Identity at the Center #48 - Eve Maler, IAM UMAnitarian
Jun 15, 2020
In this conversation, Eve Maler, CTO at ForgeRock and founder of the User-Managed Access (UMA) workgroup, delves into the evolution of identity standards. She critiques the hype around blockchain identity and discusses the rise of consent failures, urging a rethinking of consent models. Eve also shares insights from the ForgeRock 2020 Consumer Identity Breach Report, linking breach costs to digital transformation trends. Plus, she previews her upcoming panel at Identiverse on next-gen authorization. Get ready for a fascinating journey through the IAM landscape!
AI Snips
Chapters
Transcript
Episode notes
How Eve Entered IAM
- Eve recounts being pulled into IAM at Sun and helping form the OASIS security services committee that produced SAML.
- She earned the nickname "XML girl" while defining XML and later chaired the SAML effort in 2000–2001.
Consent Is Fundamentally Broken
- Current consent models give consent seekers the upper hand and rarely allow true negotiation or easy revocation.
- Eve argues consent-as-we-know-it is failing and needs rethinking toward user-controlled licensing or delegation.
Put Users In Control Of Consent
- Rethink authorization flows to put people in charge and make consent revocable and negotiable.
- Consider UMA-like delegation or right-to-use licensing rather than one-off opt-ins.