1 00:00:00,040 --> 00:00:02,320 One other thing I thought of is that we're probably going to be 2 00:00:02,320 --> 00:00:05,880 podcasting there, so whenever you and I get to a conference 3 00:00:05,880 --> 00:00:09,680 together, we bring all verb recording equipment and try to 4 00:00:09,880 --> 00:00:16,920 get a few episodes in. What happened? 5 00:00:18,920 --> 00:00:20,320 Nothing happened as far as I know. 6 00:00:22,880 --> 00:00:29,240 My monitor just turned off. Sorry guys I don't. 7 00:00:29,240 --> 00:00:31,120 I didn't even move down the inch. 8 00:00:33,480 --> 00:00:34,960 Hashtag just gym things. Oh. 9 00:00:36,160 --> 00:00:39,600 My God. Alright, just Jim's poor 10 00:00:39,800 --> 00:00:45,360 technology. Jim gave up, he walked away. 11 00:00:45,360 --> 00:00:48,960 He's like I'm done, mark this down. 12 00:00:48,960 --> 00:00:51,840 We we made it 5 minutes before we had a gym technical issue. 13 00:00:54,120 --> 00:00:58,280 Well, I am back, so where was I? I'll start. 14 00:00:58,320 --> 00:01:02,960 Over. I don't remember where I about 15 00:01:02,960 --> 00:01:05,480 where I was I guess. It was too close to the mic. 16 00:01:05,480 --> 00:01:09,400 You keep bouncing around. Yeah, my my screen is kind of 17 00:01:09,400 --> 00:01:12,800 flickering, so hopefully I got everything set up here. 18 00:01:18,600 --> 00:01:23,400 This is identity at the center. If it has anything to do with 19 00:01:23,560 --> 00:01:30,960 IAM, this is the go to podcast now your hosts Jim McDonald and 20 00:01:30,960 --> 00:01:39,000 Jeff Steadman. Welcome to the Identity the 21 00:01:39,000 --> 00:01:41,160 Center Podcast. I'm Jeff, and that's Jim. 22 00:01:41,160 --> 00:01:43,600 Hey, Jim. Hey, Jeff, how are you? 23 00:01:44,320 --> 00:01:47,360 Oh, not so bad yourself. Doing great man. 24 00:01:47,360 --> 00:01:50,880 It's definitely summer here in Georgia. 25 00:01:50,880 --> 00:01:56,960 It was about 100°F the other day or yesterday and man, I'm 26 00:01:56,960 --> 00:02:00,120 feeling it. But fortunately I work in an air 27 00:02:00,120 --> 00:02:03,840 conditioned building and you know, I, I'm feeling it when I'm 28 00:02:03,840 --> 00:02:06,400 outside and that's for 10 minutes. 29 00:02:06,400 --> 00:02:10,600 First as I run to my truck that is also air conditioned and then 30 00:02:10,600 --> 00:02:12,880 I go to drive through windows and I can feel the air 31 00:02:12,880 --> 00:02:15,480 conditioning emanating from those buildings. 32 00:02:15,480 --> 00:02:19,640 So I I can't complain too much. That's kind of how I feel about 33 00:02:19,640 --> 00:02:23,160 like winter is I work. When I lived in a wintry area 34 00:02:23,160 --> 00:02:25,560 like Chicago, it was, well, I'm inside where the heat is and 35 00:02:25,560 --> 00:02:27,920 then I'm in my car where the heat is, and then I'm walking 36 00:02:27,920 --> 00:02:30,280 outside to somewhere and then I'm somewhere where the heat is. 37 00:02:30,280 --> 00:02:32,520 So same thing. But yes, definitely hot. 38 00:02:33,280 --> 00:02:37,160 I'm in Minnesota today, so another week on the road for me. 39 00:02:37,160 --> 00:02:41,200 But we'll see how hotel Wi-Fi holds up for this episode. 40 00:02:41,200 --> 00:02:43,840 But so far so good. Not quite as hot here. 41 00:02:44,120 --> 00:02:47,640 My watch says it's 69° here in Minnesota. 42 00:02:47,680 --> 00:02:50,960 So nice. Yeah, that's definitely not too 43 00:02:50,960 --> 00:02:53,160 bad. And by the way, Father's Day 44 00:02:53,160 --> 00:02:56,920 just passed here in the US and I've received a pretty awesome 45 00:02:56,920 --> 00:03:03,320 award, Greatest Dad of all time. It it's great because I also got 46 00:03:03,320 --> 00:03:08,560 a commemorative notebook which has all of my past awards #1 47 00:03:08,560 --> 00:03:14,120 Dad, Best dad ever. That's pretty much it. 48 00:03:14,120 --> 00:03:17,480 I mean #1 dad and best dad ever, and now the greatest dad of all 49 00:03:17,480 --> 00:03:19,560 time. I think that's the trifecta. 50 00:03:19,560 --> 00:03:23,280 What do you think? Well, I'm not a dad, so I'm, I'm 51 00:03:23,480 --> 00:03:25,320 feel bad for all the other dads who thought that they were 52 00:03:25,320 --> 00:03:26,640 number one. I guess. 53 00:03:26,640 --> 00:03:28,720 What are they? Are those like, you know, fake 54 00:03:28,720 --> 00:03:32,720 news, false, false prizes? Their kids are lying to them. 55 00:03:32,720 --> 00:03:35,400 I mean, which one of those poisons do you want to pick? 56 00:03:36,320 --> 00:03:38,560 I think so. I think they've, they've been 57 00:03:38,560 --> 00:03:42,320 buying the coffee mugs as a number one dad and giving it to 58 00:03:42,320 --> 00:03:44,240 their dad. And really, they should have 59 00:03:44,240 --> 00:03:47,520 been giving it to me. Apparently I am the greatest dad 60 00:03:47,520 --> 00:03:50,160 of all time. Oh well, congratulations on your 61 00:03:50,160 --> 00:03:50,840 major. Award. 62 00:03:53,680 --> 00:03:56,480 Thank you, Sir. All right, what else do we have 63 00:03:56,480 --> 00:03:57,840 going on? We, we forgot to mention last 64 00:03:57,840 --> 00:04:00,520 week, but we're definitely gonna beat Identity Week coming up 65 00:04:00,520 --> 00:04:01,800 later this year. Identity Week. 66 00:04:01,800 --> 00:04:03,800 Europe has already passed by the time people listen to this. 67 00:04:03,800 --> 00:04:07,880 But we do have discount code for both America, which is in 68 00:04:07,880 --> 00:04:09,800 Washington, DC, September 11th and 12th. 69 00:04:10,280 --> 00:04:14,000 IDAC 30 gets you 30% off of your registration. 70 00:04:14,000 --> 00:04:17,360 And that code is also good for Singapore, which is October 22nd 71 00:04:17,360 --> 00:04:19,040 and 23rd. Jim, you and I are going to be 72 00:04:19,480 --> 00:04:23,720 in DC September 11th and 12th. We're going to start to work on 73 00:04:23,720 --> 00:04:25,960 plans in that probably the next, you know, few weeks here, but 74 00:04:25,960 --> 00:04:28,080 hoping to see some, some friendly faces there. 75 00:04:28,080 --> 00:04:30,200 What do you think about DC and Identity Week? 76 00:04:31,320 --> 00:04:35,720 Well, I think it's going to be hot as heck in DC at that time. 77 00:04:35,800 --> 00:04:37,120 Oh wait, you're going to be inside. 78 00:04:37,240 --> 00:04:39,400 Probably be. It'll be perfect weather. 79 00:04:40,120 --> 00:04:42,880 I love DC. There's a few things I really 80 00:04:42,880 --> 00:04:44,920 love about it. One is a sandwich shop called 81 00:04:44,920 --> 00:04:48,000 Potbelly's, which I think is in a lot of places, but it's not in 82 00:04:48,000 --> 00:04:49,800 the Southeast. It's a. 83 00:04:49,800 --> 00:04:52,280 Chain a small little place like McDonald's. 84 00:04:53,600 --> 00:04:58,360 Well no no like McDonald's is everywhere and Potbelly's is not 85 00:04:58,360 --> 00:05:02,560 here and I love it. I I would eat there at least 86 00:05:02,560 --> 00:05:06,840 every week if I lived there. Also the museums are pretty 87 00:05:06,840 --> 00:05:09,160 awesome. Last time I was there, I went to 88 00:05:09,160 --> 00:05:11,280 the Holocaust Museum, which is free. 89 00:05:11,600 --> 00:05:14,960 And man, it's like, it's pretty somber. 90 00:05:14,960 --> 00:05:18,080 But I think it's an experience everybody should go through. 91 00:05:19,240 --> 00:05:22,880 And then I just feel like, you know, when you're in DC, like 92 00:05:22,920 --> 00:05:24,840 there, you know, there's so much going on. 93 00:05:24,840 --> 00:05:27,480 So, yeah, I'm really looking forward to it. 94 00:05:27,480 --> 00:05:29,640 Plus, I think the conference is going to be awesome. 95 00:05:29,960 --> 00:05:33,120 I mean, you know, you've been there before you told me about 96 00:05:33,120 --> 00:05:35,600 it. It sounds like it's becoming one 97 00:05:35,600 --> 00:05:39,800 of the conferences people have got to get to and and give it a 98 00:05:39,800 --> 00:05:42,120 shot. Yeah, definitely. 99 00:05:42,120 --> 00:05:43,560 I think it comes at a good time of the year too. 100 00:05:43,560 --> 00:05:47,360 It's kind of a lull in between like Adeniverse, which just took 101 00:05:47,360 --> 00:05:49,920 place a couple weeks ago and then like Gardner, which is 102 00:05:49,920 --> 00:05:52,280 later in the year. So I think it's really good kind 103 00:05:52,280 --> 00:05:54,800 of opportune timing. So yeah, hopefully see lots of 104 00:05:54,800 --> 00:05:57,080 people there that we know. I know last year there was quite 105 00:05:57,080 --> 00:05:58,960 a few people there was like, wow, OK, there's some, there's 106 00:05:58,960 --> 00:06:02,680 some names at this conference. So I'm expecting, you know, 107 00:06:02,680 --> 00:06:05,520 similar and or better turn out for this year as well. 108 00:06:05,520 --> 00:06:08,120 So that's kind of exciting, but hopefully people take advantage 109 00:06:08,120 --> 00:06:09,560 of that. That code's a good way to show 110 00:06:09,800 --> 00:06:11,560 support for us. We'll have link in our show 111 00:06:11,560 --> 00:06:13,480 notes so people can can use that as well. 112 00:06:13,480 --> 00:06:15,880 I'm looking forward to the conference in terms of, you 113 00:06:15,880 --> 00:06:18,920 know, hopefully we can record a few episodes. 114 00:06:19,720 --> 00:06:22,240 And while we're there, I mean, whenever we go to conferences, 115 00:06:22,520 --> 00:06:25,480 bring all of our recording equipment, try to record a few 116 00:06:25,480 --> 00:06:29,040 episodes, put out some more additional content for the 117 00:06:29,040 --> 00:06:31,200 listeners. And I think people appreciate it 118 00:06:31,200 --> 00:06:33,840 because one of the things I noticed is that most of the 119 00:06:33,840 --> 00:06:37,040 episodes get a lot of views, get a lot of downloads. 120 00:06:37,040 --> 00:06:40,320 So we'll keep doing it unless, you know, we hear from people 121 00:06:40,320 --> 00:06:42,840 that it's too much, it's too much, dial it back. 122 00:06:43,560 --> 00:06:45,160 It's never too much. You can never have enough 123 00:06:45,160 --> 00:06:48,120 identity center in your life. So we're just going to keep 124 00:06:48,120 --> 00:06:50,760 doing it. We don't do it for you. 125 00:06:50,760 --> 00:06:51,800 We do it 'cause we like to do it. 126 00:06:51,800 --> 00:06:53,320 No, I'm just kidding. We do it for you too. 127 00:06:53,720 --> 00:06:56,920 That's why we started, though. We started out just doing it 128 00:06:56,920 --> 00:06:58,120 because we like doing it because. 129 00:06:58,400 --> 00:07:00,160 I mean, we're going to keep doing it as long as we keep like 130 00:07:00,440 --> 00:07:02,200 keep liking to do it and we do. So that's good. 131 00:07:02,760 --> 00:07:05,160 All right, let's get going with the show. 132 00:07:05,200 --> 00:07:08,880 Let's talk about Bubbles vaguely cryptic topic. 133 00:07:09,320 --> 00:07:11,880 We've got Justin Richer. He's security and standards 134 00:07:11,880 --> 00:07:13,960 architect and founder of Bespoke Engineering. 135 00:07:13,960 --> 00:07:15,920 Joining us again. Welcome back to the show, 136 00:07:16,040 --> 00:07:17,960 Justin. Hi, Jeff. 137 00:07:17,960 --> 00:07:19,520 Hi, Jim. Thank you guys for having me 138 00:07:19,520 --> 00:07:21,880 back on. Yeah, thanks for taking the 139 00:07:21,880 --> 00:07:23,960 time. It's been about a year since you 140 00:07:23,960 --> 00:07:26,040 were with us. You've already given us your 141 00:07:26,040 --> 00:07:29,080 origin story. That was back in episode 222. 142 00:07:29,160 --> 00:07:33,120 We're on episode 291 now, so we'll point people back if 143 00:07:33,120 --> 00:07:34,600 people want to learn more about your background. 144 00:07:34,600 --> 00:07:37,280 But let's talk about the past year. 145 00:07:38,280 --> 00:07:40,040 How's your year been, what you've been up to? 146 00:07:40,040 --> 00:07:43,440 Anything new and exciting? Oh man, it's, it's been a busy 147 00:07:43,440 --> 00:07:46,160 year. So we had the GANAP protocol is 148 00:07:46,160 --> 00:07:48,600 now with the with the RFC editor. 149 00:07:48,880 --> 00:07:53,120 So that'll be becoming a, a final RFC soon. 150 00:07:53,200 --> 00:07:55,760 It still takes a while even when it's at that stage, but 151 00:07:56,320 --> 00:07:59,480 hopefully soon. We had HTTP message signatures, 152 00:07:59,480 --> 00:08:01,840 which is another draft that I've been working on for a few years 153 00:08:01,920 --> 00:08:08,440 that is now an RFCR FC9421. And so that's exciting to go to 154 00:08:08,440 --> 00:08:12,120 see go through. And then also in the ITF, we 155 00:08:12,120 --> 00:08:15,360 have spun up the workload identity in Multi System 156 00:08:15,360 --> 00:08:20,720 environments or Whimsy working group and that is new work and 157 00:08:20,720 --> 00:08:23,320 I'm helping Co chair that at the ITF. 158 00:08:23,320 --> 00:08:28,000 And that we've just gotten that started really within the last 159 00:08:28,000 --> 00:08:31,960 year, which is absolutely breakneck speed by ITF standards 160 00:08:31,960 --> 00:08:34,520 to get a new working group up and running in that time. 161 00:08:35,840 --> 00:08:40,600 That is pretty quick and and you've got a great acronym, 162 00:08:40,600 --> 00:08:43,400 Whimsy, which is awesome. It's right up there with Cheeto 163 00:08:43,400 --> 00:08:47,800 for Chief Identity Officer. I I can't I can't take credit 164 00:08:47,800 --> 00:08:51,400 for whimsy. We, we originally tried to do 165 00:08:51,400 --> 00:08:54,480 workload identity in distributed environments or wide. 166 00:08:54,760 --> 00:08:58,440 And it turns out that there is a, there's already a, a project 167 00:08:58,880 --> 00:09:01,800 named that. So they wouldn't let us have 168 00:09:01,800 --> 00:09:04,680 that. But the security AD came up with 169 00:09:04,840 --> 00:09:08,760 whimsy when brainstorming with, with a few of the folks that 170 00:09:08,760 --> 00:09:11,360 were proposing it. So and I, I absolutely love it. 171 00:09:11,600 --> 00:09:15,400 It's give nerds enough rope and we will like we will come up 172 00:09:15,400 --> 00:09:19,080 with the most ridiculous set of acronyms that you can possibly 173 00:09:19,600 --> 00:09:22,160 possibly use. Yeah, but you know what? 174 00:09:22,160 --> 00:09:24,640 It's all about marketing, right? If you, you have to have a good 175 00:09:24,640 --> 00:09:28,040 name for your thing, otherwise they'll never get traction. 176 00:09:28,240 --> 00:09:31,040 And Whimsy's a great name. I, I, we're gonna, I wanna dig 177 00:09:31,040 --> 00:09:33,040 into that more 'cause there's another one that you were 178 00:09:33,040 --> 00:09:35,360 mentioning before we hit record called Spiffy, which is even 179 00:09:35,360 --> 00:09:38,480 awesomer. So it's like between Spiffy and 180 00:09:38,480 --> 00:09:41,840 Whimsy and Cheeto. And I'm sure there's other ones 181 00:09:41,840 --> 00:09:44,040 out there. Oh yeah, Spice is just starting 182 00:09:44,040 --> 00:09:46,560 up too. So, you know, that's a lot, lot 183 00:09:46,600 --> 00:09:50,280 of lot of good stuff. And yeah, naming things is 184 00:09:50,320 --> 00:09:52,120 worth. We're gonna get to that in a 185 00:09:52,120 --> 00:09:53,440 second. I wanna ask you about 186 00:09:53,440 --> 00:09:55,120 Identiverse 'cause I saw you in the hallway. 187 00:09:55,120 --> 00:09:57,800 We kind of chatted for a couple minutes there while I think, I 188 00:09:57,800 --> 00:10:00,880 think I was coming from a recording and walking somewhere 189 00:10:00,880 --> 00:10:03,320 and you were sitting in a chair holding court as as you do. 190 00:10:03,800 --> 00:10:05,280 What did you think of the conference this year? 191 00:10:06,240 --> 00:10:09,000 Any thoughts? Overall it was good. 192 00:10:09,000 --> 00:10:11,640 Honestly most of my time I got pulled into hallway 193 00:10:11,640 --> 00:10:14,880 conversations this year it was it was a hallway con for me. 194 00:10:15,600 --> 00:10:19,680 Just a lot of good conversations with people that are working on 195 00:10:20,040 --> 00:10:23,160 lots of interesting stuff. The the big topics this year 196 00:10:23,160 --> 00:10:25,320 really seem to be like authorization. 197 00:10:25,560 --> 00:10:29,600 Absolutely a big topic this year that's really kind of coming out 198 00:10:29,600 --> 00:10:32,440 into its own. All the workload stuff like for 199 00:10:32,440 --> 00:10:35,040 example, like we're doing with whimsy that showed up in a bunch 200 00:10:35,040 --> 00:10:37,800 of different spaces. And so that was that was really 201 00:10:37,800 --> 00:10:40,640 good to see. And it's interesting seeing all 202 00:10:40,640 --> 00:10:45,760 of this stuff happen in, in a world where like O auth and open 203 00:10:45,760 --> 00:10:49,320 ID connect stuff that I helped like define and and build. 204 00:10:49,360 --> 00:10:51,840 It's not the new stuff anymore, right? 205 00:10:51,840 --> 00:10:54,160 That's that's the old guard that's been around for over a 206 00:10:54,160 --> 00:10:56,320 decade. Like let's what's, what's next? 207 00:10:56,320 --> 00:10:58,000 What are we? What are we building on now? 208 00:10:58,320 --> 00:11:01,320 And to me, that's really exciting to see what the new 209 00:11:01,320 --> 00:11:06,480 takes are on solving not only the same problems, but also like 210 00:11:06,840 --> 00:11:08,960 problems that that stuff just doesn't solve well. 211 00:11:08,960 --> 00:11:10,760 It never, it was never meant to solve well. 212 00:11:11,200 --> 00:11:16,720 And so, yeah, seeing a lot of people working in just, I, I 213 00:11:16,720 --> 00:11:20,600 think we're really seeing a lot of new flourishing ideas in a 214 00:11:20,600 --> 00:11:23,400 lot of different spaces in the identity community right now. 215 00:11:23,480 --> 00:11:27,480 And most of them are probably going to end up being bad ideas. 216 00:11:27,680 --> 00:11:29,240 We don't know which ones those are yet. 217 00:11:29,520 --> 00:11:33,120 And I, I think we'll see some really, really cool stuff 218 00:11:33,120 --> 00:11:34,800 landing over the next couple of years. 219 00:11:36,160 --> 00:11:38,840 That's a good perspective. And I think a lot of the things 220 00:11:38,840 --> 00:11:42,720 that you talked about with, you know, the whimsy, the swiffy, it 221 00:11:42,720 --> 00:11:46,680 all is going to tie into this concept of federation bubbles. 222 00:11:47,000 --> 00:11:49,040 You're going to kind of educate us on today. 223 00:11:49,040 --> 00:11:51,600 But you start at the most simple level. 224 00:11:51,920 --> 00:11:56,400 What is the use case that the federation bubbles concept is 225 00:11:56,400 --> 00:12:01,080 meant to solve and kind of how how did you stumble into this 226 00:12:01,080 --> 00:12:04,520 And you know, tell us the give us the background. 227 00:12:05,120 --> 00:12:08,840 Yeah, of course. So the whole concept I'll, I'll 228 00:12:08,840 --> 00:12:12,280 start with like what an idea of a bubble is and then it'll make 229 00:12:12,280 --> 00:12:14,440 sense of a little bit more of where it fits. 230 00:12:15,040 --> 00:12:18,720 The idea of a bubble is that you have a network of systems 231 00:12:18,720 --> 00:12:22,400 wherein everything is just kind of self-contained. 232 00:12:22,640 --> 00:12:25,440 So you have accounts that work, applications that work, 233 00:12:25,440 --> 00:12:28,720 authorizations, all of that. And then you have controls about 234 00:12:28,720 --> 00:12:33,040 how stuff gets into that system and how stuff gets out of that 235 00:12:33,040 --> 00:12:34,920 system. So how I provision accounts in 236 00:12:34,920 --> 00:12:37,640 and how I can use that as a launching point to provision 237 00:12:37,640 --> 00:12:42,880 stuff outbound. Now where this really ends up 238 00:12:42,880 --> 00:12:46,160 being pretty useful is places where you have disadvantaged 239 00:12:46,160 --> 00:12:50,360 environments. So you have systems where you 240 00:12:50,360 --> 00:12:53,640 might lose network connectivity. One of the places that. 241 00:12:53,640 --> 00:12:56,200 So I've been working with Uber Ether on this project for about 242 00:12:56,200 --> 00:13:00,080 the last year or so and they do a lot of Department of Defense 243 00:13:00,080 --> 00:13:01,880 and sort of forward deployed type of stuff. 244 00:13:02,360 --> 00:13:04,640 This is cases where you literally have a bunch of people 245 00:13:04,640 --> 00:13:08,000 on a boat and then that's going to go sail off and you're going 246 00:13:08,000 --> 00:13:10,840 to be outside of satellite coverage, outside of 247 00:13:10,840 --> 00:13:13,480 connectivity range. Or even when you do have 248 00:13:13,480 --> 00:13:17,200 coverage, the latency is so high that traditional federation 249 00:13:17,200 --> 00:13:20,800 concepts and protocols just don't really don't really work 250 00:13:20,800 --> 00:13:22,880 anymore. Like bouncing somebody back to 251 00:13:22,880 --> 00:13:26,320 their home IDP back on their, you know, their base or back at, 252 00:13:27,360 --> 00:13:30,960 you know, DoD somewhere is not not really going to work because 253 00:13:31,320 --> 00:13:34,280 it's going to time out before it ever it ever returns. 254 00:13:34,280 --> 00:13:39,320 And so you need to have a system that works within this sort of 255 00:13:39,960 --> 00:13:41,960 sometimes disconnected environment. 256 00:13:42,720 --> 00:13:45,040 The other thing that got me really interested in this is 257 00:13:45,040 --> 00:13:48,720 that years and years ago, you know, several, several jobs ago, 258 00:13:49,520 --> 00:13:53,240 I was working at a company called Mitre and we were doing a 259 00:13:53,240 --> 00:13:56,720 lot of rural search and rescue work at the time. 260 00:13:56,720 --> 00:14:01,360 I was doing interface design for unmanned aerial vehicles, 261 00:14:01,760 --> 00:14:03,240 drones, we would call them today. 262 00:14:03,600 --> 00:14:09,200 And one of the things that we found in that environments is 263 00:14:09,200 --> 00:14:13,120 that we would go work with these groups that you got a whole 264 00:14:13,120 --> 00:14:17,040 bunch of people that just kind of show up to help with a rescue 265 00:14:17,040 --> 00:14:19,080 operation or help with disaster recovery. 266 00:14:19,400 --> 00:14:23,720 And you might not be able to identity proof these people. 267 00:14:23,720 --> 00:14:26,800 You might not be able to tie them back to anything in 268 00:14:26,800 --> 00:14:29,160 particular. But you know what, you're here, 269 00:14:29,160 --> 00:14:31,000 you can hold a shovel, that's good enough. 270 00:14:31,000 --> 00:14:36,320 Here you go. And we really felt that in going 271 00:14:36,320 --> 00:14:40,160 into this bubbles project, we really need felt that we need to 272 00:14:40,160 --> 00:14:43,200 be able to extend that into the digital space. 273 00:14:43,680 --> 00:14:46,720 Like you're showing up in the fact that we are together in 274 00:14:46,720 --> 00:14:51,320 this same space means that like I trust you enough for right now 275 00:14:51,920 --> 00:14:56,760 to do something. And that trust didn't come 276 00:14:56,760 --> 00:15:00,920 provisioned from some central system that said, Oh yeah, you 277 00:15:00,920 --> 00:15:04,200 know, you're, you're down here in this in the same area that 278 00:15:04,200 --> 00:15:05,400 this other person is going to be. 279 00:15:05,400 --> 00:15:08,360 And so you can work together and here's all of your policies and 280 00:15:08,360 --> 00:15:09,880 here's all of your accounts and all of that. 281 00:15:09,880 --> 00:15:13,800 It's like, no, we just showed up and we might not have even known 282 00:15:13,800 --> 00:15:16,880 that each other was going to be there and we're going to figure 283 00:15:16,880 --> 00:15:20,480 out how to connect. The thing is we do this type of 284 00:15:20,480 --> 00:15:22,360 dynamic connection all the time today. 285 00:15:22,360 --> 00:15:25,920 But the way that we do it is that people show up and we just 286 00:15:25,920 --> 00:15:28,080 hand them a username and password on a sticky note and 287 00:15:28,080 --> 00:15:31,320 say, Hey, this is your account. And and we're going to burn that 288 00:15:31,320 --> 00:15:35,720 account when when you leave or when we remember at some point, 289 00:15:35,800 --> 00:15:40,200 hopefully in the future. And The thing is like, we're 290 00:15:40,200 --> 00:15:43,440 doing that same type of thing for people that we've that just 291 00:15:43,600 --> 00:15:45,840 rolled up off the street and people that we have a long 292 00:15:45,840 --> 00:15:49,680 standing relationship with. And occasionally people that are 293 00:15:49,680 --> 00:15:53,320 actually are provisioned in our sort of larger environment. 294 00:15:53,320 --> 00:15:54,960 We just don't have the latest updates yet. 295 00:15:55,800 --> 00:15:58,600 So we're treating all of these accounts exactly the same and 296 00:15:58,600 --> 00:16:04,000 they end up all basically in this muddy mess that occurs out 297 00:16:04,000 --> 00:16:06,320 in these sort of edge environments. 298 00:16:06,800 --> 00:16:10,240 And So what we wanted to do with this concept of a bubble is like 299 00:16:10,440 --> 00:16:15,280 embrace that mess and figure out like, what is it actually mean 300 00:16:15,280 --> 00:16:17,280 to work within that type of system? 301 00:16:17,320 --> 00:16:20,520 What are the constraints here that we need to to work with? 302 00:16:20,920 --> 00:16:24,680 But also on a very practical level, what does it mean to 303 00:16:25,200 --> 00:16:28,080 onboard somebody into that from a trusted domain, from an 304 00:16:28,080 --> 00:16:30,520 untrusted domain, from no domain at all? 305 00:16:30,880 --> 00:16:35,000 And what does that look like within these systems once we 306 00:16:35,000 --> 00:16:36,640 actually get all of those tied together? 307 00:16:37,960 --> 00:16:40,600 So it's the idea here to have like this, I don't know, 308 00:16:40,720 --> 00:16:43,680 serendipitous. I am force field that sort of 309 00:16:43,680 --> 00:16:48,920 gets erected for a short time. Is it something that's a little 310 00:16:48,920 --> 00:16:53,840 more permanent maybe based on location or use case? 311 00:16:53,840 --> 00:16:56,720 Like help me understand, like how these little bubbles, is it 312 00:16:56,720 --> 00:16:58,920 one bubble or are these bubbles connected in some way? 313 00:16:59,600 --> 00:17:01,280 Oh, there's many, many, many bubbles. 314 00:17:01,280 --> 00:17:07,280 So the idea is that we want to really draw the perimeter down 315 00:17:07,400 --> 00:17:12,440 as far as we can, and so that when we have one of these groups 316 00:17:12,440 --> 00:17:17,000 that's going out into the field, we create a bubble for that. 317 00:17:17,240 --> 00:17:20,280 And we provision into that bubble all the stuff that we 318 00:17:20,280 --> 00:17:22,760 know ahead of time. It's like we might have 20 319 00:17:22,760 --> 00:17:25,119 accounts that we know are supposed to be in there. 320 00:17:25,119 --> 00:17:28,119 So we can drop those in there, We can drop default policies, we 321 00:17:28,119 --> 00:17:32,560 can drop all sorts of stuff into that, create this entity and 322 00:17:32,560 --> 00:17:34,920 then send it off. Now, what's important here is 323 00:17:34,920 --> 00:17:39,440 that this creates its own separate entity and managed 324 00:17:39,440 --> 00:17:42,640 space, because a lot of people that are listening right now are 325 00:17:42,640 --> 00:17:46,120 probably thinking, oh, OK, what we're talking about is I have an 326 00:17:46,120 --> 00:17:49,400 IDPI, have a user data store. I'm going to create a Shard. 327 00:17:49,840 --> 00:17:52,960 I'm going to just Shard my ID system. 328 00:17:53,240 --> 00:17:55,960 And you get a copy and you get a copy and you get a copy. 329 00:17:55,960 --> 00:17:59,760 And then eventually we just need to reach some sort of consensus 330 00:17:59,760 --> 00:18:02,760 mechanism about any updates and then it'll all be fine. 331 00:18:02,760 --> 00:18:04,480 It's a, it's a synchronization problem. 332 00:18:05,120 --> 00:18:07,960 But what we found is that that doesn't take into account the 333 00:18:07,960 --> 00:18:10,760 type of dynamism that you actually see out in the field 334 00:18:11,200 --> 00:18:14,000 where you've got people coming and going. 335 00:18:14,000 --> 00:18:17,360 You've got people making these real runtime decisions. 336 00:18:17,360 --> 00:18:21,760 That it's not that I don't have the latest policy to address 337 00:18:21,760 --> 00:18:25,200 this, it's that the policies never thought of this. 338 00:18:25,720 --> 00:18:29,640 They couldn't predict this. But I am in a position out on 339 00:18:29,640 --> 00:18:32,360 the edge where I need to make a decision. 340 00:18:33,080 --> 00:18:36,760 And So what happens historically is that This is why people 341 00:18:36,760 --> 00:18:40,240 create admin accounts with the password admin because they just 342 00:18:40,240 --> 00:18:42,640 need to be able to override a couple of things locally just to 343 00:18:42,640 --> 00:18:45,400 get something done because they're out there in the edge 344 00:18:45,400 --> 00:18:48,600 and they need to do something. So, you know, let's go back to 345 00:18:48,600 --> 00:18:50,800 the to the disaster recovery scenario. 346 00:18:51,760 --> 00:18:54,200 You're out there and you've got a bunch of people that show up 347 00:18:54,200 --> 00:18:55,760 out of nowhere and just want to help. 348 00:18:56,560 --> 00:18:59,240 You got a, a group of people that roll up in a pickup truck 349 00:18:59,240 --> 00:19:05,120 and say, Hey, we're electricians and you can say maybe you are, 350 00:19:05,120 --> 00:19:08,120 maybe you aren't. I like nothing is on right now, 351 00:19:08,120 --> 00:19:11,560 so I can't actually check that. But you look like you have 352 00:19:11,560 --> 00:19:14,120 electricians tools and you know what I'm going to assign you to 353 00:19:14,120 --> 00:19:18,440 go, you know, to, to clear out to go clear the wiring on that 354 00:19:18,440 --> 00:19:21,120 block and hand me whatever credentials you have. 355 00:19:21,120 --> 00:19:25,120 And we will clean up the mess later of authorization and 356 00:19:25,120 --> 00:19:27,160 everything else. We will figure this out later 357 00:19:27,160 --> 00:19:29,880 when we actually have the time, because right now it's more 358 00:19:29,880 --> 00:19:35,240 important that we get people who can hopefully go do things out 359 00:19:35,240 --> 00:19:37,280 there and working to try and help us out. 360 00:19:37,880 --> 00:19:42,400 And, and it's the same type of thing that happens in all of 361 00:19:42,400 --> 00:19:44,200 these types of environments that we're looking at. 362 00:19:44,280 --> 00:19:48,920 Like we have some type of local information that wasn't 363 00:19:48,920 --> 00:19:51,200 accounted for that you know what, I'm going to make a 364 00:19:51,200 --> 00:19:57,120 decision right now and I need, I should be able to write down why 365 00:19:57,120 --> 00:20:00,200 I made that decision. What was the provenance of that? 366 00:20:00,200 --> 00:20:02,680 What was the input to that decision making? 367 00:20:03,200 --> 00:20:08,280 And then push that out into some type of auditable log so that 368 00:20:08,280 --> 00:20:12,400 when I do reconnect, it's not just, oh, just give me the new 369 00:20:12,400 --> 00:20:14,520 copy of everything. And that wipes out all of the 370 00:20:14,520 --> 00:20:17,520 local changes that I made. No, it's like, hey, here's the 371 00:20:17,520 --> 00:20:19,480 set of changes that I made, right. 372 00:20:19,480 --> 00:20:22,360 Here's the set of decisions that I made locally. 373 00:20:22,720 --> 00:20:25,640 And maybe some of those are going to be like, oh, wait, 374 00:20:25,640 --> 00:20:28,800 those three guys showed up. Yeah, they don't actually have 375 00:20:28,800 --> 00:20:31,640 journeyman's licenses. So go send a licensed 376 00:20:31,640 --> 00:20:34,800 electrician to check that entire block that we assigned them to, 377 00:20:35,000 --> 00:20:37,240 to make sure that that is actually correct. 378 00:20:37,760 --> 00:20:42,880 Because that is a realistic way to deal with that type of, you 379 00:20:42,880 --> 00:20:46,160 know, breach effectively that we've given somebody access to 380 00:20:46,160 --> 00:20:49,720 somebody to something that they didn't necessarily have the 381 00:20:49,720 --> 00:20:52,640 right to. But given the context, it seemed 382 00:20:52,640 --> 00:20:55,320 like it might have actually been a good idea for us to do that. 383 00:20:57,440 --> 00:21:01,520 So Justin, is Federation bubbles a concept? 384 00:21:01,720 --> 00:21:06,680 Are you working toward it being a standard or is a product or is 385 00:21:06,720 --> 00:21:11,280 it all those things at once? That's a great question, Jim. 386 00:21:12,040 --> 00:21:15,320 So I will say it's not a, it's not a product or a single 387 00:21:15,320 --> 00:21:17,720 standard. I don't think that there is a, 388 00:21:17,720 --> 00:21:21,920 that the solution to this is going to be a single protocol 389 00:21:21,920 --> 00:21:23,640 stack. And I can talk about that more 390 00:21:23,640 --> 00:21:27,800 in a little bit. It's a, it's a proof of concept 391 00:21:28,360 --> 00:21:31,440 that we've been building out in, in different layers and pieces. 392 00:21:31,680 --> 00:21:35,760 So for example, we've got an identity provider just to make 393 00:21:35,760 --> 00:21:39,720 things very concrete, we, we built out an identity provider 394 00:21:39,720 --> 00:21:44,560 that the first time you log in, you give it your identifier. 395 00:21:44,560 --> 00:21:47,120 If it doesn't know you, it goes and figures out where your home 396 00:21:47,120 --> 00:21:50,160 IDP is, does a dynamic connection to that. 397 00:21:50,440 --> 00:21:54,320 You log in from your IDP and then you immediately, 398 00:21:54,320 --> 00:21:56,960 immediately get prompted for a web authent credential. 399 00:21:57,800 --> 00:22:00,720 And then the next time you show up at that same IDP with that 400 00:22:00,720 --> 00:22:04,080 same identifier, you're only prompted for the web authent 401 00:22:04,080 --> 00:22:07,640 credential because we've already gotten all of your attributes 402 00:22:07,640 --> 00:22:09,920 from the IDP. We have already, like we took 403 00:22:09,920 --> 00:22:11,680 that step of validating your account. 404 00:22:12,000 --> 00:22:15,600 All we need to do now is log you in and we have the machinery to 405 00:22:15,600 --> 00:22:18,280 do that locally without having to reach back out across the 406 00:22:18,280 --> 00:22:20,120 network every time. So we do that heavyweight 407 00:22:20,120 --> 00:22:23,840 federation operation as an onboarding exercise and then 408 00:22:23,840 --> 00:22:28,200 from there we are just doing an authentication operation and 409 00:22:28,200 --> 00:22:31,000 there's some fantastic technology that lets us do that 410 00:22:31,000 --> 00:22:34,560 in a way that's secure and you know, user friendly and all of 411 00:22:34,560 --> 00:22:39,840 those good things today. On top of that, we've also built 412 00:22:39,840 --> 00:22:44,600 out with these prototypes at Uber Ether, these trust bundle 413 00:22:44,600 --> 00:22:49,920 domains to allow you to, to address these different systems. 414 00:22:50,440 --> 00:22:53,720 So one of the things I mentioned is that, you know, we think that 415 00:22:53,720 --> 00:22:56,760 there's going to be a lot of different bubbles out there and 416 00:22:56,760 --> 00:22:59,440 they're all going to be sort of coming from different trust 417 00:22:59,440 --> 00:23:02,560 routes and they're not all tied to the same route. 418 00:23:02,840 --> 00:23:07,120 So you've got folks coming in, you know, going back to the, to 419 00:23:07,120 --> 00:23:11,480 the military side, folks coming in from the US, from the UK, 420 00:23:11,480 --> 00:23:16,280 from, from France, some other, some other partners coming in. 421 00:23:16,920 --> 00:23:20,280 They're all going to be having their own trust roots, their own 422 00:23:20,280 --> 00:23:22,040 policy roots, their own account roots. 423 00:23:22,240 --> 00:23:26,080 It's ridiculous for us to assume that they're just going to want 424 00:23:26,080 --> 00:23:29,360 to synchronize everything into our system so that so that ours 425 00:23:29,360 --> 00:23:33,040 work, especially when we are not willing to synchronize our stuff 426 00:23:33,040 --> 00:23:37,160 back out into their systems. And, and it's funny, as soon as 427 00:23:37,160 --> 00:23:40,360 you bring that up as an option with a lot of people in the 428 00:23:40,360 --> 00:23:44,800 space, you get like the looks of shock and horror are like, like, 429 00:23:44,800 --> 00:23:47,120 why would we ever do that? That's a security risk. 430 00:23:47,120 --> 00:23:48,680 That's a privacy risk. We would never do that. 431 00:23:48,680 --> 00:23:51,920 It's like, OK, but you're asking everybody else to do exactly 432 00:23:51,920 --> 00:23:54,160 that in order for these things to work. 433 00:23:54,920 --> 00:23:59,600 And so sorry, go ahead. I, I, I want to ask about that 434 00:23:59,600 --> 00:24:03,080 item, about people not trusting the sink backwards. 435 00:24:03,080 --> 00:24:07,400 I mean, it seems like if you're establishing some sort of IM 436 00:24:07,400 --> 00:24:10,960 bubble, why wouldn't you want to sync back some of that data or 437 00:24:10,960 --> 00:24:14,040 some of those attributes for future use? 438 00:24:14,040 --> 00:24:17,720 Maybe it's, hey, wait, this guy is a license, we've verified it 439 00:24:17,720 --> 00:24:19,760 here. Would you want to carry some of 440 00:24:19,760 --> 00:24:22,160 that information forward? I mean, I'm trying to think of 441 00:24:22,160 --> 00:24:25,720 like obviously the security aspect of it, but I would think 442 00:24:25,720 --> 00:24:27,520 enriching data is generally a good thing though. 443 00:24:28,360 --> 00:24:30,520 Well, yeah. And in the bubbles construct, it 444 00:24:30,520 --> 00:24:32,840 absolutely is. We would expect these bubbles 445 00:24:32,840 --> 00:24:38,600 not to just be, you know, input only views of the world 'cause 446 00:24:38,600 --> 00:24:41,720 they're out there collecting all sorts of information that is 447 00:24:41,720 --> 00:24:44,160 going to be useful to other parties in the network. 448 00:24:44,480 --> 00:24:48,560 And so we would want that to not only propagate back up any type 449 00:24:48,560 --> 00:24:52,200 of tree, but we would also want to be able to share that out to 450 00:24:52,200 --> 00:24:56,520 other peers. So let's say, for example, you 451 00:24:56,520 --> 00:25:00,480 know, we're, we're AUS thing and we, we show up, we've got our 452 00:25:00,480 --> 00:25:05,360 bubble and one person comes over from the UK and we onboard them 453 00:25:05,360 --> 00:25:09,240 into our system. And then then we go and we 454 00:25:09,240 --> 00:25:13,880 connect our system out to the French system and we can say 455 00:25:13,880 --> 00:25:18,520 like, oh, hey, we have this, we have this Brit with us and we 456 00:25:18,520 --> 00:25:20,640 validated it. Here's our record of the 457 00:25:20,640 --> 00:25:24,840 validation that we did and we can assert that out to you. 458 00:25:25,480 --> 00:25:29,280 So in other words, we're kind of doing an identity proxy at this 459 00:25:29,280 --> 00:25:33,600 point, but it's not, it's not the traditional real time online 460 00:25:33,600 --> 00:25:38,120 proxying where you're sending them out to the IDP and then to 461 00:25:38,120 --> 00:25:40,920 our IDP and then to the other system all at runtime. 462 00:25:40,920 --> 00:25:44,320 It's we did that once we wrote it down, here's the record. 463 00:25:44,800 --> 00:25:48,160 If this is good enough for you, then great, trust it. 464 00:25:48,160 --> 00:25:51,160 If not, there's a record in here that says, hey, that's where 465 00:25:51,160 --> 00:25:56,000 this person's IDP is. So they might connect out to the 466 00:25:56,000 --> 00:25:59,320 French system, which then says, you know what, OK, fine, for 467 00:25:59,320 --> 00:26:01,960 today, we'll let you in. But if you want to come back 468 00:26:01,960 --> 00:26:03,800 tomorrow, we need to talk to your IDP. 469 00:26:04,080 --> 00:26:06,800 Once we're back online, we're going to talk to your IDP to 470 00:26:06,800 --> 00:26:10,160 make sure, really make sure that that is the right type of 471 00:26:10,160 --> 00:26:12,840 connection. And this is that type of data 472 00:26:12,840 --> 00:26:16,840 augmentation that is really, really rich that ends up getting 473 00:26:16,840 --> 00:26:20,800 just completely sort of chopped and lost in systems today. 474 00:26:20,800 --> 00:26:23,800 Because right now, like I said, what happens is somebody like 475 00:26:23,800 --> 00:26:26,360 that shows up, It's like, oh, fine, we'll just make him a 476 00:26:26,360 --> 00:26:28,160 local account so that they can log in. 477 00:26:28,160 --> 00:26:31,440 And then, and then you lose that entire chain of information, 478 00:26:31,720 --> 00:26:33,840 right? You lose all of that rich 479 00:26:33,840 --> 00:26:36,880 information. So now when it goes to, for 480 00:26:36,880 --> 00:26:41,840 example, audit things six months later after all of this is, is 481 00:26:41,840 --> 00:26:46,120 done, you, you can say, well, I there was somebody that made a 482 00:26:46,120 --> 00:26:48,720 local account named Jay McDonald. 483 00:26:48,760 --> 00:26:51,080 We don't, that's all that we have. 484 00:26:51,800 --> 00:26:53,600 You know, he did a bunch of things. 485 00:26:53,600 --> 00:26:57,080 We don't know what that means where as opposed to like, no, 486 00:26:57,080 --> 00:27:00,480 this is Jim, he came from here. We onboarded him On this date. 487 00:27:00,480 --> 00:27:04,360 We checked the provenance on these, on these dates and these 488 00:27:04,360 --> 00:27:06,000 are the things that he did within the system. 489 00:27:06,440 --> 00:27:09,760 And it's like, oh, by the way, when I'm back online and I'm 490 00:27:09,760 --> 00:27:13,800 doing this sort of, it's not, it's not really a reconciliation 491 00:27:13,800 --> 00:27:16,480 in a classical data sense, but it's kind of a this, this 492 00:27:16,480 --> 00:27:19,960 reconnection exercise. I can go back and say, oh, like, 493 00:27:20,000 --> 00:27:24,240 hey, Jay McDonald came from you guys. 494 00:27:25,040 --> 00:27:28,960 He did some shady stuff. And this is the nature of the 495 00:27:28,960 --> 00:27:32,560 shady stuff that happened. You might wanna, you might wanna 496 00:27:32,560 --> 00:27:35,560 look into that account a little bit, 'cause we had to like, we 497 00:27:35,560 --> 00:27:38,360 had to like shut them down and cordon them off over here for a 498 00:27:38,360 --> 00:27:42,440 little while. And that might be news to to 499 00:27:42,440 --> 00:27:46,840 Jim's organization or that might have been why they sent Jim, you 500 00:27:46,840 --> 00:27:47,600 know. That's just Jim. 501 00:27:47,600 --> 00:27:49,320 That's just Jim doing Jim things. 502 00:27:50,000 --> 00:27:51,000 Exactly. It started. 503 00:27:51,000 --> 00:27:55,200 Sorry to pick on you, Jim, but you know, just to make it, just 504 00:27:55,200 --> 00:27:58,920 to make it really concrete, these are the types of like 505 00:27:59,080 --> 00:28:03,560 really local, really individual types of decisions that we, 506 00:28:03,560 --> 00:28:07,320 we've got to make. And this notion of, oh, we can 507 00:28:07,320 --> 00:28:12,080 just centralized all of our identities that really starts to 508 00:28:12,080 --> 00:28:14,520 fall apart. So to to the synchronization 509 00:28:14,520 --> 00:28:19,440 thing, that is absolutely key to the whole Bubbles concept and 510 00:28:19,440 --> 00:28:24,160 prototypes. It is antithetical though to an 511 00:28:24,160 --> 00:28:29,960 identity Shard because if I am only supposed to have my subset 512 00:28:29,960 --> 00:28:35,680 copy my subservient copy of some portion of the IDP, well then 513 00:28:35,680 --> 00:28:37,520 what are all of these other accounts doing there? 514 00:28:37,520 --> 00:28:41,440 That's, that's aberance. That is, you know, I'm going off 515 00:28:41,440 --> 00:28:46,880 of what I was told was OK, and now synchronizing with all of 516 00:28:46,880 --> 00:28:49,040 that. Does that mean that I'm supposed 517 00:28:49,040 --> 00:28:51,520 to just throw that out? I'm supposed to eject all of 518 00:28:51,520 --> 00:28:52,920 these people that I've onboarded? 519 00:28:54,400 --> 00:28:56,600 Because if you tell me to do that, what am I probably going 520 00:28:56,600 --> 00:28:59,000 to do? Just go make new accounts as 521 00:28:59,000 --> 00:29:01,080 soon as the synchronization is over, right? 522 00:29:01,440 --> 00:29:03,400 Because people need to get things done at the end of the 523 00:29:03,400 --> 00:29:06,040 day. This, and this goes back to 524 00:29:06,040 --> 00:29:10,200 something I, I know I mentioned in the last show, I very, very 525 00:29:10,200 --> 00:29:14,440 deeply feel that security needs to serve functionality. 526 00:29:15,440 --> 00:29:18,440 You know, it needs to be there to protect systems, absolutely. 527 00:29:18,440 --> 00:29:24,560 But it's only as good as the functionality that it enables 528 00:29:24,840 --> 00:29:27,880 and not the functionality that it prevents. 529 00:29:27,880 --> 00:29:30,760 Not the attacks that it prevents, not the, you know, 530 00:29:30,760 --> 00:29:32,600 the, the off label stuff that it prevents. 531 00:29:32,600 --> 00:29:36,440 It's only as good as the positive functionality that it 532 00:29:36,440 --> 00:29:39,000 enables. Well, you're talking about the 533 00:29:39,000 --> 00:29:42,120 the usability of security, which I think is, is hugely important, 534 00:29:42,120 --> 00:29:44,000 right? It doesn't matter how many rules 535 00:29:44,000 --> 00:29:47,400 you have, if they're not designed around humans, I think 536 00:29:47,400 --> 00:29:49,680 it makes it just that much more difficult to comply with. 537 00:29:50,120 --> 00:29:52,640 I want to ask you one more question about the bubbles 538 00:29:53,040 --> 00:29:54,640 because now I got my head thinking here about these 539 00:29:54,640 --> 00:30:00,440 different kind of use cases. Can two bubbles merge to form a 540 00:30:00,440 --> 00:30:03,880 bigger bubble? So in that example that you used 541 00:30:03,880 --> 00:30:06,560 of like, OK, well, here is, you know, the US and England and 542 00:30:06,560 --> 00:30:10,480 then France. And what if the US and England 543 00:30:10,480 --> 00:30:13,920 are working on one thing and then they kind of are working on 544 00:30:13,920 --> 00:30:16,080 the same thing? Would it become one big bubble? 545 00:30:16,360 --> 00:30:19,560 Would it be two little bubbles that are kind of Federated to 546 00:30:19,560 --> 00:30:21,800 each other immediately? Like how do you see that kind of 547 00:30:21,800 --> 00:30:27,320 use case taking place? So I, I, I see it happening in 548 00:30:27,320 --> 00:30:30,360 two potential ways, although I think we'll see what it really 549 00:30:30,360 --> 00:30:34,560 looks like once once this type of thing is deployed and people 550 00:30:34,560 --> 00:30:36,840 start throwing it up against the wall to see what breaks. 551 00:30:37,880 --> 00:30:41,040 But where I see it happening is in that type of scenario. 552 00:30:41,120 --> 00:30:44,960 I think that if you have an environment where you have two 553 00:30:44,960 --> 00:30:47,760 existing groups that need to come together to work on 554 00:30:47,760 --> 00:30:52,480 something together, you create a new bubble for that working 555 00:30:52,480 --> 00:30:56,120 together portion. So either one side or the other 556 00:30:56,120 --> 00:30:58,960 is going to host it, or you're going to create a new 557 00:30:58,960 --> 00:31:01,240 environment where all of this actually happens. 558 00:31:01,240 --> 00:31:06,480 And we see that pattern in the research and academia world with 559 00:31:06,480 --> 00:31:10,040 virtual organizations and like, people will go stand up a lab 560 00:31:10,040 --> 00:31:13,320 that is, yeah, you know, a partnership of seven different 561 00:31:13,320 --> 00:31:15,920 universities and a bunch of commercial firms and some 562 00:31:15,920 --> 00:31:19,200 government funding, right. Like that's that's exactly the 563 00:31:19,200 --> 00:31:23,520 type of like weird collaboration that we should be taking 564 00:31:23,520 --> 00:31:26,400 inspiration from. Now, in the academic world, the 565 00:31:26,400 --> 00:31:29,680 assumption is that you're online so that you can check ID PS, you 566 00:31:29,680 --> 00:31:32,720 can check account records, you can do all of that type of 567 00:31:32,720 --> 00:31:34,840 stuff. But if we take that type of 568 00:31:34,840 --> 00:31:38,840 dynamic environment and move it into this space where it's a lot 569 00:31:38,840 --> 00:31:43,000 more dynamic and it's not like we can't really sit down and 570 00:31:43,000 --> 00:31:46,320 plan this over a, a bunch of grant writing sessions. 571 00:31:47,440 --> 00:31:49,760 We just kind of have to make it happen. 572 00:31:50,160 --> 00:31:52,560 Like that's the type of space that I'm talking about. 573 00:31:53,520 --> 00:31:58,320 So to me, I think the most sensible thing would be for a 574 00:31:58,680 --> 00:32:03,160 these organizations to create sort of a new bubble that 575 00:32:05,080 --> 00:32:07,520 running somewhere it almost doesn't matter where at this 576 00:32:07,520 --> 00:32:13,080 point, but it gets on boarded by members of both of those bubbles 577 00:32:13,080 --> 00:32:15,600 into that space. So now you have this separate 578 00:32:15,600 --> 00:32:20,440 independent environment that is then sort of parented to two 579 00:32:20,440 --> 00:32:25,320 other places and it knows how to talk back to both of those, both 580 00:32:25,320 --> 00:32:29,040 of those other domains. And immediately you can start to 581 00:32:29,040 --> 00:32:32,800 see where the Shard thing doesn't work anymore because 582 00:32:32,800 --> 00:32:35,400 like this is not a subset of either of those. 583 00:32:35,880 --> 00:32:41,560 It is a subset and union. And this is the type of math 584 00:32:41,560 --> 00:32:43,680 that doesn't work with trees, right? 585 00:32:44,080 --> 00:32:46,600 They they get too, too tangled with each other like this. 586 00:32:46,600 --> 00:32:49,160 We are very deeply into graph territory now. 587 00:32:50,800 --> 00:32:53,920 Justin, you mentioned a company that you're working with on this 588 00:32:54,040 --> 00:32:57,240 federation Bubbles concept, Uber Ether. 589 00:32:57,240 --> 00:32:59,960 I've never heard of them. What did they do? 590 00:33:00,480 --> 00:33:04,640 So Uber Ether is a technology integrator in the US They do a 591 00:33:04,640 --> 00:33:07,640 lot of work on the federal government side, a lot of 592 00:33:07,640 --> 00:33:12,760 identity platform type of stuff. So a lot of government agencies, 593 00:33:13,720 --> 00:33:18,600 you know, don't have the don't have the IT depth to go and 594 00:33:18,600 --> 00:33:21,760 stand up a secure identity system. 595 00:33:21,960 --> 00:33:26,320 Uber Ether will run that. They don't actually, they don't 596 00:33:26,320 --> 00:33:30,560 have an identity sort of a core identity product like a Ping or 597 00:33:30,560 --> 00:33:34,640 Ford Rock, although I guess that's the same thing now or, or 598 00:33:34,640 --> 00:33:39,840 anything like that. But but they will give you a 599 00:33:39,840 --> 00:33:43,600 platform that runs that and sets that up with all of like the 600 00:33:43,880 --> 00:33:46,520 provisioning and all of the bits and pieces that make the most 601 00:33:46,520 --> 00:33:49,880 sense for that given agency and organization. 602 00:33:50,440 --> 00:33:54,040 And a big part of this, a big part of what they've been 603 00:33:54,040 --> 00:33:57,040 working on is stuff with the Department of Defense, which as 604 00:33:57,040 --> 00:34:01,160 you can imagine, both needs pretty advanced functionality 605 00:34:01,160 --> 00:34:05,480 and is also, quite frankly, 20 to 30 years behind the times in 606 00:34:05,480 --> 00:34:12,239 terms of this notion of what what technology we actually feel 607 00:34:12,239 --> 00:34:16,040 like running. Like I mentioned, I used to work 608 00:34:16,040 --> 00:34:19,480 for a company called Miter. We did tons of work with the US 609 00:34:19,480 --> 00:34:22,000 federal government. I was on the research side, but 610 00:34:22,000 --> 00:34:25,400 I still touched a lot of the customer side stuff while I was 611 00:34:25,400 --> 00:34:30,920 there. And I remember back, I want to 612 00:34:30,920 --> 00:34:35,760 say this was like, this is about 10 years ago now, but talking 613 00:34:35,760 --> 00:34:38,360 with a government group even then. 614 00:34:38,679 --> 00:34:40,880 And they were like, well, we just heard of this new thing 615 00:34:40,880 --> 00:34:45,560 called SAML and we're thinking about using it, but we're not 616 00:34:45,560 --> 00:34:49,400 sure yet. And the reason for this is that 617 00:34:49,400 --> 00:34:54,880 these systems move very slowly. And some of that's a good thing 618 00:34:54,880 --> 00:34:58,920 'cause it's a little bit more predictable, but it also you, 619 00:34:59,040 --> 00:35:01,960 you lose out on a lot of the like, well, we need to go solve 620 00:35:01,960 --> 00:35:04,160 all of these problems. And we're trying to do it with, 621 00:35:05,080 --> 00:35:09,640 with this technology that has been around for 30 years. 622 00:35:10,080 --> 00:35:12,080 It's it's a really difficult mismatch. 623 00:35:13,800 --> 00:35:21,240 So anyway, Uber Ether will basically build and run modern 624 00:35:21,240 --> 00:35:25,480 identity platforms for all of these different groups they 625 00:35:25,480 --> 00:35:27,760 specialize with, with the federal stuff. 626 00:35:27,760 --> 00:35:30,600 But it's not just necessarily that space. 627 00:35:32,040 --> 00:35:34,800 Cool. So you had mentioned a couple of 628 00:35:34,800 --> 00:35:37,960 standards. I wanted to talk about those. 629 00:35:37,960 --> 00:35:40,880 The first one was whimsy, the second one was spiffy. 630 00:35:40,880 --> 00:35:44,400 Can you kind of give us the overview of what they do and 631 00:35:44,400 --> 00:35:49,360 maybe an add on of what the tie in back to Federation bubbles 632 00:35:49,360 --> 00:35:51,480 was? So starting with whimsy. 633 00:35:52,120 --> 00:35:55,360 Yeah, of course. So they're actually, they're 634 00:35:55,360 --> 00:35:58,920 actually related. So Whimsy is the workload 635 00:35:58,920 --> 00:36:02,640 identity and Multi systems environments working group in 636 00:36:02,640 --> 00:36:06,200 the IETF, the ITF being the standards body that gave us 637 00:36:06,200 --> 00:36:10,920 things like HTTP and Oauth and TCP and TLS and all of these 638 00:36:10,920 --> 00:36:15,880 other great acronyms. And what we're doing with with 639 00:36:15,960 --> 00:36:20,720 Whimsy, which has to be one of my favorite acronyms to date, is 640 00:36:22,080 --> 00:36:25,080 we're trying to look at the space of workload identity. 641 00:36:25,200 --> 00:36:29,280 So let's say you're out and you you need to spin up one of 642 00:36:29,280 --> 00:36:34,280 these, one of these bubbles. Well, that's a stack of software 643 00:36:34,920 --> 00:36:37,880 and all that software is just going to be kind of like waking 644 00:36:37,880 --> 00:36:39,920 up. And just like in its 645 00:36:39,920 --> 00:36:44,520 environment, you need to know that your database is connecting 646 00:36:44,520 --> 00:36:48,000 to the right things. That your your API processing is 647 00:36:48,000 --> 00:36:50,520 going through all of the right channels, that your filters are 648 00:36:50,520 --> 00:36:53,840 all lined up in the OR in are lined up in the in the right 649 00:36:53,840 --> 00:36:55,680 ways. That everything is running 650 00:36:55,880 --> 00:36:59,200 software that actually has a good software bill of materials 651 00:36:59,200 --> 00:37:02,200 to it that all of that's BeenVerified and validated and 652 00:37:02,200 --> 00:37:06,120 you need to be able to secure and reason about all of the 653 00:37:06,120 --> 00:37:08,560 connections between all of these pieces. 654 00:37:09,320 --> 00:37:13,480 Well, solving that is actually where solving parts of that is 655 00:37:13,480 --> 00:37:17,800 actually where Spiffy comes in. And I always forget what spiffy 656 00:37:17,800 --> 00:37:22,200 stands for. It's secure something identity 657 00:37:22,200 --> 00:37:26,600 for everybody. It's SPIFFE will have a, a link 658 00:37:26,600 --> 00:37:28,240 in the, in the show notes, I'm sure. 659 00:37:28,800 --> 00:37:33,240 And, and what Spiffy does is that when a piece of software 660 00:37:33,240 --> 00:37:36,160 wakes up, sort of the environment around the software 661 00:37:36,160 --> 00:37:42,720 says, oh, here's your identity, here's your, your credentials 662 00:37:42,800 --> 00:37:46,760 for calling other people. And importantly, here's the set 663 00:37:46,760 --> 00:37:50,440 of things that you trust. So it's this bootstrapping of 664 00:37:50,440 --> 00:37:53,280 trust at a very, very fundamental software level at 665 00:37:53,280 --> 00:37:57,120 runtime that Spiffy solves. What we're doing with Whimsy is 666 00:37:57,120 --> 00:38:00,760 saying like, OK, so we can get that part and we know how to 667 00:38:00,760 --> 00:38:03,800 talk to different things in terms of like O auth 668 00:38:03,800 --> 00:38:08,760 authorization or, you know, user identities coming in or 669 00:38:08,760 --> 00:38:11,760 credentials coming in. How do we start to reason about 670 00:38:11,760 --> 00:38:14,440 systems as we connect them all together and especially as we 671 00:38:14,440 --> 00:38:19,080 cross security boundaries? You know, it might not be enough 672 00:38:19,080 --> 00:38:22,360 that it's just, oh, this one workload is connecting to this 673 00:38:22,360 --> 00:38:24,320 other workload and they're allowed to do whatever they're 674 00:38:24,320 --> 00:38:26,720 allowed to do. I might actually want to know 675 00:38:26,720 --> 00:38:30,200 that in order for this one to call the second one, well, 676 00:38:30,320 --> 00:38:32,160 something else has to have been called first. 677 00:38:32,160 --> 00:38:36,400 Maybe that's an auditing system or maybe that's a a very 678 00:38:36,400 --> 00:38:39,760 specific gateway that that request has to come through 679 00:38:39,920 --> 00:38:41,960 before this is even allowed to talk to me. 680 00:38:42,760 --> 00:38:45,960 Now in today's systems, a lot of a lot of stuff is like you're 681 00:38:45,960 --> 00:38:48,320 down here on the leaf node and you're like, Oh, well, if 682 00:38:48,320 --> 00:38:51,320 somebody's calling me, everything must have gone right. 683 00:38:51,880 --> 00:38:55,360 And so I can just trust that everything else happened just 684 00:38:55,360 --> 00:38:59,120 fine. And then I'm just going to do my 685 00:38:59,120 --> 00:39:02,600 little job and then that's it. Obviously that's very fragile. 686 00:39:03,040 --> 00:39:07,600 That's a very sort of, you know, harden the exterior and keep the 687 00:39:07,600 --> 00:39:11,320 inside soft and squishy type of type of thinking. 688 00:39:11,680 --> 00:39:15,960 As we move towards smaller and smaller boundaries around zero 689 00:39:15,960 --> 00:39:19,960 trust thinking, we need to be able to say like, OK, not only 690 00:39:19,960 --> 00:39:22,600 is the correct party calling me, they're calling me in the right 691 00:39:22,600 --> 00:39:24,880 context. It came through the right call 692 00:39:24,880 --> 00:39:28,160 chain, which may actually not even be a single linear chain. 693 00:39:28,320 --> 00:39:30,760 You know, it may have graphed off into a whole bunch of 694 00:39:30,760 --> 00:39:32,560 different systems before it ever got to me. 695 00:39:33,160 --> 00:39:36,520 If I can quickly check that against something that said, 696 00:39:36,520 --> 00:39:38,520 here's the list of things that you trust. 697 00:39:38,520 --> 00:39:40,640 Here's the policies that you're supposed to check it against. 698 00:39:41,320 --> 00:39:45,280 Well, then I can actually make some real determinations about 699 00:39:45,280 --> 00:39:47,880 what I'm supposed to be doing here in this system. 700 00:39:48,680 --> 00:39:51,600 And that's the type of stuff we're doing in Whimsy. 701 00:39:52,200 --> 00:39:55,400 So how this relates to bubbles is we spin up this bubble and 702 00:39:55,400 --> 00:39:58,080 yeah, we need to be able to identify all of the pieces that 703 00:39:58,080 --> 00:40:01,280 are running inside of it. But also, I think that there's a 704 00:40:01,280 --> 00:40:05,720 lot of applicability at a more macro level because once I spin 705 00:40:05,720 --> 00:40:09,120 up one of these bubbles, well, I'm going to want to be able to 706 00:40:09,120 --> 00:40:13,720 talk to other bubbles. That means I need to be able to 707 00:40:13,800 --> 00:40:18,120 address another bubble. When I send a user, so I've got 708 00:40:18,120 --> 00:40:22,000 this Jay McDonald guy that I'm sending over to you and I 709 00:40:22,000 --> 00:40:24,080 actually got his account from somewhere else. 710 00:40:24,080 --> 00:40:27,840 Well, I need to be able to say somewhere else in a way that 711 00:40:27,840 --> 00:40:30,960 makes sense to you. I need to be able to say through 712 00:40:30,960 --> 00:40:32,920 me in a way that makes sense to you. 713 00:40:33,640 --> 00:40:37,920 And we can't just assume that everything is on a publicly 714 00:40:37,920 --> 00:40:43,400 available web-based URL like a lot of the a lot of the 715 00:40:43,400 --> 00:40:47,760 federation systems that we we have today actually do. 716 00:40:48,320 --> 00:40:51,760 One of the things that Spiffy gives us is a way to build out 717 00:40:51,760 --> 00:40:56,120 URLs within their trust bundles that that actually makes sense 718 00:40:56,120 --> 00:40:59,440 contextually. And this actually brings up a a 719 00:40:59,440 --> 00:41:04,440 really, really interesting tie in from the very beginning of 720 00:41:04,440 --> 00:41:08,120 the show is the award of the greatest dad ever. 721 00:41:08,120 --> 00:41:12,800 I believe it was. And here's the thing, it's 722 00:41:12,840 --> 00:41:16,440 absolutely reasonable. I think we all know that is 723 00:41:16,440 --> 00:41:20,480 absolutely reasonable for every kid to give their dad the 724 00:41:20,480 --> 00:41:27,480 greatest dad mug because that is a contextual assertion, right? 725 00:41:28,080 --> 00:41:33,280 Greatest dad of all time is a contextual exactly. 726 00:41:33,280 --> 00:41:38,080 And so that is the bit that makes that truly meaningful. 727 00:41:38,680 --> 00:41:41,000 It's not actually a global declaration. 728 00:41:41,000 --> 00:41:43,000 As much as we love, we love to joke about that. 729 00:41:43,040 --> 00:41:46,160 Like I, I, I love that joke. It's a great, it's a great 730 00:41:46,160 --> 00:41:48,160 standby. It's really wonderful. 731 00:41:49,120 --> 00:41:52,560 But the truth of it is that just like in all of these security 732 00:41:52,560 --> 00:41:58,560 systems, it's contextual. Like I might be needing to make 733 00:41:58,600 --> 00:42:03,200 a decision about what to do next based entirely on only the 734 00:42:03,200 --> 00:42:04,880 things that I know in my environment. 735 00:42:05,400 --> 00:42:08,200 And I might have some policy that says only the greatest dad 736 00:42:08,200 --> 00:42:15,520 of all time can call this API and and when he does then then 737 00:42:15,520 --> 00:42:18,000 he gets the data. Everybody else I just give him a 738 00:42:18,000 --> 00:42:21,160 403 and say Nope, not going to happen. 739 00:42:22,000 --> 00:42:23,600 Thing is, how do I determine that? 740 00:42:24,480 --> 00:42:27,040 How do I determine the validity of that assertion? 741 00:42:28,600 --> 00:42:31,880 It's probably going to be it's only asserted by people that I 742 00:42:31,880 --> 00:42:35,240 trust to make that particular assertion within a context that 743 00:42:35,240 --> 00:42:39,120 I am comfortable with validating it in. 744 00:42:40,480 --> 00:42:44,200 And that's the reality of all of these security systems that are 745 00:42:44,200 --> 00:42:46,680 out there today, whether we like to think about it that way or 746 00:42:46,680 --> 00:42:49,040 not. I think we're too quick to say 747 00:42:49,280 --> 00:42:52,640 like, Oh yeah, we're going to solve things on a global scale 748 00:42:53,240 --> 00:42:57,560 of like we'll have an authorization policy for every 749 00:42:57,560 --> 00:42:59,600 system that we deploy and it's all going to be the same. 750 00:42:59,600 --> 00:43:01,320 We're going to manage it centrally. 751 00:43:01,320 --> 00:43:04,600 We're going to have like a cedar file that we just send out to 752 00:43:04,600 --> 00:43:06,000 everybody and it's just going to work. 753 00:43:06,640 --> 00:43:09,680 It's like, OK, that's that's going to get you some distance 754 00:43:09,680 --> 00:43:12,160 of the way. But eventually down there at the 755 00:43:12,160 --> 00:43:15,520 nodes, I'm going to need to be able to decide. 756 00:43:16,200 --> 00:43:18,200 Well, you claim to be the greatest ad. 757 00:43:18,200 --> 00:43:21,120 Do I believe that? Like who said it? 758 00:43:21,160 --> 00:43:25,080 Where does that come from? And yeah, if your kids tells you 759 00:43:25,080 --> 00:43:28,760 that, that's great. If a random stranger on the 760 00:43:28,760 --> 00:43:33,960 street handed you that, I think it would be a much stranger type 761 00:43:33,960 --> 00:43:37,560 of conversation than. What I do in my own time is my 762 00:43:37,560 --> 00:43:39,800 own business just. You know, no judgement here, no 763 00:43:39,800 --> 00:43:45,600 judgement but but really that's really one of the core things 764 00:43:45,600 --> 00:43:48,800 here is that we're embracing that contextuality. 765 00:43:49,160 --> 00:43:53,840 We're embracing that messiness at the edge and just admitting 766 00:43:53,840 --> 00:43:56,920 that it's there and admitting that it's not part of a problem, 767 00:43:56,920 --> 00:43:58,440 but it's just it's part of the world. 768 00:43:58,720 --> 00:44:04,000 That's just how this works. And so by no longer pretending 769 00:44:04,000 --> 00:44:07,920 that that's not part of this overall conversation, now we can 770 00:44:07,920 --> 00:44:10,200 really start to make some smart decisions about it. 771 00:44:10,720 --> 00:44:15,680 You know, we can really start to think about how we process these 772 00:44:15,680 --> 00:44:19,000 things, how we talk about these things 'cause I can now actually 773 00:44:19,000 --> 00:44:22,320 say like Jim's kids called him the greatest dad. 774 00:44:23,360 --> 00:44:28,360 That is a, that is an assertion that I can make and you can do 775 00:44:28,360 --> 00:44:32,240 with that whatever you like. You know, I can, I can check the 776 00:44:32,240 --> 00:44:33,760 Providence that might be good enough for me. 777 00:44:33,760 --> 00:44:36,480 That might not be good enough for you because we're operating 778 00:44:36,480 --> 00:44:40,320 in different contexts and I need to be able to make those 779 00:44:40,320 --> 00:44:42,760 statements and reason about those statements in a way that 780 00:44:42,760 --> 00:44:45,160 crosses boundaries in a way that actually makes sense. 781 00:44:46,000 --> 00:44:50,400 So Spiffy solves the identity piece just for that running bit 782 00:44:50,400 --> 00:44:53,200 of software. Whimsy's looking at how do we 783 00:44:53,640 --> 00:44:57,400 reason about this across multiple systems, especially 784 00:44:57,400 --> 00:45:00,360 across security domains. And the bubbles concept is 785 00:45:00,360 --> 00:45:05,160 really looking at that at a, that same style of thing, but at 786 00:45:05,160 --> 00:45:09,080 a macro level. You know, how can I have an 787 00:45:09,080 --> 00:45:13,600 identity system that I know is independent and that I that I 788 00:45:13,600 --> 00:45:18,560 treat as independent and that is not always connected but is not 789 00:45:18,560 --> 00:45:22,400 always disconnected 'cause like when I come back online, like 790 00:45:22,400 --> 00:45:25,640 you were saying, Jeff, I want to be able to say like, hey, these 791 00:45:25,800 --> 00:45:28,080 three electricians came on. Can I double check all of their 792 00:45:28,080 --> 00:45:29,800 credentials right now? OK, great, thank you. 793 00:45:30,280 --> 00:45:31,840 Right. I want to be able to do that 794 00:45:31,840 --> 00:45:36,200 kind of thing and not just sweep all of that under the rug. 795 00:45:38,920 --> 00:45:40,200 Yeah, it's a real interesting concept. 796 00:45:40,200 --> 00:45:44,240 I'd be curious to see how it continues to evolve and more 797 00:45:44,240 --> 00:45:46,520 importantly, how does this actually make it into the real 798 00:45:46,520 --> 00:45:47,120 world? Right. 799 00:45:47,120 --> 00:45:49,760 From a thought experiment and and I will assume there's 800 00:45:49,760 --> 00:45:52,880 probably stuff that's happening, but it seems like it's very much 801 00:45:52,880 --> 00:45:56,160 still on the upward trajectory of figuring things out, right? 802 00:45:56,680 --> 00:45:58,360 Absolutely. We're building into bits and 803 00:45:58,360 --> 00:46:03,000 pieces, figuring out where the technology gaps are, deploying 804 00:46:03,000 --> 00:46:06,000 it where it makes most sense. And one of the things I've said 805 00:46:06,000 --> 00:46:08,760 from the very beginning of this is that it's, it's not a 806 00:46:08,760 --> 00:46:12,680 product, it's not a technology stack, it's not even a standard, 807 00:46:13,760 --> 00:46:17,600 because there have been attempts to have like a global vision of 808 00:46:17,880 --> 00:46:20,280 distributed identity systems. And it's like, well, if 809 00:46:20,280 --> 00:46:24,440 everybody would just use this agent, then all the problems 810 00:46:24,440 --> 00:46:27,440 would go away. And that's just that is never 811 00:46:27,440 --> 00:46:29,520 going to happen because as soon as you want to connect to 812 00:46:29,520 --> 00:46:31,240 somebody else, they're going to be using a different agent, 813 00:46:31,720 --> 00:46:32,840 right? They're going to be using a 814 00:46:32,840 --> 00:46:35,760 different schema, They're going to be using something that's not 815 00:46:35,760 --> 00:46:38,200 the same. And so the interoperability 816 00:46:38,200 --> 00:46:42,720 here, I think needs to be about as messy as as it it, it can be 817 00:46:42,720 --> 00:46:46,440 and still connect because that's that's how human systems work. 818 00:46:47,800 --> 00:46:51,760 So I'm looking forward to the next RSA where we start to see 819 00:46:51,760 --> 00:46:55,680 products with, you know, 100% more bubbles or something like 820 00:46:55,680 --> 00:47:00,200 that, just like we saw with the AI and Zero trust and all that 821 00:47:00,200 --> 00:47:02,560 other stuff. I want to wrap up our 822 00:47:02,560 --> 00:47:08,040 conversation on a lighter note and I'm happy to say that I am a 823 00:47:08,240 --> 00:47:10,920 sponsor or contributor or funder. 824 00:47:10,920 --> 00:47:12,120 I'm not sure what the right word is. 825 00:47:12,120 --> 00:47:15,080 Backer, I guess probably the right word of a new board game 826 00:47:15,200 --> 00:47:18,640 that you had been working on called Natural Ball. 827 00:47:19,160 --> 00:47:20,920 Talk about that cause got a link in our show notes. 828 00:47:20,920 --> 00:47:22,800 It sounds really cool. And I also want to get into 829 00:47:22,800 --> 00:47:24,600 Cards Against Identity for for a couple minutes. 830 00:47:24,600 --> 00:47:26,240 But tell us about Natural Ball. What is it? 831 00:47:26,560 --> 00:47:28,600 Yeah. Well, so one of the things we 832 00:47:28,600 --> 00:47:32,640 talked about last time is that one of the other things I do 833 00:47:32,640 --> 00:47:35,960 beyond all of this identity stuff is I really enjoy board 834 00:47:35,960 --> 00:47:39,160 games and I've, and you know, I like designing them. 835 00:47:39,840 --> 00:47:42,320 Cards Against Identity is something that I've, I've 836 00:47:42,320 --> 00:47:46,200 published a new version every single year over the last five 837 00:47:46,200 --> 00:47:49,440 years or so. And that's been a very small 838 00:47:50,280 --> 00:47:53,920 sort of niche thing that that shows up at the identity 839 00:47:53,920 --> 00:47:59,720 conference circuit. But with Natural Vol, this is a 840 00:47:59,720 --> 00:48:02,520 game that actually came to me through a friend of mine who I 841 00:48:02,520 --> 00:48:07,840 met in, she's based in Iceland. And she came up with the 842 00:48:07,840 --> 00:48:12,680 original idea of this game when just talking with her kid who 843 00:48:12,680 --> 00:48:16,720 was I think 9 or 10 at the time. And he just wanted more facts 844 00:48:16,720 --> 00:48:19,080 about animals. So like, hey, mom, can you just 845 00:48:19,080 --> 00:48:21,480 make a bunch of the animal flash cards and let's make an animal 846 00:48:21,480 --> 00:48:22,520 game. Let's do something. 847 00:48:23,000 --> 00:48:26,800 And so she came up with this idea of basically having animal 848 00:48:26,800 --> 00:48:30,760 flash cards with a bunch of statistics about the animals on 849 00:48:30,760 --> 00:48:34,600 the cards and then rolling dice to compare the statistics. 850 00:48:34,680 --> 00:48:38,200 Very simple rules, very simple mechanics, really easy for kids 851 00:48:38,200 --> 00:48:42,400 to pick up and learn and play. She showed me this game a couple 852 00:48:42,400 --> 00:48:45,880 of years ago and it had been sitting around in the back of my 853 00:48:45,880 --> 00:48:49,200 mind like, like, there's this there, this is a neat idea. 854 00:48:49,200 --> 00:48:51,440 Like this is, this is pretty, pretty neat. 855 00:48:51,440 --> 00:48:56,120 Now, she had been just printing things out on her home printer 856 00:48:56,120 --> 00:49:00,280 and, you know, putting contact paper over them because I had 857 00:49:00,280 --> 00:49:03,800 been doing game design and prototyping for a couple of 858 00:49:03,800 --> 00:49:06,400 years. I actually printed up, I went 859 00:49:06,400 --> 00:49:10,440 and designed and printed up an actual prototype, sent one copy 860 00:49:10,440 --> 00:49:14,080 to her in in Icelandic with the condition that she translated 861 00:49:14,080 --> 00:49:16,200 into English so that I could also have a copy. 862 00:49:17,400 --> 00:49:22,040 And then we had those for a little while and we're playing 863 00:49:22,040 --> 00:49:24,320 with, with our kids and with friends and stuff. 864 00:49:24,360 --> 00:49:27,840 And both of us were like, this is this is a fun game. 865 00:49:27,840 --> 00:49:30,320 Like this isn't just like a, a neat little hobby. 866 00:49:30,320 --> 00:49:33,720 So we want to make this into like a real commercially 867 00:49:33,720 --> 00:49:36,640 available board game. So what we're doing right now is 868 00:49:36,640 --> 00:49:40,920 we're trying to raise enough money through it's basically 869 00:49:40,920 --> 00:49:45,000 pre-orders with a bunch of extras through game found. 870 00:49:45,760 --> 00:49:49,520 And like Jeff said, you can find the link in the show notes. 871 00:49:50,000 --> 00:49:54,480 And the way that it works is if if we reach our goal by the end 872 00:49:54,480 --> 00:49:58,560 of it, then we are going to get a full set of these games 873 00:49:58,560 --> 00:50:01,560 printed from an actual game manufacturer. 874 00:50:01,640 --> 00:50:06,040 It's actually the same printer that does Wingspan and Pandemic 875 00:50:06,040 --> 00:50:10,120 Legacy and Gloomhaven and a bunch of other like really big 876 00:50:10,120 --> 00:50:11,520 games. They're they were. 877 00:50:11,720 --> 00:50:13,680 Legit. Yeah, they were really excited 878 00:50:13,680 --> 00:50:16,080 to work with us little indie developers. 879 00:50:16,360 --> 00:50:20,960 It's a it's a team of three people total, and that's that's 880 00:50:20,960 --> 00:50:23,600 been working on this. Four, if you count my friend's 881 00:50:23,600 --> 00:50:28,880 son, who's arguably the original designer for this whole project. 882 00:50:30,680 --> 00:50:34,160 And, and yeah, we're trying to, we're trying to kick this off. 883 00:50:34,160 --> 00:50:37,760 And so yeah, please check out the game. 884 00:50:38,000 --> 00:50:42,000 I spent way too much time putting together the the little 885 00:50:42,760 --> 00:50:45,200 pitch video that's on that website. 886 00:50:46,000 --> 00:50:50,080 So and that runs until I think mid-july. 887 00:50:51,040 --> 00:50:54,720 So if you if that sounds interesting to you or if you 888 00:50:54,720 --> 00:50:57,240 know somebody it sounds interesting too, please check it 889 00:50:57,240 --> 00:51:00,480 out and send it along. Yeah, we'll have a link in our 890 00:51:00,480 --> 00:51:01,640 show notes. I'm a backer. 891 00:51:01,640 --> 00:51:07,120 I bought one for myself and 1:00 to give to my local community 892 00:51:07,120 --> 00:51:08,640 thing. I think that's still to 893 00:51:08,640 --> 00:51:11,240 determine right how you like determine where, where the extra 894 00:51:11,240 --> 00:51:13,040 copies will go, but. Yeah. 895 00:51:13,160 --> 00:51:15,960 So that is that is something that we're doing with this 896 00:51:15,960 --> 00:51:17,440 because it's an educational game. 897 00:51:18,480 --> 00:51:22,720 We're giving people the option to basically pay for extra 898 00:51:22,720 --> 00:51:28,800 copies that then get donated and shipped out to to schools, to 899 00:51:28,800 --> 00:51:31,920 libraries, to community centers, to all sorts of things like 900 00:51:31,920 --> 00:51:34,840 that. So so yeah, you can get you can 901 00:51:34,840 --> 00:51:38,480 get a copy for yourself and there's a bunch of extras that 902 00:51:38,480 --> 00:51:43,720 you can do to like our artist is is gonna be like sketching 903 00:51:43,720 --> 00:51:46,000 animals for people. Or you could actually design a 904 00:51:46,000 --> 00:51:49,560 card to go in this. So we've got friends who like 905 00:51:50,800 --> 00:51:52,880 people have already contacted us that they're getting like their 906 00:51:52,880 --> 00:51:58,200 friends, pet cats on a card in this with whatever stats you 907 00:51:58,200 --> 00:51:59,080 want. We don't care if they're 908 00:51:59,080 --> 00:52:04,360 accurate at that point. And so like my kids hamster is 909 00:52:04,360 --> 00:52:07,200 probably gonna be gonna be one of one of the cards. 910 00:52:08,960 --> 00:52:13,400 But yeah, in addition to all of those extras, we're we're 911 00:52:13,400 --> 00:52:17,240 letting people sort of donate this to spaces that wouldn't 912 00:52:17,240 --> 00:52:20,760 have the opportunity to just go out and buy a $20 board game. 913 00:52:22,040 --> 00:52:25,560 And and that's something that we really, we, we felt really 914 00:52:25,560 --> 00:52:29,200 strongly about going into this. Yeah, it's a very cool idea. 915 00:52:29,200 --> 00:52:30,960 I love the art style of the direction of it. 916 00:52:31,040 --> 00:52:34,640 Like I said, I've I've I bought 2, so I'm looking forward to 917 00:52:34,640 --> 00:52:37,880 getting that one out. Cards can card scan's identity 918 00:52:38,200 --> 00:52:40,560 real quickly. What's the latest on that? 919 00:52:41,320 --> 00:52:42,760 Was there a new pack for this year? 920 00:52:42,760 --> 00:52:45,360 I I don't, I forgot to ask you identiverse about it, but. 921 00:52:45,680 --> 00:52:47,640 Yeah, so there was a new pack this year. 922 00:52:48,160 --> 00:52:53,440 I so it's one of those things that if you catch me on on the 923 00:52:53,440 --> 00:52:58,200 spring identity conference circuit, then I usually have a 924 00:52:58,200 --> 00:53:03,800 backpack full of them with me. Those sold out through the 925 00:53:03,800 --> 00:53:06,200 absolute gauntlet that was Identiversed immediately 926 00:53:06,200 --> 00:53:10,360 followed by EIC, plus a bunch of other stuff around that time. 927 00:53:11,560 --> 00:53:15,280 But you can go to cardsagainstidentity.com and 928 00:53:15,280 --> 00:53:21,360 that will actually you can, you can buy it online since that's a 929 00:53:21,360 --> 00:53:23,760 small run. It's a it's basically goes 930 00:53:23,760 --> 00:53:26,720 through a print on demand service, but you can get 931 00:53:26,720 --> 00:53:31,680 everything all going all the way back to the original 20/19/2019 932 00:53:31,680 --> 00:53:36,120 deck. What's your favorite white card 933 00:53:36,120 --> 00:53:40,000 and black card for this year? For this year, Oh my gosh. 934 00:53:42,440 --> 00:53:47,600 So I think my favorite black card is that's it. 935 00:53:47,600 --> 00:53:50,480 I'm creating my own standards organization with blank and 936 00:53:50,480 --> 00:53:57,920 blank and white card. Oh my gosh, there's so many 937 00:53:57,920 --> 00:54:02,080 different, there's so many cards now across all the years that I 938 00:54:02,120 --> 00:54:04,960 have to remember. I, I will say my, you know, 939 00:54:04,960 --> 00:54:07,360 instead I'll give you my favorite white card of all time 940 00:54:08,360 --> 00:54:11,280 was from a couple of years ago was the Super Vittorio card. 941 00:54:12,600 --> 00:54:16,920 As, as you know, there, there was somebody in our community, 942 00:54:16,920 --> 00:54:19,440 an absolute giant Vittorio Betochi. 943 00:54:20,600 --> 00:54:25,240 And there was, there's this video that's still on YouTube of 944 00:54:25,240 --> 00:54:27,760 him as a superhero anime character. 945 00:54:28,160 --> 00:54:32,440 And I was able to actually clip that from the video and get that 946 00:54:32,440 --> 00:54:36,680 onto onto a card And that that I don't think that one's gonna get 947 00:54:36,680 --> 00:54:39,080 replaced as my favorite card for a very long time. 948 00:54:40,120 --> 00:54:42,680 That's a tough one to top for sure, and well earned too, by 949 00:54:42,720 --> 00:54:45,080 the way. OK, why don't you go ahead and 950 00:54:45,080 --> 00:54:47,840 wrap it up, I think for this week, Justin, thank you so much 951 00:54:47,840 --> 00:54:50,400 for spending time with us. I'm really interested to see how 952 00:54:50,400 --> 00:54:52,720 this bubble, how these bubble things take off. 953 00:54:52,840 --> 00:54:55,280 I guess terrible pun, error rising. 954 00:54:55,280 --> 00:54:58,560 I don't know. So, you know, keep us posted on 955 00:54:58,560 --> 00:54:59,880 how that's goes on, how that goes. 956 00:54:59,880 --> 00:55:01,560 I'm sure there's other topics we want to talk about with you in 957 00:55:01,560 --> 00:55:03,560 the future. So we'll have you back if you 958 00:55:03,560 --> 00:55:06,280 are so inclined. Absolutely, thank you for having 959 00:55:06,280 --> 00:55:07,840 me on again. I would love to come back. 960 00:55:08,760 --> 00:55:10,920 Yeah, and I appreciate it. I, I, I mentioned before you 961 00:55:10,920 --> 00:55:13,800 before we started your real Pros pro from a microphone and a 962 00:55:13,800 --> 00:55:15,200 recording and all that good stuff. 963 00:55:15,200 --> 00:55:17,640 So two thumbs up makes my job easier. 964 00:55:17,920 --> 00:55:19,760 And this isn't even the good Let's see what the computer 965 00:55:19,760 --> 00:55:23,240 that's back there. You got so many that you're 966 00:55:23,240 --> 00:55:24,360 choosing from. Meanwhile, I'm here in a 967 00:55:24,360 --> 00:55:26,960 Springfield Suites in Minnesota. Oh, it's. 968 00:55:26,960 --> 00:55:30,760 It's with a lovely mini Can you call us a kitchen? 969 00:55:30,760 --> 00:55:34,640 I mean, it's got a mic, it's got a microwave and a fridge and I 970 00:55:34,640 --> 00:55:36,280 don't. Know drink the top water. 971 00:55:36,800 --> 00:55:39,400 Yeah, it's pretty bare. All right, let's leave it there. 972 00:55:40,120 --> 00:55:45,480 idacpodcast.com, Twitter at IDAC podcasts, the YouTube channel 973 00:55:45,480 --> 00:55:52,080 youtube.com slash at IDAC podcasts, Mastodon, IDC podcast 974 00:55:52,080 --> 00:55:55,120 at info psych dot exchange. Do all those cool things like 975 00:55:55,120 --> 00:55:57,160 like subscribe, share with your friends, share with your 976 00:55:57,160 --> 00:55:59,240 enemies, doesn't matter long people hit that button. 977 00:55:59,240 --> 00:56:01,960 I don't care who does it and we'll leave it there for this 978 00:56:01,960 --> 00:56:04,320 week. So thanks everyone for listening 979 00:56:04,320 --> 00:56:07,280 and or watching and talk with you all in the next one. 980 00:56:10,120 --> 00:56:13,240 You've been listening to Identity at the Center. 981 00:56:13,560 --> 00:56:17,640 We hope you've enjoyed the show. Make sure to like, rate and 982 00:56:17,640 --> 00:56:21,280 review, and we'll be back soon. But in the meantime, hit the 983 00:56:21,280 --> 00:56:24,680 website at identity@thecenter.com. 984 00:56:25,280 --> 00:56:29,400 See you next time on Identity at the Center.