I've been having an intellectually fascinating time diving into Internet fragmentation and how it is shaped by supply chains more than protocols. There’s another bottleneck ahead, though, one that’s even harder to reroute: people. Innovation doesn’t happen in a vacuum. It requires human talent that builds systems and sets standards. The post The People Problem: How Demographics Decide the Future of the Internet appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
I had one of those chance airplane conversations recently—the kind that sticks in your mind longer than the flight itself. My seatmate was reading a book about artificial intelligence, and at one point they described the idea of an “infinitely growing AI.” I couldn’t help but giggle a bit. The post Why Tech Supply Chains, Not Protocols, Set the Limits on AI and the Internet appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Once upon a time, digital systems were built around a beautifully simple idea: one user, one identity, one device, one intent. That model worked, for some value of "worked." Mostly, it was good enough to solve 80% of the use cases. The post Delegation in a Multi-Actor World: It’s Not Just OAuth Anymore appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Most digital systems were built around a simple model: one user, one identity, one device, one intent. If you need more than that, that's what password sharing is for, right? (Note: that was sarcasm.) Who needs delegation? Reality, which has definitely included sharing passwords, has always been messier. The post Acting on Behalf of Others: Delegation, Consent, and Messy Reality appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
When we talk about introspection in digital identity, we’re not just talking about what happens in OAuth 2.0. Yes, there’s a token introspection spec, but this post is about something broader: the idea that platforms—especially browsers—can inspect and influence the identity data being exchanged. Is that a good thing? Apple and Google disagree on just Continue Reading The post Is Introspection a Bug or a Feature? appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
One of the areas I’m tracking from my usual standards’ perspective is how we set up guardrails for AI—how we contain its risks while still allowing the world to benefit from its utility. This challenge provides an excellent case study in the limitations of technical standards and where policy must step in to complement them. Continue Reading The post The Boundaries Between Standards and Policy: AI Training as a Case Study appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
tl;dr: Traditional identity federation has enabled digital identity with centralized, third-party logins, for decades. Its limitations in security and user control, however, are becoming a problem, especially when there are alternatives being developed. Digital credentials offer a decentralized, user-empowering alternative that enhances privacy and enables offline authentication. We’re looking at a brave new world with Continue Reading The post Digital Credentials vs. Traditional Federation...| Spherical Cow Consulting
Imagine being able to prove you’re old enough to buy a drink without flashing your ID—or proving you have insurance without handing over your policy details. Sounds like magic? It’s just math. Zero-Knowledge Proofs (ZKPs) might be the biggest leap for privacy since encryption, but they also come with serious challenges. Let’s talk about the Continue Reading The post Zero-Knowledge Proofs: Privacy, Innovation, and Equity appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Agentic AI is changing authentication faster than our identity models can keep up. We’ve built systems assuming users are human, but what happens when an AI agent, not the user, needs to authenticate on their behalf? Our current identity frameworks weren’t designed for this, and the gaps are starting to show. 🎙 Audio Blog If Continue Reading The post Agentic AI and Authentication: Exploring Some Unanswered Questions appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The post discusses the critical role of standards development in shaping modern technology and emphasizes the importance of early organizational engagement. Referencing an NSA/CISA report, it argues that participating in standards not only offers organizations influence and insights into technological trends but also drives innovation and ensures representation of their needs. The writer encourages businesses to engage actively to mitigate the risk of competing interests dominating discussion...| Spherical Cow Consulting
Academia is facing challenges in managing non-human identities (NHIs), which are essential for modern research systems but often treated like human users. As NHIs grow in complexity, issues like token sprawl, access management misalignments, and compliance difficulties arise, especially in collaborative environments like high-performance computing. Traditional directories fail to manage these identities effectively due to their static assumptions and lack of context. To improve NHI management...| Spherical Cow Consulting
Digital identity wallets are crucial digital tools that should not be merely viewed as apps or tied only to government guidelines. Essential questions about their operation and interoperability remain. The EU's Digital Identity Architecture Reference Framework (ARF) provides guidance but lacks implementation specifics. Open-source initiatives like the Open Wallet Foundation offer valuable resources, including a Wallet Safety Guide, yet still do not address all protocol details needed for inte...| Spherical Cow Consulting
The post discusses the importance of trust frameworks in federated identity management, emphasizing the need for operationalization and sustainability. Although trust frameworks define the rules for interoperability among organizations, the challenge lies in funding and resources. Many federations are underfunded and struggle to implement these frameworks effectively, leading to reliance on outdated systems. The author argues that successful operationalization requires governance and support ...| Spherical Cow Consulting
The journey of developing Internet standards is a complex yet fascinating process that combines personal creativity with collective teamwork. It begins with identifying a problem and brainstorming solutions, often involving multiple stakeholders to create a consensus. This requires navigating various interests within diverse Standards Development Organizations (SDOs), which may range from treaty-based to industry-based groups. Engaging a broad audience is vital for adoption, ensuring the stan...| Spherical Cow Consulting
Cryptography secures communications through various algorithms, which the general public need not understand. The U.S. Federal Information Processing Standard (FIPS) 140 specifies security requirements for cryptographic modules, with the latest version, FIPS 140-3, aligning with international standards. This standard is crucial for federal cybersecurity and influences broader industry practices. The Cryptographic Module Validation Program (CVMP) verifies that cryptographic modules meet these ...| Spherical Cow Consulting
Privacy-Enhancing Technologies (PETs) are essential for safeguarding digital identities amidst increasing data breaches. They encompass tools like zero-knowledge proofs and advanced biometrics to secure both human and non-human identities in the digital space. As digital identity expands to include non-human entities, PETs are vital for ensuring privacy and security. Zero-knowledge proofs (ZKPs) emerge as a game-changer, allowing for verification without revealing sensitive data. While challe...| Spherical Cow Consulting
The EU's Digital Identity Architecture Reference Framework (ARF) offers a starting point for digital wallets. It aims to support user control over personal data while meeting legal and cybersecurity requirements. But to get there from here, you need to know what you don't know: the functional and non-functional requirements, along with interfaces and integration points for digital identity wallets. The post The EU Digital Identity Architecture Reference Framework – How to Get There From Her...| Spherical Cow Consulting
This is the transcript to my YouTube explainer video on why privacy and personalization are so hard to balance. Likes and subscriptions are always welcome! The post Privacy and Personalization on the Web: Striking the Balance appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The blog post discusses Federated Identity and Self-Sovereign Identity (SSI), comparing the two architectures. Functionally, there's a lot in common. Technically, not so much. Read on to learn more! The post Federated Identity and SSI – YMMV appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Authorization is growing as the next big thing. I want to understand why, and writing about it is how I get there from here. The post Authorization – the Next Big Thing appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
There is more to communication than just the correct use of words, phrases, and clauses. Let's look at some of the communication skills that don't get enough attention. The post Communication as a Critical Business Skill appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
For the last three months, I’ve been working on a white paper, “Government-issued Credentials and the Privacy Landscape.” This paper aims to inspire thought and provoke useful conversations about enhancing online privacy between people setting privacy laws and regulations and people writing technical standards. The paper is still a Work In Progress, though realistically speaking, Continue Reading The post Navigating the Intersection of Privacy Laws and Technical Standards appeared first...| Spherical Cow Consulting
Last week, I talked about a few of the challenges with the language around privacy. That kicked off an excellent conversation on social media and via email. It also made me think about another topic that I find challenging to talk about: biometrics. Dictionary.com defines biometrics as: the process by which a person’s unique physical and Continue Reading The post Bemused about Biometrics appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Privacy is a particularly thorny topic. The concept is always contextually defined, and it does not get easier when different concepts—anonymity, confidentiality, secrecy, and security—are regularly conflated with privacy. Read on... The post Pedantic About Privacy appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The Great Myth of Job Portability The news these days is full of announcements about massive layoffs. There are stories about the people left “holding the bag” at companies that are, by all reports, purely toxic workplaces. I’ve seen the sentiment, “why would _anyone_ stay there? They should all quit! That’ll show those horrible bosses Continue Reading The post “Why don’t they just quit?” appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Over the last few weeks, I’ve been exploring social media in entirely new ways. I’ve learned a few things along the way: 1) I have a long way to go to use hashtags effectively, 2) my video processing skills are laughable, 3) I feel ridiculous on TikTok. So, why am I spending so much time Continue Reading The post Embracing the Uncomfortable appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
I am good at a lot of things when it comes to my career. I’m good at developing adaptive processes, managing people, and organizing activities. That said, I’m not good at creating formal, strict processes, working alone, visual design, or operational task management. I can’t begin to tell you how powerful it is to finally Continue Reading The post You Don’t Have To Be Good At Everything appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Being a freelancer, while not for everyone, is my idea of a fantastic career. I get to build my ideal job. I get to see the big picture across organizations and even entire industries. I get to interact with some of the most brilliant people on the planet. But to have room for all of Continue Reading The post Be Brave. Say No. appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The Internet requires so many different types of people and roles in order to function. As much as people tend to assume degrees in computer science or experience as a software developer, that’s just some of what you might find in the Internet ecosystem. To explore the roles that are out there now, I’ve been […]| Spherical Cow Consulting
When not distracted by AI (which, you have to admit, is very distracting) I’ve been thinking a lot about delegation in digital identity. We have the tools that allow administrators or individuals grant specific permissions to applications and service. In theory, it’s a clean model. The post Delegation and Consent: Who Actually Benefits? appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
What do pirates and librarians teach us about standards development? More than you’d think—especially when it comes to leadership.| Spherical Cow Consulting
Google recently gave us something we’ve been waiting on for years: hard numbers on how much energy an AI prompt uses. According to their report, the median Gemini prompt consumes just 0.24 watt-hours of electricity — roughly running a microwave for a second — along with some drops of water for cooling. The post Who Really Pays When AI Agents Run Wild? Incentives, Identity, and the Hidden Bill appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Access models were built with people in mind. I’ve seen how creaky they get when the ‘user’ is an AI agent. Suddenly, those dusty old entitlements look very shaky. #AI #authorization| Spherical Cow Consulting
We don’t spend much time thinking about the roads we drive on—until one cracks, collapses, or dumps us somewhere we didn’t mean to be. Identity in the age of agentic AI? Same deal. It’s infrastructure. Like a good road, it needs to be ready for traffic we can’t imagine. The post Roads, Robots, and Responsibility: Why Agentic AI Needs Identity Infrastructure appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
This one’s for everyone who’s ever said, "I’m not technical enough to participate in standards development." If you’ve wondered what working group chair skills actually matter, I have news for you: you don’t need to be a spec-writing wizard to be effective. I do get it, though. The post Working Group Chair Skills: Standards Work Isn’t Just for Coders appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
If you want to follow what's happening in AI, it helps to know where the conversations are happening. That doesn't just mean the headlines and white papers; it means the standards bodies, working groups, and protocol discussions shaping the infrastructure AI systems will have to live with (and live inside). The post Agentic AI in the Open Standards Community: Standards Work or Just Hype? appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Disinformation. Misinformation. Malinformation. These terms get used interchangeably, but they’re not the same thing. That distinction matters when designing resilient infrastructure that supports trust. Most of our efforts to address these problems focus on content, activities like fact-checking, moderation, and takedown requests.| Spherical Cow Consulting
I went to WSIS+20 to hear what is and isn’t said about identity and standards when governance is discussed.| Spherical Cow Consulting
Is the digital identity wallet metaphor helping or hurting adoption? A look at where the term breaks down and what might work better.| Spherical Cow Consulting
Digital identity isn’t one-size-fits-all. Explore why trust frameworks must reflect cultural context and start with more inclusive standards.| Spherical Cow Consulting
Explores mDL “phone home” verification and how privacy, fraud, and risk influence digital credential standards development.| Spherical Cow Consulting
Most identity standards assume stability, but what happens when trust breaks down? Let's explore what resilience looks like.| Spherical Cow Consulting
Open standards are the backbone of interoperable digital identity. Here's what that really means and why the details matter more than ever.| Spherical Cow Consulting
Governance in decentralization is often the real blocker—not technology. Learn how trust structures decide whether systems succeed or stall.| Spherical Cow Consulting
Centralization vs decentralization isn’t about tech, it's about incentives. What if success looked more distributed?| Spherical Cow Consulting
Centralized vs decentralized? The smartest architectures can shift. Learn why flexibility is key to resilient system and identity design.| Spherical Cow Consulting
Read my rant about the challenges faced by identity federations and their relevance to the world of wallets.| Spherical Cow Consulting
Discover how AI is revolutionizing digital identity security, enhancing online safety, and addressing new challenges in today's digital world.| Spherical Cow Consulting
The long-term scalability of digital attestation and verification is a huge problem for IAM that needs attention. Let's talk about it.| Spherical Cow Consulting
Explore how FedCM tackles the challenge of maintaining federated authentication and why it’s crucial to focus on practical implementation.| Spherical Cow Consulting
Learn about the looming threat of quantum cryptography and its impact on Internet security. Will our digital world be left vulnerable?| Spherical Cow Consulting
While watching the recent TV adaptation of Shogun last week, I had to pause to jot down a Profound Quote. It doesn’t happen often, but every now and then I read (or hear) something that inspires me, or reflects my view of the world, or otherwise makes me want to remember it.| foldedspace
Dive into the world of non-human identities, uncovering the challenges and standards shaping the future of digital authorization.| Spherical Cow Consulting
Ten years ago, Kim and I enjoyed a date night at a restaurant on Portland’s south waterfront. I don’t remember the restaurant and I don’t remember the meal. What I do remember is this.| foldedspace
I had an awesome experience Sunday night into Monday morning. When I saw the data for Makeover Monday I immediately saw it as a chance to learn something new. I’m constantly in awe of Rody, Adam, and Ken for the things they do with curves inside Tableau, and for this set of data, I wanted to do an arc chart […]| Sons of Hierarchies
This blog post provides an overview of the verifiable credentials landscape, helping you to understand formats, protocols & the tech used.| Spherical Cow Consulting
