Early-bird Discount
expires in
Register Now

Agenda

Panel: OpenID AuthZEN: Standards for Modern Authorization

Panel: OpenID AuthZEN: Standards for Modern Authorization

Combined Session
Wednesday, June 05, 2024 18:10—18:30
Location: A 03-04
Watch the video

Sign-on standards, such as SAML and OpenID Connect (OIDC), have paved the way for an interoperable identity fabric that has propelled the industry forward. It’s time for authorization to have its “OIDC moment.”


Over the past few years, we’ve seen the rise of a new architectural pattern - externalizing authorization logic out of applications, and treating it as a separate concern. Google, Netflix, Airbnb, Carta, Intuit, and others have shared their experiences around how they’ve built their internal authorization systems, helping seed a growing movement around modern authorization.

Most organizations, however, don’t have the luxury of building these systems from scratch. Fortunately, a new generation of authorization vendors have created innovative solutions that promise to democratize modern authorization. With that said, each of these solutions defines its own APIs. In much the same way identity standards such as OIDC brought about “single sign-on for the web”, authorization standards promise to reduce barriers to adoption, increase reusability, and mitigate risk for organizations that want to take advantage of this innovation.

To get this off the ground, a group of authorization practitioners and vendors, including those represented on this panel, submitted a charter proposal to the OpenID Foundation for the establishment of the AuthZEN working group. The charter was accepted shortly after IIW 37 in October 2023. Since then, the group has been developing use cases, cataloging authorization patterns, and drafting proposals such as an interop spec for a PEP-PDP protocol. These efforts will unify a set of disparate ecosystems into a larger authorization community, which will create a rising tide for the industry at large.

Join us to discuss the current state of modern authorization. We’ll also describe the progress we’ve made defining authorization patterns, documenting use-cases and how best to accomplish them, and reviewing the interoperability standards we have drafted.

Alexandre Babeanu
CTO
3Edges
Alex has been involved in Graphs and Graph databases for Identity and Access Management for almost 10 years. As a graph-certified and IAM-accredited consultant, he has implemented solutions for...
David Brossard
Chief Technology Officer
Axiomatics AB
In his role as CTO, David drives the technology vision and strategy for Axiomatics based on both identity and access management (IAM) market trends as well as customer feedback. He also leads the...
Gert Drapers
Co-founder & CTO
Aserto
Gert Drapers is the co-founder and CTO of Aserto.com, leading technology implementation and strategy. A widely recognized expert in the data and developer space, Gert has built and operated various...
Ian Glazer
Founder
Weave Identity
Ian Glazer is an accomplished IT Thought Leader and Product Management Executive with extensive experience in identity management, privacy, compliance, and access governance. He is a strategic...
Eve Maler
Digital identity futurist and strategist
Venn Factory
Eve is a globally recognized pioneer in identity and access management and standards, with roots in semi-structured data modeling and the API economy and a passion for fostering successful...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch