Once upon a time, digital systems were built around a beautifully simple idea: one user, one identity, one device, one intent. That model worked, for some value of "worked." Mostly, it was good enough to solve 80% of the use cases. The post Delegation in a Multi-Actor World: It’s Not Just OAuth Anymore appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
MCP is 'an open protocol that standardizes how applications provide context to LLMs.' If we’re moving toward a world where AIs are expected to do All The Things, interfacing with our applications and services, then having a universal adapter that lets AIs talk to everything is undeniably powerful. The post The MCP Bandwagon appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Not that long ago, non-human identities (NHIs) were governed by neglect; provisioned manually, tied to a cron job or batch script, maybe mentioned in a change ticket, and rarely touched again. No formal lifecycle, no regular reviews, and certainly no clear ownership. If you remembered to rotate the password once a year, you were ahead Continue Reading The post Who Owns the Bots? Rethinking Governance for Non-Human Identities appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
tl;dr: Traditional identity federation has enabled digital identity with centralized, third-party logins, for decades. Its limitations in security and user control, however, are becoming a problem, especially when there are alternatives being developed. Digital credentials offer a decentralized, user-empowering alternative that enhances privacy and enables offline authentication. We’re looking at a brave new world with Continue Reading The post Digital Credentials vs. Traditional Federation...| Spherical Cow Consulting
What if fraud prevention was, you know, a shared effort? That’s where the Shared Signals Framework (SSF) comes in! The idea behind shared signals is simple: instead of each company detecting threats on its own, organizations (or systems within an organization) can share security events—like compromised credentials or suspicious logins—in real-time. The SSF, developed by Continue Reading The post Shared Signals: Who Pays the Price for Stronger Identity? appeared first on Spherical Cow Co...| Spherical Cow Consulting
The irony with urgently questioning how to tell whether something is an AI or a person is the fact that we’re struggling just as much to distinguish humans from… well, other humans. This is, in fact, not a new problem at all. After writing about the AI vs Human issue in a previous post, I’m Continue Reading The post What AI Agents Can Teach Us About Fraud in Consumer Identity appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Imagine being able to prove you’re old enough to buy a drink without flashing your ID—or proving you have insurance without handing over your policy details. Sounds like magic? It’s just math. Zero-Knowledge Proofs (ZKPs) might be the biggest leap for privacy since encryption, but they also come with serious challenges. Let’s talk about the Continue Reading The post Zero-Knowledge Proofs: Privacy, Innovation, and Equity appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
I’ve been saying that to follow what’s happening in NHI standards, some of the core work you need to follow is happening in the IETF: SPICE, WIMSE, and SCITT. Everybody loves WIMSE with its workload identity architecture, and building the credential format in SPICE that can meet the needs of NHIs is of course brilliant Continue Reading The post Securing the Software Supply Chain: How SCITT, SPIFFE, and WIMSE Work Together appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
This post advocates for joining IDPro®, a professional association focused on digital identity management. It emphasizes that all organizations with a digital presence are, in essence, technology companies managing complex identity-related systems. IDPro provides crucial resources, including a vendor-neutral Body of Knowledge, CIDPRO® certification, and a vibrant community for practitioners to share ideas and best practices. Membership not only supports individual professional growth but al...| Spherical Cow Consulting
The EU's Digital Identity Architecture Reference Framework (ARF) offers a starting point for digital wallets. It aims to support user control over personal data while meeting legal and cybersecurity requirements. But to get there from here, you need to know what you don't know: the functional and non-functional requirements, along with interfaces and integration points for digital identity wallets. The post The EU Digital Identity Architecture Reference Framework – How to Get There From Her...| Spherical Cow Consulting
In a digital age where the management of identity wallets and credentials is becoming increasingly complex, the W3C's Web Incubator Community Group (WICG) has initiated a pivotal work item called Digital Credentials. As co-chair of the newly formed Federated Identity Working Group alongside Wendy Seltzer, I delve into why this project may (or may not!) soon find a permanent home within our group. This post explores the dance between digital identity, browser behavior, and the broader ecosyste...| Spherical Cow Consulting
Browser vendors are replacing third-party cookies for authentication services on the web. Learn more about what that means in this latest transcript of my YouTube channel! The post elaborates on the W3C's role in standardizing web functionality, introduces the Federated Credential Manager (FedCM) as a privacy-enhancing API, and mentions other initiatives by major tech companies. Organizations need to be proactive in shaping the future of web privacy so we can collectively create a more secure...| Spherical Cow Consulting
Moving towards a passwordless future is crucial for cybersecurity. So many high-profile breaches highlight the vulnerability of relying on passwords. Embracing passkeys, digital credentials tied to user accounts, and applications, offers a more secure and user-friendly alternative. Organizations should advocate for enhanced security, cost savings, and smoother user experience. In the meantime, implementing multi-factor authentication (MFA) can mitigate risks associated with passwords. Transit...| Spherical Cow Consulting
Self-Sovereign Identity (SSI) is a system architecture guiding tech choices, not a software or service. It prioritizes the individual, allowing them to control their own information. Blockchain technology, as a decentralized database with data spread across nodes, seems a fit for SSI as it ensures accuracy and security. However, it has limitations like being computationally expensive and complex. Various alternatives like Decentralized Identifiers (DIDs) and OpenID for Verifiable Credentials ...| Spherical Cow Consulting
The blog post discusses Federated Identity and Self-Sovereign Identity (SSI), comparing the two architectures. Functionally, there's a lot in common. Technically, not so much. Read on to learn more! The post Federated Identity and SSI – YMMV appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The W3C is becoming more involved in the digital identity credential and wallet space due to the growing use of web browsers for various digital activities. This involvement includes addressing how browsers interact with identity wallets. An incubation effort is taking place within the Web Incubator Community Group (WICG) to investigate these issues and establish standards. The post Standards, Browsers, and Identity Wallets appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
(Spoiler Alert: the answer might be “both”!) This is a slightly technical article trying to capture how two different types of authentication mechanisms, federated login and passkeys, compare. Despite how similar they might look to the user because of the design of the login page, they are ultimately quite different things! When websites require you Continue Reading The post Comparing Federated Logins and Passkeys: Which One Fits Your Needs? appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Authorization is growing as the next big thing. I want to understand why, and writing about it is how I get there from here. The post Authorization – the Next Big Thing appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The technology that supports digital identity is like magic. A quick scan of your face and you can open your phone or get on a plane. But what happens when the promise of technology falls short for significant segments of the population? This is top of mind because of the newly proposed NIST 800-63 rev 4 Continue Reading The post NIST 800-63-4 and Equity appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
Your brain is a beautiful thing. Your brain after dealing with digital identity for a few years might need therapy. The post This Is Your Brain On Identity appeared first on Spherical Cow Consulting.| Spherical Cow Consulting
The Internet requires so many different types of people and roles in order to function. As much as people tend to assume degrees in computer science or experience as a software developer, that’s just some of what you might find in the Internet ecosystem. To explore the roles that are out there now, I’ve been […]| Spherical Cow Consulting
Is the digital identity wallet metaphor helping or hurting adoption? A look at where the term breaks down and what might work better.| Spherical Cow Consulting
Navigate the tension between identity standards and reality in CIAM and the gap between aspiration and execution.| Spherical Cow Consulting
Understand the competing terminology of digital credentials, verifiable credentials, and verifiable digital credentials.| Spherical Cow Consulting
Get a better understanding of Non-Human Identities (NHI) and how they differ from human identities. NHI require more from IAM.| Spherical Cow Consulting
Discover how AI is revolutionizing digital identity security, enhancing online safety, and addressing new challenges in today's digital world.| Spherical Cow Consulting
Multi-factor authentication (MFA) has evolved since the 1980s; read on to learn more about the better choices available!| Spherical Cow Consulting
Which digital credential format is best? Compare mdoc, Verifiable Credentials, and others for security, adoption, and real-world use cases.| Spherical Cow Consulting
