to see it 188 00:11:08,360 --> 00:11:13,680 though on I'll say and when SAS applications are more focused 189 00:11:13,680 --> 00:11:16,840 on, you know, for enterprise and for workforce, things like that. 190 00:11:17,000 --> 00:11:20,440 But we do do it see it in our customer facing applications 191 00:11:20,440 --> 00:11:23,320 where organizations are building and developing and deploying 192 00:11:23,320 --> 00:11:28,120 those applications themselves. Because you know, to me 193 00:11:28,520 --> 00:11:32,160 adaptable adaptive authentication is actually a 194 00:11:32,160 --> 00:11:35,120 authorization or policy enforcement problem. 195 00:11:35,760 --> 00:11:40,480 You, you basically need to apply policy at certain points in the 196 00:11:40,480 --> 00:11:45,280 application where you where you want to make a decision on, OK, 197 00:11:45,560 --> 00:11:51,440 do I want to essentially reauthenticate, step up the 198 00:11:51,440 --> 00:11:55,480 authentication, whatever it might be at this point on this 199 00:11:55,480 --> 00:11:59,800 transaction essentially. And as you said, when we had WAM 200 00:11:59,800 --> 00:12:02,880 products, web access management products, we could use a web 201 00:12:02,880 --> 00:12:08,520 agent or a, or a proxy as, as a place to do that enforcement. 202 00:12:08,640 --> 00:12:11,480 You know, we could check a certain URL, things like that. 203 00:12:11,680 --> 00:12:13,520 You can also do that with AP is as well. 204 00:12:13,520 --> 00:12:15,760 API gateways can do the same sort of thing, which is how you 205 00:12:15,760 --> 00:12:19,280 might address it with single page apps that might be talking 206 00:12:20,040 --> 00:12:23,800 against APIs as opposed to sort of legacy sort of, you know, web 207 00:12:23,800 --> 00:12:25,280 interactions and stuff like that. 208 00:12:25,760 --> 00:12:30,880 So we can do adaptive auth on applications, SIM applications 209 00:12:30,880 --> 00:12:35,640 that are built and deployed by, you know, different, you know, 210 00:12:35,920 --> 00:12:41,640 by our customers, but much more difficult now to do it with SAS 211 00:12:41,640 --> 00:12:45,480 applications because we don't have the ability to do that 212 00:12:45,480 --> 00:12:48,240 enforcement so easily. Essentially, you're kind of at 213 00:12:48,240 --> 00:12:52,800 the mercy of the the provider of that application, right, the 214 00:12:52,800 --> 00:12:55,160 service provider. Absolutely. 215 00:12:55,160 --> 00:12:59,080 So the one thing they've done is they've enabled, you know, 216 00:12:59,080 --> 00:13:01,440 single sign on, all right. So they've basically given you 217 00:13:01,440 --> 00:13:03,840 flexibility to control how authentication's done. 218 00:13:03,840 --> 00:13:07,640 And we do that with things like SAML, you know, SAML mostly with 219 00:13:07,880 --> 00:13:12,680 SAS applications, but, and that allows you to sort of do 220 00:13:13,280 --> 00:13:17,880 adaptive authentication at login time because you control, you 221 00:13:17,880 --> 00:13:21,080 know, you, you control the login essentially as an organization. 222 00:13:21,080 --> 00:13:24,840 So you can basically make a, you know, a decision at that point 223 00:13:24,840 --> 00:13:27,920 based on different factors about what level of authentication you 224 00:13:27,920 --> 00:13:32,840 might want at login. But once the once the user is 225 00:13:32,840 --> 00:13:36,560 inside is is, you know post authentication interacting with 226 00:13:36,560 --> 00:13:42,640 the SAS application directly. Very few SAS apps give you the 227 00:13:42,640 --> 00:13:46,880 controls the policy controls to allow you to make policy 228 00:13:46,880 --> 00:13:50,240 decisions at different points in the applications for. 229 00:13:50,240 --> 00:13:52,160 Different places, right? Anywhere other than the front 230 00:13:52,160 --> 00:13:54,120 door, right? Pretty well, yeah. 231 00:13:54,120 --> 00:13:58,440 So there's been, so there's there's been a sort of attempts 232 00:13:58,440 --> 00:14:01,200 and efforts at that. So if you think, if you look at 233 00:14:01,200 --> 00:14:05,360 the what was called the Casby market, like the cloud access 234 00:14:05,360 --> 00:14:09,200 security brokers, I think they were called, they've acted as 235 00:14:09,200 --> 00:14:12,520 proxies in front of SAS applications. 236 00:14:12,840 --> 00:14:17,880 So you know, there's an element of, of of attempting to apply 237 00:14:17,880 --> 00:14:22,760 policy there. But that tends to be more, you 238 00:14:22,760 --> 00:14:27,240 know, sort of risk based where if they think there's this is a 239 00:14:27,240 --> 00:14:31,440 risky device now they might automatically push you out to 240 00:14:31,440 --> 00:14:34,880 get you re authenticated. It doesn't allow you to do very 241 00:14:34,880 --> 00:14:41,000 easily do policy that says, all right, on this transaction type 242 00:14:41,400 --> 00:14:46,040 with this entitlement in this situation, this is, this is high 243 00:14:46,040 --> 00:14:47,560 risk. And I want you to 244 00:14:47,720 --> 00:14:49,480 reauthenticate. Think, think of, think of the 245 00:14:49,480 --> 00:14:53,200 analogy to a banking application, all right, where 246 00:14:53,480 --> 00:14:56,360 like a, you know, we, we have a, we have a banking application 247 00:14:56,720 --> 00:15:01,920 and you know, they want to set policy that says, OK, if it's 248 00:15:01,920 --> 00:15:04,960 high risk, if it, you know, if I think the user's high risk, then 249 00:15:05,200 --> 00:15:08,080 reauthent, reauthenticate them, you know, adapt, you know, adapt 250 00:15:08,080 --> 00:15:10,360 the authentication. But they have other policies 251 00:15:10,360 --> 00:15:15,240 that says if this is a payment, all right, automatically re 252 00:15:15,240 --> 00:15:17,880 authenticate them. Or if this is a payment and it's 253 00:15:17,880 --> 00:15:20,960 over $10,000, re authenticate them. 254 00:15:20,960 --> 00:15:24,440 So there's certain, you know, application transaction types 255 00:15:24,760 --> 00:15:27,120 that can get quite granular where they look, you know, that 256 00:15:27,120 --> 00:15:29,800 are considered a high risk. And and you know, not every 257 00:15:29,800 --> 00:15:32,840 organization is the same, not not every bank's the same, not 258 00:15:32,840 --> 00:15:36,680 every customer of sales force is the same in in their risk 259 00:15:36,680 --> 00:15:39,080 profile. And that's where we've lost that 260 00:15:39,080 --> 00:15:44,880 level of customization on the risk policies that people might 261 00:15:44,880 --> 00:15:46,200 want to put in place, I would say. 262 00:15:46,720 --> 00:15:48,800 Yeah, yeah. And you're getting into an area 263 00:15:48,800 --> 00:15:52,760 that I really want to explore, but you've mentioned the earlier 264 00:15:52,760 --> 00:15:56,640 that got me thinking about, OK. So if the depth of 265 00:15:56,640 --> 00:16:00,920 authentication, it's hard to do it kind of that that next level 266 00:16:00,920 --> 00:16:05,080 which I always call that coarse grained authentication or coarse 267 00:16:05,080 --> 00:16:07,520 grained authorization. Right. 268 00:16:07,840 --> 00:16:12,760 And it seems like this, you know, kind of SAML IDT model 269 00:16:12,760 --> 00:16:16,440 really works at like the resource being like the front 270 00:16:16,440 --> 00:16:19,080 door for the application, like you either have access or you 271 00:16:19,080 --> 00:16:22,400 don't have access. Maybe we're going to send some 272 00:16:22,400 --> 00:16:27,280 attributes in the payload, but for the most part, based on how 273 00:16:27,280 --> 00:16:30,880 you come in and you were talking about the device luxuriacy, but 274 00:16:30,880 --> 00:16:32,400 there's more context to it, right? 275 00:16:32,400 --> 00:16:36,200 At least the kind of the way I conceptualize it in my head is 276 00:16:36,520 --> 00:16:42,040 you've got the the actor, which has a context. 277 00:16:42,040 --> 00:16:44,680 That could be the device, it could be where the person is 278 00:16:44,680 --> 00:16:48,320 coming from, it could be, you know, several different 279 00:16:48,320 --> 00:16:51,640 attributes about that actor and they're trying to access a 280 00:16:51,640 --> 00:16:55,000 resource. And at some level, I mean, and I 281 00:16:55,000 --> 00:16:57,600 don't know if it's just marketing buzz or if this is the 282 00:16:57,600 --> 00:17:02,520 way it really works is that the actor has a risk score via that 283 00:17:02,520 --> 00:17:05,280 score of like, you know, very low or very high. 284 00:17:05,280 --> 00:17:09,240 However, it works and the resource has a risk score and as 285 00:17:09,240 --> 00:17:16,839 long as the resource matches or is better than the excuse me, if 286 00:17:16,839 --> 00:17:21,400 the actor is less risky than what's required to access the 287 00:17:21,400 --> 00:17:25,240 resource, they get right in, but if not they get challenged. 288 00:17:25,760 --> 00:17:30,040 Is that kind of the way it's working in like the modern actor 289 00:17:30,040 --> 00:17:35,920 or modern description for adaptive authentication? 290 00:17:36,760 --> 00:17:37,720 Really. Yes, somewhat. 291 00:17:37,720 --> 00:17:40,680 I mean, I just think that with SAS apps, there's, there's, 292 00:17:41,080 --> 00:17:43,920 yeah, from what we see, there's just limited controls right now, 293 00:17:44,440 --> 00:17:48,120 I think. And and I don't think we can 294 00:17:48,120 --> 00:17:52,000 really apply the agent prop, the agent model or the proxy puddle 295 00:17:52,040 --> 00:17:54,840 very well. And it's also very difficult. 296 00:17:54,840 --> 00:17:57,160 I mean, we've externalized authentication from these SAS 297 00:17:57,160 --> 00:18:01,920 applications, but externalizing authorization is actually much, 298 00:18:01,920 --> 00:18:05,320 much more difficult, All right. And the SAS applications 299 00:18:05,320 --> 00:18:07,880 themselves really don't want to do that as much as possible. 300 00:18:08,480 --> 00:18:11,720 But one of the one of the things the SAS applications have done 301 00:18:12,360 --> 00:18:18,000 is they've exposed APIs to allow you to programmatically control 302 00:18:18,280 --> 00:18:20,400 entitlements. All right, things that you're 303 00:18:20,400 --> 00:18:22,720 allowed to do. And that's something we never 304 00:18:22,720 --> 00:18:27,680 had on traditional on Prem applications like, you know, we 305 00:18:27,680 --> 00:18:30,520 never had that level of programmatic control where I can 306 00:18:30,520 --> 00:18:33,120 call an API to adjust the entitlements. 307 00:18:33,120 --> 00:18:35,680 It used to be you had to go into the database and change them 308 00:18:35,680 --> 00:18:39,600 manually or go through some, you know, weird web console to do it 309 00:18:39,600 --> 00:18:42,080 and stuff like that. So what we can actually think 310 00:18:42,080 --> 00:18:45,280 about doing now as an alternative to this actually is 311 00:18:45,800 --> 00:18:50,800 to think about it as you know, you're standing privileges of 312 00:18:50,800 --> 00:18:53,480 what you can do in this SAS application are fairly limited 313 00:18:53,960 --> 00:18:58,440 and that you might be granted privileges to do certain things, 314 00:18:59,600 --> 00:19:02,960 you know, for periods of time. So as I mentioned, quite often 315 00:19:02,960 --> 00:19:06,680 when you want to do adaptive auth, it might be on higher risk 316 00:19:06,680 --> 00:19:11,760 transactions like I want to download the financial data for 317 00:19:11,760 --> 00:19:18,800 the company or, you know, I want to approve a, a money transfer 318 00:19:18,800 --> 00:19:22,440 of X, things like that. So you could actually think 319 00:19:22,440 --> 00:19:27,240 about this now to say, all right, maybe by default, I, I'm 320 00:19:27,240 --> 00:19:30,920 not allowed to do this and I have to request permission 321 00:19:31,240 --> 00:19:34,680 basically with a with, with basically just in time access 322 00:19:34,800 --> 00:19:38,160 where I rest request permission for this entitlement, it gets 323 00:19:38,160 --> 00:19:40,680 approved. And then I'm able to do this for 324 00:19:40,680 --> 00:19:43,040 some period of time, maybe 15 minutes, 20 minutes. 325 00:19:43,360 --> 00:19:45,800 And then it's then it's taken away from me basically. 326 00:19:46,240 --> 00:19:49,640 So it's another way to think about how to control and limit 327 00:19:49,640 --> 00:19:52,840 risk essentially, which is what this is all about limiting risk 328 00:19:53,200 --> 00:19:56,400 on what people can do in these applications essentially. 329 00:19:57,320 --> 00:20:00,040 So it's just a slightly different approach, but. 330 00:20:00,560 --> 00:20:03,720 It works within the constructs of what SAS applications allow 331 00:20:03,720 --> 00:20:06,240 you to do right now essentially if they have this API based 332 00:20:06,240 --> 00:20:10,840 access to control entitlements. I want to get into the other 333 00:20:11,080 --> 00:20:12,680 scenario that you're talking about. 334 00:20:12,680 --> 00:20:19,160 You were giving that banking example and you know, further, I 335 00:20:19,160 --> 00:20:22,880 can't really go back to my original example. 336 00:20:22,880 --> 00:20:27,880 Talking with this colleague, he actually wanted to do more than 337 00:20:27,880 --> 00:20:30,520 just protect this admin application. 338 00:20:30,520 --> 00:20:33,840 You want to say, well, kind of take it to the next level and 339 00:20:33,840 --> 00:20:38,960 I'm going to make up an example that there's these workers from 340 00:20:38,960 --> 00:20:44,360 France and if somebody goes in and wants to access their 341 00:20:44,360 --> 00:20:50,920 account, that within the admin application, actually if they 342 00:20:50,920 --> 00:20:54,400 want they want to access their account or change their account, 343 00:20:54,680 --> 00:20:58,040 that's when we would kick him in the backroom. 344 00:20:58,040 --> 00:21:02,040 So in other words, we would trigger that risk score based on 345 00:21:02,880 --> 00:21:06,400 a an action and that action might be based on the data. 346 00:21:06,400 --> 00:21:09,520 So it's kind of like, you know, if you're transferring 10,001 347 00:21:09,520 --> 00:21:12,480 dollars, it gets flagged. If you're transferring 10,000, 348 00:21:12,480 --> 00:21:16,760 it doesn't, but it's based on the data and some kind of policy 349 00:21:16,760 --> 00:21:19,560 or rule set. Yep, that seems to me like 350 00:21:19,560 --> 00:21:24,880 that's advanced fraud analytics. That's more than your typical 351 00:21:24,880 --> 00:21:27,840 IDP is going to achieve for you, right? 352 00:21:27,840 --> 00:21:33,280 There's there's some kind of additional system that is kind 353 00:21:33,280 --> 00:21:36,000 of examining that process, is that right? 354 00:21:36,560 --> 00:21:38,880 Yeah. I mean, unless the application 355 00:21:38,880 --> 00:21:41,640 itself like a sales force, you know, I'm talking about 356 00:21:41,640 --> 00:21:44,720 workforce applications now, like a sales force or a service now 357 00:21:44,720 --> 00:21:49,720 or a work day, unless they build that in directly into their into 358 00:21:49,720 --> 00:21:54,400 their applications, you know it, you know, they're going to have 359 00:21:54,400 --> 00:21:57,160 to take those requests from customers and sort of add that 360 00:21:57,160 --> 00:21:59,360 capability basically. And you know, not a lot of them 361 00:21:59,360 --> 00:22:05,760 are doing that where just because what, what is considered 362 00:22:06,000 --> 00:22:09,280 risk risky for different, you know, different customers is 363 00:22:09,280 --> 00:22:11,080 different. Basically the fact is that in 364 00:22:11,080 --> 00:22:13,640 this case it was France. France is a big deal. 365 00:22:13,840 --> 00:22:15,960 They've got to they won't have different policies because it's 366 00:22:15,960 --> 00:22:18,600 a French, it's a French user, non French user. 367 00:22:18,800 --> 00:22:21,960 That might not apply for other, you know, for other customers. 368 00:22:22,680 --> 00:22:30,320 What but what I think can be done and what's evolving is 369 00:22:30,320 --> 00:22:35,360 standards that allow us to externalize policy from the SAS 370 00:22:35,360 --> 00:22:38,240 applications. The SAS applications might make 371 00:22:38,240 --> 00:22:43,360 the policy decisions and, and, and the enforcement themselves, 372 00:22:43,920 --> 00:22:48,880 but the policy itself as opposed to actually, you know, creating 373 00:22:48,880 --> 00:22:52,360 it inside the admin console of Salesforce based on what they 374 00:22:52,360 --> 00:22:54,640 can do. There are opportunities to 375 00:22:54,640 --> 00:22:58,800 externalize that and use standards like emerging 376 00:22:58,800 --> 00:23:03,120 standards like Author's Ed or ZED or Zen or Zen, I should say. 377 00:23:03,120 --> 00:23:09,400 Also. Zen yes, as a as a, as a 378 00:23:09,400 --> 00:23:14,440 mechanism to build those policies externally and then, 379 00:23:15,040 --> 00:23:18,320 you know, push them into the applications essentially so that 380 00:23:18,360 --> 00:23:21,400 that starts to give you the flexibility of all right, 381 00:23:22,720 --> 00:23:24,920 different, you know, different policies can be written by 382 00:23:24,920 --> 00:23:28,240 different customers, but they can be enforced by the 383 00:23:28,240 --> 00:23:31,640 applications and enforced locally basically in this 384 00:23:31,640 --> 00:23:34,240 situation and that gives you more flexibility. 385 00:23:34,960 --> 00:23:38,280 So the application winds up reaching out to this external 386 00:23:38,520 --> 00:23:40,360 process. I was wondering if there's 387 00:23:40,360 --> 00:23:44,240 actually like some kind of proxy that data would. 388 00:23:44,240 --> 00:23:47,400 I would, I would, I would say it's working the other way. 389 00:23:47,400 --> 00:23:51,320 One of the things that when you, when you talk about centralizing 390 00:23:51,320 --> 00:23:57,040 authorization is that if you think of there's policy 391 00:23:57,040 --> 00:24:00,840 enforcement and policy decisioning and you know, 392 00:24:00,840 --> 00:24:05,760 basically those things generally need to work very fast. 393 00:24:05,920 --> 00:24:09,600 All right, You can't, you can't be calling out over the Internet 394 00:24:09,600 --> 00:24:11,440 for every policy decision to be made. 395 00:24:11,440 --> 00:24:15,200 You can't be phoning home like Salesforce can't call back to 396 00:24:15,200 --> 00:24:18,040 their customer for every policy decision to be made. 397 00:24:18,040 --> 00:24:19,960 Essentially, it's, it's just too slow. 398 00:24:20,640 --> 00:24:23,000 So policy enforcement decisioning have to be very 399 00:24:23,000 --> 00:24:27,080 local, but the policy itself that's going to be used in the 400 00:24:27,080 --> 00:24:31,120 in the policy decision engine, it can be pushed in so it can be 401 00:24:31,120 --> 00:24:33,440 administered somewhere else and then pushed in. 402 00:24:33,440 --> 00:24:36,040 So that it basically is, you know the policy decisions 403 00:24:36,040 --> 00:24:39,560 running locally and that that addresses the performance 404 00:24:39,560 --> 00:24:41,960 concerns which a lot of these SAS applications are going to 405 00:24:41,960 --> 00:24:46,000 have in in these situations. So I guess that's the benefit of 406 00:24:46,000 --> 00:24:50,040 standard, right? Is that absolutely yes, all the 407 00:24:50,040 --> 00:24:54,200 applications can kind of subscribe to the same standard 408 00:24:54,520 --> 00:24:56,760 and you get greater adoption of this model. 409 00:24:57,200 --> 00:25:00,800 Yep, yes, I mean that. And again, this is this is not 410 00:25:00,800 --> 00:25:02,960 available now, this is still early. 411 00:25:02,960 --> 00:25:05,520 This is some of the evolution of all of Zen and where it, you 412 00:25:05,520 --> 00:25:09,160 know, where it's sort of going to, but it's to enable some of 413 00:25:09,160 --> 00:25:13,520 these use cases where, you know, a policy can be developed, you 414 00:25:13,520 --> 00:25:17,120 know, and controlled by a, you know, a customer organization 415 00:25:17,400 --> 00:25:19,480 and pushed into lots of different SAS applications. 416 00:25:19,480 --> 00:25:22,880 So they all you know, so you all have individually different 417 00:25:22,880 --> 00:25:24,600 policy that you can use in those situations. 418 00:25:25,680 --> 00:25:29,800 I'm kind of getting the sense from this conversation that it's 419 00:25:29,800 --> 00:25:34,360 really like the the benefit of a SAS application is that it's 420 00:25:34,360 --> 00:25:37,120 easy to get integrated with initially. 421 00:25:37,360 --> 00:25:41,400 You can provide the services and a pretty good level of security, 422 00:25:41,400 --> 00:25:45,240 at least from an authentication standpoint by integrating into 423 00:25:45,240 --> 00:25:48,400 your IDP. The downside is that if you want 424 00:25:48,400 --> 00:25:51,960 to get real fine grain, you know, there's only so much that 425 00:25:51,960 --> 00:25:54,400 you can do. So that's kind of where I 426 00:25:54,400 --> 00:25:57,800 summarize where we are so far. But something that's in the back 427 00:25:57,800 --> 00:26:04,560 of my head is also, you've got SAML to as the methodology to 428 00:26:04,560 --> 00:26:07,480 integrate, you've got Open ID Connect. 429 00:26:07,800 --> 00:26:13,680 And I'm wondering if there is, if the ability to handle 430 00:26:13,680 --> 00:26:17,640 authorization is part of the reason why you would choose one 431 00:26:17,640 --> 00:26:20,320 over the other. Is there a major advantage to 432 00:26:20,560 --> 00:26:24,320 integrating with Open ID Connect versus SAML when it comes to 433 00:26:24,320 --> 00:26:27,720 this whole topic that we're talking about and being able to 434 00:26:28,080 --> 00:26:32,160 either Dr. Adaptive authentication or, you know, 435 00:26:32,160 --> 00:26:34,920 have more control over authorization? 436 00:26:36,400 --> 00:26:41,920 So this, so it's interesting, I think it's, it's, it's 437 00:26:41,920 --> 00:26:45,640 interesting how SAML has become sort of the, the de facto 438 00:26:45,640 --> 00:26:48,840 default SSO standard for enterprise SAS applications. 439 00:26:49,160 --> 00:26:53,400 And that was originally driven by Google and Salesforce 440 00:26:53,400 --> 00:26:56,080 adopting it back in, I don't know, almost 20 years ago. 441 00:26:56,600 --> 00:27:01,520 And generally speaking, most SAS vendors now kind of adopt that 442 00:27:01,520 --> 00:27:03,840 by default because they know that most of their customers are 443 00:27:03,840 --> 00:27:06,080 going to have a SAML IDP capability. 444 00:27:07,320 --> 00:27:09,880 But there hasn't really been much innovation happening in 445 00:27:09,880 --> 00:27:12,640 SAML for the last 1015 plus years. 446 00:27:12,640 --> 00:27:16,000 It kind of works. It does it's thing where where 447 00:27:16,000 --> 00:27:19,280 we are starting to see innovation still is in the Oauth 448 00:27:19,280 --> 00:27:22,720 and Open ID Connect world. And even though I'd say today 449 00:27:22,720 --> 00:27:26,960 Open ID Connect doesn't offer any major advantages, probably 450 00:27:26,960 --> 00:27:30,120 the, the one major one is it's kind of easier to set up and 451 00:27:30,120 --> 00:27:35,080 configure and you, you can avoid some of the complexity around 452 00:27:35,080 --> 00:27:37,280 certificate management and stuff like that because it can be more 453 00:27:37,280 --> 00:27:42,640 dynamic in it's nature that, you know, some of the innovation 454 00:27:42,640 --> 00:27:45,640 emerging there. Well, any innovation we do is 455 00:27:45,640 --> 00:27:49,880 going to emerge in those areas. So I, you know, that's why I 456 00:27:49,880 --> 00:27:53,160 believe all the Zen is actually part of the is happening within 457 00:27:53,160 --> 00:27:54,960 the constructs of the Open ID Foundation. 458 00:27:55,200 --> 00:27:57,880 All right, so it's close. It's going to be closer to Open 459 00:27:57,880 --> 00:27:59,840 ID Connect than ever. It's going to be the SAML. 460 00:28:00,480 --> 00:28:05,000 So definitely as we evolve to some of these newer protocols to 461 00:28:05,000 --> 00:28:08,240 address problems, you know existing problems, they're all 462 00:28:08,240 --> 00:28:10,760 happening in that open ID connect oriented world. 463 00:28:12,280 --> 00:28:14,520 I don't think there's ever going to be a pre req that you need 464 00:28:14,520 --> 00:28:18,600 open ID connect, but it it's all happening there and I think will 465 00:28:18,600 --> 00:28:22,600 evolve there over time. And you know, most generally 466 00:28:22,600 --> 00:28:26,720 speaking, any customer today that has a IDP that supports 467 00:28:26,720 --> 00:28:29,680 SAML, that IDP is also going to support Open ID Connect as well. 468 00:28:29,680 --> 00:28:33,240 So it's not like it's it's more the SAS vendors themselves 469 00:28:33,720 --> 00:28:37,440 choosing to build something beyond SAML, given that that's 470 00:28:37,440 --> 00:28:41,080 been the default for so long. So it's the advantage that there 471 00:28:41,080 --> 00:28:44,760 are today, but it's also where everything is heading, or I 472 00:28:44,760 --> 00:28:47,040 shouldn't say where everything is heading, but if you're 473 00:28:47,040 --> 00:28:53,160 expecting innovation, especially like things to do with Austin, 474 00:28:53,160 --> 00:28:57,400 any kind of let me just make city easily where things are 475 00:28:57,400 --> 00:28:59,200 heading. If you have the choice between 476 00:28:59,200 --> 00:29:04,520 Samuel and OIDC, choose OIDCI. Think you made the point earlier 477 00:29:04,520 --> 00:29:08,040 though that you know, if you look at a basket of size 478 00:29:08,040 --> 00:29:12,120 applications, it's more than likely that the majority 479 00:29:12,120 --> 00:29:16,040 supporters, Samuel, they're still, I always find it like 480 00:29:16,040 --> 00:29:19,320 amazing and there's an enterprise grade application 481 00:29:19,560 --> 00:29:23,960 that doesn't even support SAML or that they they charge the 482 00:29:24,360 --> 00:29:28,120 integrate via SAML. And that I was going to, I was 483 00:29:28,120 --> 00:29:29,960 going to mention that there's two things actually. 484 00:29:30,200 --> 00:29:33,720 So one thing with we've seen over the last few years is that, 485 00:29:34,920 --> 00:29:37,760 you know, a lot of a lot of large organizations still have a 486 00:29:37,760 --> 00:29:40,640 lot of, I'll call them on premise applications or 487 00:29:40,640 --> 00:29:44,480 applications that might be now deployed in, in their, in their 488 00:29:44,480 --> 00:29:47,840 cloud infrastructure, basically as cloud native, like running in 489 00:29:47,840 --> 00:29:51,440 that customer's AWS environment or GCP environment or Azure 490 00:29:51,440 --> 00:29:53,400 environment. So, you know, I'll just say it's 491 00:29:53,400 --> 00:29:55,960 a, it's a derivative of on Prem. It just happens to be in their 492 00:29:55,960 --> 00:29:59,000 cloud. They still want single sign on 493 00:29:59,120 --> 00:30:02,920 to those applications. And actually what we've seen 494 00:30:02,920 --> 00:30:07,160 there is, you know, 15 years ago, 10-15 years ago, they might 495 00:30:07,160 --> 00:30:08,960 have used a web access management product. 496 00:30:09,360 --> 00:30:12,160 They've actually instead now shifted over to support Open ID 497 00:30:12,160 --> 00:30:15,000 Connect. So you're seeing Open ID Connect 498 00:30:15,000 --> 00:30:19,600 used for those sort of on Prem cloud native applications that 499 00:30:19,600 --> 00:30:22,920 the enterprise is using, but it's quite often SAML for the 500 00:30:22,920 --> 00:30:26,360 SAS applications. So I could definitely see SAS 501 00:30:26,360 --> 00:30:30,080 applications evolving to Open ID Connect as well, just to make it 502 00:30:30,080 --> 00:30:32,840 consistent across the organization actually. 503 00:30:33,640 --> 00:30:34,840 Do you find? That do. 504 00:30:35,880 --> 00:30:37,760 You find that the level of refer to. 505 00:30:39,440 --> 00:30:44,240 Let's say, you know, you had some application that 10-15 506 00:30:44,240 --> 00:30:48,160 years ago you wanted to quote UN quote webify and you had a 507 00:30:48,160 --> 00:30:51,240 consulting firm come in. They they filled this app. 508 00:30:52,400 --> 00:30:56,560 It's not integrated even with SAML, but now's the time. 509 00:30:56,560 --> 00:30:59,840 It's like maybe you have it behind a reverse proxy, but you 510 00:30:59,840 --> 00:31:03,200 say it's not going anywhere. You want to get reverse proxy 511 00:31:03,200 --> 00:31:08,480 out of your environment and you say OK well I could convert it 512 00:31:08,480 --> 00:31:13,400 to SAML or OIDC. Is there a significant 513 00:31:14,680 --> 00:31:19,120 difference in the amount of effort to do one over the other 514 00:31:19,120 --> 00:31:22,880 and is that driving developers decisions a lot of times? 515 00:31:23,320 --> 00:31:25,600 Yeah, I think, I mean, traditionally, you know, you 516 00:31:25,800 --> 00:31:27,480 know, we learned a lot from SAML. 517 00:31:27,880 --> 00:31:30,440 The Open ID connect is definitely a lot simpler. 518 00:31:31,160 --> 00:31:33,720 Just you know, because we learn a lot from, you know, you know, 519 00:31:33,720 --> 00:31:36,000 there were certain mistakes and things we did in SAML that, you 520 00:31:36,000 --> 00:31:37,840 know, we chose to fix an Open ID connect. 521 00:31:39,880 --> 00:31:45,000 And actually now with with open ID connect, there are servers 522 00:31:45,000 --> 00:31:48,680 and even, you know, web agent plug insurance and and proxy 523 00:31:48,680 --> 00:31:51,160 plug insurance like nginx plug insurance to and you know, open 524 00:31:51,160 --> 00:31:53,480 ID connect enable your applications. 525 00:31:53,480 --> 00:31:59,760 Like a guy that used to work for me, Hans, you know, built, built 526 00:31:59,840 --> 00:32:04,000 the Apache, you know, you know, the Apache and the nginx mod 527 00:32:04,000 --> 00:32:06,960 open ID connect as a, as a plug into Apache that you can 528 00:32:06,960 --> 00:32:09,240 basically use to open ID connect your applications. 529 00:32:09,240 --> 00:32:14,000 So it's a, it's a lot, you know, it's, it's, it's a lot, lot 530 00:32:14,000 --> 00:32:17,680 lower barrier to entry to have your application support those 531 00:32:17,680 --> 00:32:19,880 protocols right now. So there's really no reason they 532 00:32:19,880 --> 00:32:22,720 shouldn't, essentially. Yeah, absolutely. 533 00:32:22,960 --> 00:32:25,120 I want to go back to your. I want to go back to your point 534 00:32:25,120 --> 00:32:33,040 though, about SAS applications now charging for SAML and what, 535 00:32:33,160 --> 00:32:37,200 what, what completely freaks, you know, freaks me out here is 536 00:32:37,200 --> 00:32:41,240 that I've, I've heard more, yeah, more and more SAS vendors 537 00:32:41,240 --> 00:32:44,480 are charging for their enterprise grade features. 538 00:32:44,560 --> 00:32:46,440 I'll say that you've got to pay extra for them. 539 00:32:46,920 --> 00:32:49,720 And those enterprise gauge features include SAML single 540 00:32:49,720 --> 00:32:53,240 sign on. But now there's, you know, you 541 00:32:53,240 --> 00:32:57,920 know, companies emerging that are saying, Hey, we, you know, 542 00:32:58,160 --> 00:33:00,520 you can, we'll give you single sign on to your SAS 543 00:33:00,520 --> 00:33:04,880 applications, but but do it in a way that you don't have to pay 544 00:33:04,880 --> 00:33:08,080 the SAS vendors to support it. And the way they're solving this 545 00:33:08,080 --> 00:33:11,640 is actually through password vaulting, all right, which is 546 00:33:11,800 --> 00:33:16,960 basically goes back to what we were doing 20 years ago in, in 547 00:33:16,960 --> 00:33:19,360 terms of password vaulting people to get access to these 548 00:33:19,360 --> 00:33:21,320 applications. We've now gone back to it 549 00:33:21,600 --> 00:33:24,360 because people don't, don't want to have to pay for single sign 550 00:33:24,360 --> 00:33:27,000 on anymore through things like SAML and stuff like that. 551 00:33:27,000 --> 00:33:32,200 So it's kind of, I don't know, kind of annoying anyway. 552 00:33:32,840 --> 00:33:38,400 There's a website called SSO dot tax. 553 00:33:38,400 --> 00:33:41,800 It's kind of the single sign on Wall of Shame. 554 00:33:42,720 --> 00:33:44,120 OK, I hadn't actually even heard of that. 555 00:33:44,120 --> 00:33:45,680 That's interesting. I've got to go check that out. 556 00:33:45,880 --> 00:33:48,200 But yeah, this is like it. You know, you try and do the 557 00:33:48,200 --> 00:33:51,400 right thing and, you know, capitalism gets in the way. 558 00:33:51,400 --> 00:33:54,440 I'll say that. So, Patrick, in the future, you 559 00:33:54,440 --> 00:33:56,800 know, you keep hearing about these AI agents and they're 560 00:33:56,800 --> 00:34:01,160 going to play a pretty heavy role in terms of how we get our 561 00:34:01,160 --> 00:34:05,000 work done. And I think adaptive 562 00:34:05,000 --> 00:34:09,080 authentication winds up playing a role in that because we wind 563 00:34:09,080 --> 00:34:11,040 up delegating work to them, right? 564 00:34:11,040 --> 00:34:13,960 So they're authenticating on our part. 565 00:34:15,159 --> 00:34:18,800 They're essentially, you know, pretending they're us or getting 566 00:34:18,800 --> 00:34:22,280 work done for us. And obviously, there's the 567 00:34:23,000 --> 00:34:28,760 potential that they will be seen as robots, bad code, malicious 568 00:34:28,760 --> 00:34:30,159 code, whatever you want to call it. 569 00:34:32,320 --> 00:34:35,800 Let's keep the basic and first start with this concept of AI 570 00:34:35,800 --> 00:34:38,600 agents. What are AI agents? 571 00:34:38,840 --> 00:34:43,440 And then feel free to kind of go off on what I just said, whether 572 00:34:43,440 --> 00:34:47,760 I was right or wrong, You know, how does this topic of adaptive 573 00:34:47,760 --> 00:34:52,199 authentication fraud prevention play into, you know, this AI 574 00:34:52,199 --> 00:34:54,440 agent future? Sure. 575 00:34:54,440 --> 00:34:58,680 So, but we've been thinking a lot about AI agents over the 576 00:34:58,680 --> 00:35:01,680 last probably 12 months and the impact they're going to have and 577 00:35:01,680 --> 00:35:04,840 the impact's going to be huge. And I don't think people quite 578 00:35:04,840 --> 00:35:07,560 understand yet how big an impact they're going to have. 579 00:35:07,720 --> 00:35:13,240 Honestly, the, you know, we kind of didn't touch on it earlier, 580 00:35:13,240 --> 00:35:16,080 but you know, one of the key points about adaptive oath is 581 00:35:16,080 --> 00:35:19,000 the fact that, you know, it might not be policy based, it 582 00:35:19,000 --> 00:35:21,080 might be risk based. If you get a risk score back 583 00:35:21,080 --> 00:35:23,960 from your fraud system, you might choose to adjust how you 584 00:35:23,960 --> 00:35:26,200 authenticate. That's a really traditional sort 585 00:35:26,200 --> 00:35:28,720 of model. And those frisk and fraud 586 00:35:28,720 --> 00:35:33,200 systems quite often are looking to detect bots and stuff like 587 00:35:33,200 --> 00:35:36,640 that to prevent ATATO attacks and things like that. 588 00:35:37,280 --> 00:35:40,440 So then, you know, as we evolve into, you know, the notion of AI 589 00:35:40,600 --> 00:35:44,720 agents, you know, think of, you know, to me, AI agents are 590 00:35:44,720 --> 00:35:50,320 different because they are processes that can actually, you 591 00:35:50,320 --> 00:35:53,840 know, reason and dynamically change over time. 592 00:35:54,240 --> 00:35:57,360 So unlike a traditional computer process where you have a certain 593 00:35:57,360 --> 00:35:59,600 set of inputs and you, you know, you know, you're going to get 594 00:35:59,600 --> 00:36:04,800 the same outputs every time, AI agents evolve and the input, you 595 00:36:04,800 --> 00:36:09,120 know, you know, the inputs one day will drive different outputs 596 00:36:09,280 --> 00:36:13,120 over time as they, you know, as they dynamically learn, you 597 00:36:13,120 --> 00:36:15,480 know, they reason, you know, they, they just, they get 598 00:36:15,480 --> 00:36:17,080 smarter over time, stuff like that. 599 00:36:17,080 --> 00:36:20,480 So a lot, a lot changes with the way you think about an AI agent. 600 00:36:21,080 --> 00:36:25,640 So AI agents are going to sort of appear in a couple of 601 00:36:25,640 --> 00:36:28,040 different ways. Where I think it gets 602 00:36:28,040 --> 00:36:33,840 interesting is when AI, an AI agent can actually interact with 603 00:36:34,400 --> 00:36:40,200 a gooey, like the gooey that's on your on your laptop and it 604 00:36:40,200 --> 00:36:42,640 appears like a human. All right. 605 00:36:42,760 --> 00:36:47,000 I mean, this is like what the operator operator tool from open 606 00:36:47,000 --> 00:36:49,360 AI does. It'll literally drives the 607 00:36:49,360 --> 00:36:52,400 browser and it does that while it actually, you know, 608 00:36:52,400 --> 00:36:55,480 basically, you know, tries to complete a, a task or a set of 609 00:36:55,480 --> 00:36:58,320 tasks. So now if you can imagine you've 610 00:36:58,320 --> 00:37:03,040 got AAI agent on your desktop that's basically looking to do 611 00:37:03,040 --> 00:37:06,320 things automatically add things to your calendar, automatically 612 00:37:06,320 --> 00:37:11,080 update Salesforce with certain data that you got thick that 613 00:37:11,080 --> 00:37:14,480 that's, that's workforce examples in consumer examples, 614 00:37:14,480 --> 00:37:19,400 it could be automatically search across 3 websites looking for a 615 00:37:19,400 --> 00:37:22,840 cheap pair of jeans and then buy those jeans, stuff like that. 616 00:37:22,840 --> 00:37:27,000 Whatever it might be. We now have to basically, you 617 00:37:27,000 --> 00:37:31,080 know, AI agents are going to see, you know, be used. 618 00:37:31,600 --> 00:37:37,120 How do websites differentiate an AI agent from a bot? 619 00:37:37,960 --> 00:37:41,000 All right, where traditionally we've thought of bots to be bad. 620 00:37:41,320 --> 00:37:43,600 So we have to have ways to basically distinguish an AI 621 00:37:43,600 --> 00:37:47,120 agent from a bot. And then we have to have ways 622 00:37:47,600 --> 00:37:52,160 for that AI agent to be able to authenticate through that 623 00:37:52,160 --> 00:37:56,040 website, all right, such that it can do things on behalf of the 624 00:37:56,040 --> 00:37:58,560 user. One of the, you know, one of 625 00:37:58,560 --> 00:38:03,000 the, you know, and obviously adaptive fits into this in many 626 00:38:03,000 --> 00:38:05,880 ways because we're going to adapt basically understanding 627 00:38:05,880 --> 00:38:09,280 whether this is a bot or, I'm sorry, an agent or a human. 628 00:38:09,760 --> 00:38:12,800 And if it's an agent, we want to handle authentication 629 00:38:12,800 --> 00:38:20,080 differently, things like that. The in the case where the AI 630 00:38:20,080 --> 00:38:24,840 agent now needs to authenticate, the last thing we want to do is 631 00:38:24,840 --> 00:38:28,760 have the AI agent essentially impersonate the user. 632 00:38:28,880 --> 00:38:33,840 And by that I mean just use the credentials that the user 633 00:38:34,000 --> 00:38:37,400 generally uses. So I don't want the AI agent to 634 00:38:37,400 --> 00:38:41,520 basically just take my ID and password and log in as me. 635 00:38:42,280 --> 00:38:44,840 All right, What what we're creating at that point is 636 00:38:44,840 --> 00:38:48,040 essentially what's what, you know, what we, what a lot of the 637 00:38:48,600 --> 00:38:52,760 in the banking world, the Yodelies and the mints have the 638 00:38:52,760 --> 00:38:56,680 world did when they did screen scraping to basically use my 639 00:38:56,680 --> 00:39:00,200 banking credentials and log into the bank, screen scrape stuff 640 00:39:00,520 --> 00:39:02,760 and return it. The banks hated that. 641 00:39:03,160 --> 00:39:06,680 And you know, there's all sorts of security risks associated 642 00:39:06,680 --> 00:39:10,320 with that and AI agents, if we don't fix this or address this 643 00:39:10,320 --> 00:39:13,680 and just going to do this, you know, 10 orders of magnitude 644 00:39:13,680 --> 00:39:15,080 more, it's going to happen everywhere. 645 00:39:15,680 --> 00:39:18,840 So what we really need to, you know, address or push for is the 646 00:39:18,840 --> 00:39:22,160 notion of delegation. All right, by Patrick and going 647 00:39:22,160 --> 00:39:25,120 to delegate this AI agent to go do this on my behalf. 648 00:39:25,320 --> 00:39:30,400 So that means applications that want to be kind of agent aware 649 00:39:30,640 --> 00:39:33,280 need to sort of support this notion of delegation where, you 650 00:39:33,280 --> 00:39:35,720 know, I can delegate responsibility to this agent 651 00:39:35,720 --> 00:39:37,760 acting on my behalf to do things basically. 652 00:39:38,280 --> 00:39:41,880 And you know, the agent still has to authenticate itself, but 653 00:39:41,880 --> 00:39:44,480 it can do that. You know, we, we can start to do 654 00:39:44,480 --> 00:39:49,320 that in ways that doesn't require, you know, similar to 655 00:39:49,320 --> 00:39:52,760 the ways we might have done this with sort of traditional Oauth 656 00:39:52,760 --> 00:39:56,520 and stuff like that where you, you consent to an Oauth client 657 00:39:56,520 --> 00:39:59,040 to act on my behalf to do things, things like that 658 00:39:59,040 --> 00:40:01,040 basically. So that's what. 659 00:40:01,040 --> 00:40:05,200 We're going to evolve to yes. I mean, you think, think about 660 00:40:05,200 --> 00:40:10,680 the way you talked about there with so, so the security problem 661 00:40:10,680 --> 00:40:14,760 is systems that are meant to detect bots, while the AI agents 662 00:40:14,760 --> 00:40:19,360 are bots if they're doing their job by saying you can't proceed, 663 00:40:19,800 --> 00:40:22,760 but they're good bots. So now the question is, how do 664 00:40:22,760 --> 00:40:24,920 you tell the good bots from the bad bots? 665 00:40:25,440 --> 00:40:28,280 So we're, we're actually looking at, we're actually looking at 666 00:40:28,280 --> 00:40:35,240 ways where a website can advertise and, and, and, and let 667 00:40:35,320 --> 00:40:41,600 AAI agent know that, hey, if you're an AI agent, go do this, 668 00:40:42,480 --> 00:40:44,800 all right. And it basically, you know, it's 669 00:40:44,800 --> 00:40:47,600 kind of lets the AI, it tells the AI agent what to do 670 00:40:47,880 --> 00:40:50,440 essentially. And it would be distinct from 671 00:40:50,440 --> 00:40:53,920 what a human would be doing if they're interacting with the 672 00:40:53,920 --> 00:40:58,440 website in that way as well. So it, it's, it's challenging 673 00:40:58,840 --> 00:41:05,680 and actually it's going to force a lot, a lot of organizations to 674 00:41:05,680 --> 00:41:08,400 have to update the way and how they sort of they think about 675 00:41:08,400 --> 00:41:11,280 interacting with these things basically to support this if 676 00:41:11,280 --> 00:41:13,040 they want to, you know, if they want to take advantage of it. 677 00:41:14,120 --> 00:41:17,000 Yeah, I heard one of these quote, you know, quote UN quote 678 00:41:17,280 --> 00:41:21,360 outlandish statements. What will be the first one 679 00:41:21,360 --> 00:41:25,240 person company worth a billion dollars, you know, and the idea 680 00:41:25,240 --> 00:41:30,440 is you could have agents or bots running your entire company. 681 00:41:30,440 --> 00:41:33,520 You can imagine actually the example that you bought or you 682 00:41:33,520 --> 00:41:36,720 brought up, which is you go out, look for the cheapest pair of 683 00:41:36,720 --> 00:41:39,360 jeans. Now say you're doing that on a 684 00:41:39,360 --> 00:41:41,640 wholesale level, you're buying them. 685 00:41:41,880 --> 00:41:45,120 Maybe you're warehousing virtually and you're shipping 686 00:41:45,120 --> 00:41:48,680 virtually. So you're taking orders online 687 00:41:48,960 --> 00:41:52,760 and you're just moving these items and taking payments and 688 00:41:53,520 --> 00:41:55,520 your whole company is basically bots. 689 00:41:55,800 --> 00:41:58,240 Yes. Well, the, so the other example 690 00:41:58,240 --> 00:42:01,560 here is, you know, I gave an example of where a user is kind 691 00:42:01,560 --> 00:42:04,840 of, you know, bringing in their own agent and it's, and it's 692 00:42:04,840 --> 00:42:08,720 going to do work on my behalf. But there are also examples of 693 00:42:08,720 --> 00:42:12,160 agents that are being created that are kind of more autonomous 694 00:42:12,160 --> 00:42:15,320 and they're acting as kind of digital workers where they're 695 00:42:15,320 --> 00:42:19,920 autonomous off basically independently doing things, you 696 00:42:19,920 --> 00:42:23,720 know, for an organization. And there might be 10s of 697 00:42:23,720 --> 00:42:27,320 thousands, hundreds of thousands of these digital workers that 698 00:42:27,320 --> 00:42:31,920 are going off performing tasks. Those agents likely are going to 699 00:42:31,920 --> 00:42:35,320 need identities of their own, because to me, they're no 700 00:42:35,320 --> 00:42:38,840 different to a human user, especially if they're 701 00:42:38,840 --> 00:42:41,680 interacting with systems that humans interact with. 702 00:42:41,840 --> 00:42:44,480 And now the digital worker, that agent is a digital worker is 703 00:42:44,480 --> 00:42:47,440 doing it instead. Those applications are going to 704 00:42:47,440 --> 00:42:50,120 have to actually know, all right, this digital worker has 705 00:42:50,120 --> 00:42:52,800 an identity. It's going to authenticate to 706 00:42:52,800 --> 00:42:55,080 me, all right? It's going to be given a set of 707 00:42:55,080 --> 00:42:58,200 entitlements to do things. It's going to, you know, the 708 00:42:58,200 --> 00:43:01,320 entitlements and, and it's identity is going to have to be 709 00:43:01,320 --> 00:43:03,120 this life cycle of management around that. 710 00:43:03,120 --> 00:43:08,160 It's going to have to be, you know, granted and taken away. 711 00:43:08,280 --> 00:43:10,200 Access is going to have to be approved. 712 00:43:10,640 --> 00:43:12,960 It it's going to act very similar to the way we think 713 00:43:12,960 --> 00:43:16,160 about kind of IGA today for human users and what they can 714 00:43:16,160 --> 00:43:18,240 do. But we're going to apply it at 715 00:43:18,240 --> 00:43:21,600 massive scale for, for these, you know, you know, digital 716 00:43:21,600 --> 00:43:24,200 workers that are, they're essentially just AI agents in 717 00:43:24,200 --> 00:43:27,040 these situations. So there's, there's a whole 718 00:43:27,040 --> 00:43:29,960 other class of stuff that's happening there sort of inside 719 00:43:29,960 --> 00:43:32,280 the organization as well in terms of what's happening too. 720 00:43:32,920 --> 00:43:37,960 So, you know, again, it's, it's, it's, it's all coming. 721 00:43:37,960 --> 00:43:40,160 And I know a lot of people are thinking about this and talking 722 00:43:40,160 --> 00:43:42,880 about this, but I think it's going to come a lot faster than 723 00:43:42,880 --> 00:43:45,640 we than we might imagine actually. 724 00:43:46,840 --> 00:43:53,680 So do people wind up being replaced by the AI agents in the 725 00:43:53,680 --> 00:43:58,760 end to do we serve any purpose if the AI agents can do it all 726 00:43:58,760 --> 00:44:00,520 themselves? I know it. 727 00:44:00,840 --> 00:44:03,400 It almost seems like a silly question, but people brought it 728 00:44:03,400 --> 00:44:06,480 up a long time ago. And every once in a while you 729 00:44:06,480 --> 00:44:09,920 hear somebody say I'm not going to have a job in two or three 730 00:44:09,920 --> 00:44:14,600 years because this does all the you know, you look at like say 731 00:44:14,600 --> 00:44:19,240 the copilot assistant or the transcriber in the teams 732 00:44:19,240 --> 00:44:21,360 meeting. Now you don't need anybody to 733 00:44:21,360 --> 00:44:24,000 keep notes. In fact, usually the notes that 734 00:44:24,000 --> 00:44:26,480 you're going to get from the teams that you are way better 735 00:44:26,480 --> 00:44:31,800 than a person could keep anyway. So I, I, I mean, I've been 736 00:44:31,800 --> 00:44:36,920 thinking about this a lot and I, I think this boils down to 737 00:44:37,640 --> 00:44:42,000 efficiency, all right there that we are going to make people, 738 00:44:42,000 --> 00:44:46,480 people are going to become much more efficient in what they do 739 00:44:46,960 --> 00:44:51,600 if they have access to these AI agents to essentially do you 740 00:44:51,600 --> 00:44:54,280 know, the repetitive stuff effectively that we've done, 741 00:44:54,560 --> 00:44:57,840 done before. And I'm not saying that AI 742 00:44:57,840 --> 00:45:01,120 agents won't require at least for some period of time, sort of 743 00:45:01,120 --> 00:45:04,720 a human in the loop before we, we're ready to actually just 744 00:45:04,720 --> 00:45:07,280 give them full autonomy. I, I imagine that humans are 745 00:45:07,280 --> 00:45:10,440 going to be in the loop approving things that an AI 746 00:45:10,440 --> 00:45:15,520 agent sort of says, does Axon creates whatever that that'll 747 00:45:15,520 --> 00:45:17,400 exist for a while. So I, you know, that that 748 00:45:17,400 --> 00:45:21,520 doesn't go away, But I, I think people, they just become more 749 00:45:21,520 --> 00:45:24,320 efficient. And I don't think it's any 750 00:45:24,320 --> 00:45:30,840 different to when, you know, the personal computer emerged and 751 00:45:30,840 --> 00:45:34,080 everybody thought the personal computer was going to replace 752 00:45:34,400 --> 00:45:38,600 all sorts of, you know, roles and jobs and stuff like that. 753 00:45:38,600 --> 00:45:43,280 The stenographer, the, you know, the, the typing pool, the, you 754 00:45:43,280 --> 00:45:47,760 know, whatever it might have been, yes, you know, they get 755 00:45:47,760 --> 00:45:50,600 replaced. But I still think there's, you 756 00:45:50,600 --> 00:45:54,080 know, it's not like there's all these people out of work. 757 00:45:54,080 --> 00:45:56,320 People's skills evolved. People learn how to use these 758 00:45:56,320 --> 00:45:58,400 things. They'll become more efficient. 759 00:45:58,400 --> 00:46:03,160 They've got to embrace it and go with the times sort of thing in 760 00:46:03,160 --> 00:46:06,160 that regard. Yeah, I, I feel the same way. 761 00:46:06,160 --> 00:46:10,440 It's like you can't prevent progress, right? 762 00:46:10,440 --> 00:46:13,920 The progress is going to happen. So you have to position yourself 763 00:46:13,920 --> 00:46:16,920 on the right side of it. You don't want to be the person 764 00:46:16,920 --> 00:46:20,080 who's constantly falling behind, like the person who went around 765 00:46:20,080 --> 00:46:23,400 and lit all the street lights before there were Electro 766 00:46:23,400 --> 00:46:26,320 lights. If they they stuck to it and 767 00:46:26,320 --> 00:46:28,200 maybe they were lighting the last few. 768 00:46:28,520 --> 00:46:32,720 Eventually they have new skills for the future. 769 00:46:33,360 --> 00:46:36,600 I'd say, look, you know, this is something that Andre has shared 770 00:46:36,600 --> 00:46:38,120 with me multiple times over the years. 771 00:46:38,120 --> 00:46:43,280 Andre, the CEO of, of King, that organ, you know, capitalism, you 772 00:46:43,280 --> 00:46:48,160 know, and, and you know, and organizations are hyper focused 773 00:46:48,240 --> 00:46:52,480 on that they will find and drive efficiency, you know, constantly 774 00:46:52,480 --> 00:46:55,440 or good organizations will, you know, and capitalism drives 775 00:46:55,440 --> 00:46:57,600 efficiency. Basically everybody's looking to 776 00:46:57,600 --> 00:47:03,400 do things faster, cheaper, better all the time. 777 00:47:03,760 --> 00:47:05,640 All right? And it, it's constantly moving 778 00:47:05,640 --> 00:47:08,000 in that direction, I say, and this is just the most recent 779 00:47:08,000 --> 00:47:09,680 example of it. I think that we're going to see 780 00:47:11,120 --> 00:47:11,800 so. Yeah. 781 00:47:11,800 --> 00:47:16,520 What is your question, Patrick? If you were, if you had a son or 782 00:47:16,520 --> 00:47:23,000 daughter who was in college, what would you tell them to 783 00:47:23,000 --> 00:47:24,960 learn right now? And and don't tell me art 784 00:47:24,960 --> 00:47:27,640 history, because that's cheating. 785 00:47:28,600 --> 00:47:30,600 So yeah, what? You know what's interesting? 786 00:47:30,600 --> 00:47:34,560 I've got like I've asked this, a couple of people have ping as 787 00:47:34,560 --> 00:47:42,160 well. And so it the, the one thing 788 00:47:42,560 --> 00:47:46,840 that none of my kids have gone into which I went into was 789 00:47:46,840 --> 00:47:49,240 computer science. So my kids didn't go into 790 00:47:49,240 --> 00:47:52,240 computer science. One of them is doing pre Med. 791 00:47:53,200 --> 00:47:57,800 My oldest son that graduated, you know, did actually business 792 00:47:57,800 --> 00:48:01,040 and data analytics are my youngest sons doing kind of 793 00:48:01,120 --> 00:48:02,800 business and doesn't really know yet. 794 00:48:03,240 --> 00:48:10,480 So I, I'm actually, you know, to me, honestly, learning the 795 00:48:10,480 --> 00:48:14,160 business side of things gives you the opportunity to 796 00:48:14,160 --> 00:48:17,040 understand how to run a business, how to build a 797 00:48:17,040 --> 00:48:19,800 business, be a little bit more entrepreneurial, all right, 798 00:48:19,800 --> 00:48:21,520 because you understand how businesses function. 799 00:48:21,520 --> 00:48:23,480 And I still think that's going to be necessary. 800 00:48:23,480 --> 00:48:25,800 People who understand how to operate and run a business is 801 00:48:25,800 --> 00:48:27,880 always going to be needed, irrespective of what that 802 00:48:27,880 --> 00:48:30,800 business is. And I think that's just a great 803 00:48:30,800 --> 00:48:35,240 set of skills to have. I, I'm more way more concerned 804 00:48:35,240 --> 00:48:38,120 if I was, you know, about going into computer science now, 805 00:48:38,120 --> 00:48:40,520 because I, I mean, I was a software developer and I wasn't 806 00:48:40,520 --> 00:48:42,960 a very good software developer, perfectly willing to admit it, 807 00:48:43,360 --> 00:48:45,280 all right. And I don't think I would 808 00:48:45,280 --> 00:48:52,160 survive through what it means to be a developer now, given how 809 00:48:52,160 --> 00:48:55,720 much more efficient developers can be made using things like 810 00:48:57,760 --> 00:49:00,080 now what's it called, you know, tow pilot and stuff like that, 811 00:49:00,400 --> 00:49:02,760 that the. If you're a lazy developer, you 812 00:49:02,760 --> 00:49:04,760 could you might be able to get by right? 813 00:49:04,800 --> 00:49:06,280 You figure out all the ways to get. 814 00:49:06,280 --> 00:49:08,000 Yeah, but I, I all. Your work is done by doing 815 00:49:08,000 --> 00:49:10,320 nothing. That's true, but I just think 816 00:49:10,320 --> 00:49:13,520 the number of, I mean, again, efficiency is going to drive 817 00:49:13,520 --> 00:49:16,240 that, you know, developers are going to become more efficient 818 00:49:16,240 --> 00:49:19,080 and therefore we're not going to need as many developers to to, 819 00:49:19,120 --> 00:49:23,160 you know, develop the code. And the other thing is, look, I 820 00:49:23,160 --> 00:49:24,680 mean, what's a developer really doing? 821 00:49:24,680 --> 00:49:29,160 A developer is translating business analyst type 822 00:49:29,160 --> 00:49:33,480 requirements into a language that a machine understands. 823 00:49:34,240 --> 00:49:38,440 If I can now just use natural language to tell the machine 824 00:49:38,560 --> 00:49:42,080 what I want to happen, do I really need that post in the 825 00:49:42,080 --> 00:49:45,280 middle that's turning, you know, those requirements into code? 826 00:49:45,560 --> 00:49:49,200 I can just give the machine, you know, I can just give the, you 827 00:49:49,200 --> 00:49:53,520 know, the AI the requirements. So now becomes sort of more a 828 00:49:53,520 --> 00:49:57,400 case of, all right, maybe people should be learning about prompt 829 00:49:57,400 --> 00:50:01,000 engineering and understanding how to actually define these 830 00:50:01,000 --> 00:50:05,560 requirements in a way that the AI can use it to actually build 831 00:50:05,560 --> 00:50:07,480 the applications itself essentially. 832 00:50:08,040 --> 00:50:10,840 So it just becomes a different language you have to learn 833 00:50:10,840 --> 00:50:13,600 essentially to be able to, you know, develop the applications 834 00:50:13,600 --> 00:50:14,480 that people want to. Use. 835 00:50:15,360 --> 00:50:20,080 Yeah, I've been encouraging my son to do the prompt engineering 836 00:50:20,080 --> 00:50:23,960 and really get good at that. He's a little sophomore in a 837 00:50:23,960 --> 00:50:31,320 cybersecurity degree program, and I wouldn't say he's a lot of 838 00:50:31,320 --> 00:50:33,600 a tinkerer. He was a tinkerer. 839 00:50:33,640 --> 00:50:38,000 You know, early in his years he was setting up his own PC for 840 00:50:38,000 --> 00:50:42,480 doing video games and trying to figure out how to, you know, get 841 00:50:42,480 --> 00:50:46,200 the fancy sorting in his game without actually doing the work. 842 00:50:46,200 --> 00:50:51,960 So, but I would love to see him tinker with getting the open 843 00:50:51,960 --> 00:50:56,520 source code and seeing what he could do, seeing what kind of 844 00:50:56,520 --> 00:51:00,960 data sources he could plug it into and figure out how it 845 00:51:00,960 --> 00:51:05,240 works, because I think that's the skill that businesses are 846 00:51:05,240 --> 00:51:08,400 going to be very hungry for. Yeah, absolutely. 847 00:51:08,960 --> 00:51:10,960 And I don't think that, you know, I talked to him about, 848 00:51:10,960 --> 00:51:13,440 like, are they teaching you this in school? 849 00:51:13,440 --> 00:51:16,120 And he's like, no. And I believe him because I, I 850 00:51:16,120 --> 00:51:20,280 remember going out in his when he was, you know, looking for 851 00:51:20,280 --> 00:51:26,760 colleges and asking questions about things such as that, such 852 00:51:26,760 --> 00:51:31,160 as cloud computing. And it's like these professors, 853 00:51:31,160 --> 00:51:35,280 they were behind where we are even in, in the business world. 854 00:51:35,280 --> 00:51:38,360 And I was like, man, oh man, I can't believe you guys aren't 855 00:51:38,360 --> 00:51:40,000 like on the cutting edge of this stuff. 856 00:51:40,240 --> 00:51:42,200 Maybe it's just the schools we were looking at. 857 00:51:42,200 --> 00:51:45,040 I don't know. Yeah, that's a problem, I agree. 858 00:51:45,560 --> 00:51:49,320 But yes, I think, you know, learning and understanding how 859 00:51:49,320 --> 00:51:52,640 to translate, you know, so, and this gets back to the business 860 00:51:52,640 --> 00:51:54,160 side of things. It's like being able to 861 00:51:54,160 --> 00:51:57,240 translate the business requirements instead of actually 862 00:51:57,240 --> 00:52:01,040 into code as we know it, But into, you know, to to to 863 00:52:01,040 --> 00:52:03,400 basically tell an AI what it what you need. 864 00:52:03,440 --> 00:52:05,680 I think is the where this evolves to over time 865 00:52:06,120 --> 00:52:08,240 essentially. There'll still be need for 866 00:52:08,240 --> 00:52:13,200 hardcore developers obviously, but I just think a lot of 867 00:52:13,200 --> 00:52:15,920 organizations aren't going to need as many of them you know 868 00:52:16,440 --> 00:52:17,880 it'll be. It'll look very different in 10 869 00:52:17,880 --> 00:52:21,560 years time as an example. Oh yeah, for sure. 870 00:52:21,560 --> 00:52:23,920 Patrick, you've been super generous of your time. 871 00:52:23,920 --> 00:52:25,960 We had a great conversation today. 872 00:52:26,760 --> 00:52:30,400 I know you're out there on LinkedIn, so I sent you an 873 00:52:30,400 --> 00:52:32,760 invite to get connected. I don't know how you are 874 00:52:32,760 --> 00:52:36,760 connected given you're on the show before, but I'm sure other 875 00:52:36,760 --> 00:52:38,960 people after the show will be sending you invites. 876 00:52:39,280 --> 00:52:42,560 I already get a number of invites per day and I love it. 877 00:52:42,640 --> 00:52:45,520 I want to talk to all of our listeners and get to know you 878 00:52:45,520 --> 00:52:48,680 all. And a great way to get to know 879 00:52:48,680 --> 00:52:51,800 people is through the conferences mention we've got 880 00:52:51,800 --> 00:52:56,080 discount codes for EIC and Identiver, so please make sure 881 00:52:56,080 --> 00:52:59,320 to take advantage of those. And Patrick, I'd like to go out 882 00:52:59,320 --> 00:53:02,200 today with a a lighter note question. 883 00:53:02,440 --> 00:53:07,600 Given those two conferences, EIC in Berlin and Identiverse in 884 00:53:07,600 --> 00:53:13,320 Vegas, what are your tips for each of those to do's for 885 00:53:13,880 --> 00:53:16,400 whether it's a first time conference goer or maybe 886 00:53:16,400 --> 00:53:18,920 somebody's been there a few times, they've got any like 887 00:53:19,360 --> 00:53:21,880 secret Nuggets for each one of those? 888 00:53:23,240 --> 00:53:26,920 I, I've spent a lot more time at, at Anniversa over the years 889 00:53:26,920 --> 00:53:29,320 than EIC, so I'll sort of focus on that. 890 00:53:31,440 --> 00:53:35,360 It's, it's honestly you, you got to get it outside your comfort 891 00:53:35,360 --> 00:53:40,120 zone and just engage and talk to people and you know, you know, 892 00:53:40,240 --> 00:53:43,400 at whether it's at, you know, might be a lunch or a breakfast, 893 00:53:43,440 --> 00:53:45,800 you know, sit down at a table where you don't know anybody, 894 00:53:46,160 --> 00:53:49,040 start talking to people. Everybody starts in the same 895 00:53:49,040 --> 00:53:51,960 situation where, you know, they don't know a lot of people in 896 00:53:51,960 --> 00:53:53,560 the community. But I've always found the 897 00:53:53,560 --> 00:53:58,480 identity community to be very open and embracing of new people 898 00:54:00,040 --> 00:54:03,600 and old timers essentially. So you know, that to me is, is 899 00:54:03,600 --> 00:54:06,320 the key here. You know, everybody, everybody 900 00:54:06,320 --> 00:54:10,120 was in your place at some point in their career and felt the 901 00:54:10,120 --> 00:54:12,520 same way. So, you know, don't be afraid 902 00:54:12,520 --> 00:54:15,360 just to open up and reach out and ask questions and introduce 903 00:54:15,360 --> 00:54:17,840 yourself and stuff like that. Essentially is the is the key. 904 00:54:17,840 --> 00:54:21,920 The same thing applies in the EIC as well with with Martin and 905 00:54:21,920 --> 00:54:24,440 those guys too. So, you know, I would say the 906 00:54:24,440 --> 00:54:27,680 same thing there as well. Yeah, this seemed to be my first 907 00:54:27,680 --> 00:54:30,600 time in the EIC. I've been to Germany before, but 908 00:54:30,600 --> 00:54:35,160 never Berlin. I hear that, you know, it's a 909 00:54:35,160 --> 00:54:38,000 very lively city. Of course, there's a lot of 910 00:54:38,000 --> 00:54:42,120 history there, a lot of places to check out like the Berlin 911 00:54:42,120 --> 00:54:45,520 Wall and you know, I mean, heck, I'm not going to do as good of a 912 00:54:45,520 --> 00:54:47,160 job. If you're interested in looking 913 00:54:47,160 --> 00:54:52,200 for sites to see YouTube, Google, there's tons of 914 00:54:52,200 --> 00:54:57,080 information out there. I have actually been to Las 915 00:54:57,080 --> 00:55:05,280 Vegas probably 20 or more times. I my biggest pro tip is to pace 916 00:55:05,280 --> 00:55:07,760 yourself. I mean, especially if you're 917 00:55:07,760 --> 00:55:10,800 somebody who likes to have a good time, you get to Vegas. 918 00:55:10,920 --> 00:55:13,440 If it's your first time in Vegas and all those lights are on and 919 00:55:13,760 --> 00:55:17,880 you go into, you know, go through the casino, they just 920 00:55:17,880 --> 00:55:21,080 have a way with all the bells and the lights and they pump 921 00:55:21,080 --> 00:55:26,080 extra oxygen into the room, makes you feel energized and you 922 00:55:26,080 --> 00:55:30,000 should enjoy that. My recommendation with my my 923 00:55:30,000 --> 00:55:33,800 recommendation with Vegas is don't end up inside for three 924 00:55:33,800 --> 00:55:35,920 days like I have a couple of times. 925 00:55:36,080 --> 00:55:39,040 Get out and get some fresh air in the middle of it if you can, 926 00:55:39,160 --> 00:55:42,200 because you know, I, I've, I've inadvertently spent three days 927 00:55:42,200 --> 00:55:43,960 indoors in Vegas and never saw the sun. 928 00:55:44,200 --> 00:55:47,320 So. Yes, that's that's good advice. 929 00:55:47,360 --> 00:55:51,520 I've I've never done the whole 3 days indoors, even though Jeff 930 00:55:51,520 --> 00:55:53,400 has told me he's done that a few times. 931 00:55:55,720 --> 00:55:59,600 I'm not like a when I was a kid I wanted to be outside around 932 00:55:59,600 --> 00:56:03,280 the clock, but you know, as I've gotten older, found lazier about 933 00:56:03,280 --> 00:56:06,040 it. But I think for a certain amount 934 00:56:06,040 --> 00:56:11,800 of time, I'd just go stir crazy in indoors and and but here. 935 00:56:11,880 --> 00:56:15,480 So my advice is pace yourself. Don't try to have all your fun 936 00:56:15,800 --> 00:56:18,680 fun upfront. You know, a little bit at a 937 00:56:18,680 --> 00:56:20,560 time. There's a lot of like after hour 938 00:56:20,560 --> 00:56:23,720 parties, but that doesn't have mean you have to be out until 939 00:56:23,720 --> 00:56:28,840 midnight every night because the shows you know, take place in 940 00:56:28,840 --> 00:56:31,520 the morning. Get off to a fresh start, have 941 00:56:31,520 --> 00:56:35,320 breakfast, get in there, be mentally aware, engage. 942 00:56:35,800 --> 00:56:41,320 Try also to break away from work for a little bit because yes, I 943 00:56:41,320 --> 00:56:43,480 know, I understand. And I've fallen into this trap 944 00:56:43,480 --> 00:56:46,920 many times over the years where you're right in the middle of 945 00:56:46,920 --> 00:56:49,840 like a hectic project. But if you travel all the way 946 00:56:49,840 --> 00:56:55,040 out from Las Vegas and you go to two, two of the sessions or 947 00:56:55,040 --> 00:56:57,120 something like that, you're really going to regret it. 948 00:56:57,120 --> 00:57:01,280 You've got to try to find a way to get up early, do your call, 949 00:57:01,280 --> 00:57:03,520 maybe save some of the calls till later today. 950 00:57:03,760 --> 00:57:06,720 Maybe take a break in the middle, but make sure you're 951 00:57:06,720 --> 00:57:09,960 going to a number of the sessions otherwise you're going 952 00:57:09,960 --> 00:57:12,520 to end up being disappointed in the end. 953 00:57:12,680 --> 00:57:14,280 Yep, good advice. Yeah. 954 00:57:14,400 --> 00:57:17,760 So that's what I've got for you for this time, Patrick. 955 00:57:17,760 --> 00:57:23,080 Again, thanks for joining us. For everybody out there, find us 956 00:57:23,080 --> 00:57:27,440 on the web idacpodcast.com and our YouTube channel is 957 00:57:27,440 --> 00:57:33,360 idacpodcast.tv. That'll drop you right into our 958 00:57:33,360 --> 00:57:36,760 YouTube. Again, love hearing from 959 00:57:36,760 --> 00:57:39,200 everybody on LinkedIn, so find us there. 960 00:57:39,560 --> 00:57:43,400 And thanks again, Patrick. Until next time, everyone. 961 00:57:43,560 --> 00:57:44,200 Thanks, Jim. Bye. 962 00:57:46,440 --> 00:57:49,440 You've been listening to Identity at the Center. 963 00:57:49,800 --> 00:57:53,920 We hope you've enjoyed the show. Make sure to like, rate and 964 00:57:53,920 --> 00:57:57,520 review, and we'll be back soon. But in the meantime, hit the 965 00:57:57,520 --> 00:58:00,920 website at identity@thecenter.com. 966 00:58:01,560 --> 00:58:05,640 See you next time on Identity at the Center.