Identity at the Center

In this episode of Identity at the Center, hosts Jeff and Jim dive into the details of the Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP), with special guest Atul Tulshibagwale, the CTO of Signal. The trio discusses the complexities and applications of these identity security standards, recent adoption by major tech companies, and how they are transforming the approach towards identity and access management. Atul also shares exciting news about Signal's impending acquisition by CrowdStrike and reflects on a recent safari trip in Kenya. Tune in to learn about the evolution of identity security and the future of SSF and CAEP.

Connect with Atul: https://www.linkedin.com/in/tulshi/
Learn more about the Artificial Intelligence Identity Management Community Group: https://openid.net/cg/artificial-intelligence-identity-management-community-group/
Learn more about SSF and CAEP:
https://openid.net/how-authzen-and-shared-signals-caep-complement-each-other/
https://sgnl.ai/whitepaper/caep-best-practices/
https://caep.dev/
https://youtu.be/qakOw0g2mZ8?si=p8z9imn7x-HhLdcV
https://www.youtube.com/live/e64YiAmGmf4?si=QPKDg2Jm9oSZmbhZ
http://sharedsignals.guide/

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps:
00:00 Introduction and Episode Milestone
00:17 Challenges with Installing Molt Bot
02:32 MoltBook and AI Agents
03:21 Jim's Perspective on AI Assistants
09:24 Conferences and Networking
10:10 Introduction to Shared Signals and CAEP
13:03 CrowdStrike Acquisition of Signal
14:03 AI Identity Management Community
16:59 Shared Signals Framework and CAEP Explained
30:03 Final Version of CAEP and Shared Signals Released
30:35 Adoption by Major Technology Providers
32:49 Benefits of Implementing Shared Signals
36:32 Future of SSF and CAEP
40:51 Certification Program for Shared Signals
52:48 Real-World Safari Adventure
01:00:34 Conclusion and Final Thoughts

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Atul Tulshibagwale, Shared Signals Framework, SSF, CAEP, Continuous Access Evaluation Profile, OpenID Foundation, CrowdStrike, SGNL AI Identity, Agentic Identity, AuthZEN, Risk, Identity Security, IAM, Podcast

This episode is sponsored by PlainID. Visit plainid.com/idac to learn more.
In this sponsored episode, Jim McDonald and Jeff Steadman talk with Gal Helemski, CTO and co-founder of PlainID, about the evolving landscape of authorization. The conversation covers the transition from traditional roles and attributes to a modern policy-based access control (PBAC) approach. Gal explains how PlainID helps organizations centralize authorization logic, improve security posture, and simplify the management of access across complex hybrid and multi-cloud environments. The discussion also touches on the importance of visibility into who has access to what and the role of standards like Cedar and Rego in the future of authorization.

Connect with Gal: https://www.linkedin.com/in/gal-helemski-b9542231/Learn more about PlainID: plainid.com/idac
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at idacpodcast.com

Timestamps:
00:00 Introduction to the Sponsor Spotlight
02:15 Meet Gal Helemski from PlainID
05:30 The shift from RBAC to PBAC
10:45 Challenges with traditional authorization methods
15:20 How PlainID centralizes authorization logic
22:10 Integrating with existing identity providers
28:45 The role of visibility and auditing in authorization
35:30 Discussion on authorization standards: Cedar and Rego
42:15 Future trends in identity and access management
50:00 Final thoughts and where to learn more

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, PlainID, Authorization, Policy-Based Access Control, PBAC, RBAC, Cybersecurity, IAM, Access Management, Gal Helemski, Identity Security

In this milestone episode of Identity at the Center, Jeff and Jim celebrate 400 episodes and reflect on their journey over the past six and a half years. They discuss the podcast’s evolution, from its early days focusing on strategy and framework to recent themes like cloud identity, governance, and AI-driven technologies. Jim shares his New Year's resolution of writing a book about identity, blending practitioner stories with educational elements, and utilizing AI tools. The duo also highlights significant trends in identity and access management, including frictionless authentication and privilege access management. They look forward to the future of identity within an AI-driven landscape, urging listeners to adapt to technological advancements. Tune in for insights, reflections, and their plans for continuing to grow the podcast.

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps
00:00 Welcome and Milestone Celebration00:44 Reflecting on the Podcast Journey01:27 Jim's New Year's Resolution: Writing a Book05:16 Using AI in the Writing Process09:34 Podcast Growth and Listener Support13:08 Remembering Luis Almeida16:59 Conference Highlights and Discount Codes19:05 Lessons Learned from Podcasting29:01 The Evolution of the Podcast36:01 Pandemic Disruptions and Podcast Challenges36:30 Funny Moments and Swearing on the Show37:24 Identity Management Trends in 202039:20 Cloud Identity and Certifications in 202141:54 Governance and Compliance in 202244:23 Security Convergence and Milestones in 202351:07 Privilege Access Management in 202455:15 Frictionless Authentication in 202558:20 AI and the Future of Identity in 202601:09:00 Reflections and Gratitude

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, podcast, cybersecurity, digital identity, AI, agentic identity, PAM, IGA, cloud security, passkeys, professional development, IDPro, identity governance

Jim McDonald is joined by Jeff Margolies, Chief Product and Strategy Officer at Saviynt, to discuss the intersection of artificial intelligence and identity security. Jeff shares his decades of experience in the industry, from building the IAM practice at Accenture to his current leadership role at Saviynt. The conversation covers how AI is making manually intensive identity tasks more efficient, the emergence of Identity Security Posture Management (ISPM), and the critical need to govern identities for AI agents. Jeff also provides his perspective on the future of the identity practitioner and why he remains an optimist in a rapidly changing technological landscape.

Connect with Jeff Margolies on LinkedIn: https://www.linkedin.com/in/jmargolies/

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps:
00:00:00 - Introduction and Gartner Identity Conference Recap
00:02:11 - Jeff Margolies' Career Journey in Identity and Security
00:04:36 - Returning to Identity and Joining Saviynt
00:06:13 - How AI is Impacting Identity Security and Governance
00:09:56 - The Future of Identity Services in an AI World
00:13:58 - Will AI Disrupt the SaaS Model for Identity?
00:19:50 - The Impact of AI on the Identity Practitioner Job Market
00:26:16 - Identity for AI: Governing Agents and Delegated Authority
00:32:00 - Combating Deepfakes and Proving What is Real
00:34:40 - The Rise of Identity Security Posture Management (ISPM)
00:41:46 - Comparing Posture Management and ITDR
00:44:17 - Advice for CISOs: Why Posture Should Come First
00:49:35 - The Secret to Saviynt's Success and Future Outlook
00:52:19 - Lighter Note: Why Jeff Chose a Tesla for His Daughter

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Jeff Margolies, Saviynt, IAM, Identity and Access Management, AI, Artificial Intelligence, ISPM, ITDR, Cybersecurity, Identity Governance, SaaS, IGA

In this episode, Jim McDonald welcomes back Martin Kuppinger, Principal Analyst at KuppingerCole, to discuss the rapidly evolving landscape of identity in 2026. With Jeff Steadman away, Jim and Martin dive deep into the intellectual challenges posed by AI agents and the limitations of traditional non-human identity frameworks. Martin explains why organizations are feeling a sense of disillusionment with AI and how a capability-based identity fabric approach can help manage the complexity. They also explore the balance between security and business enablement, the rise of workload identities, and what to expect at the upcoming European Identity and Cloud Conference (EIC) in Berlin.

Connect with Martin: https://www.linkedin.com/in/martinkuppinger/
KuppingerCole: https://www.kuppingercole.com
European Identity and Cloud Conference (EIC) (don’t forget to use our discount code idac25mko): https://www.kuppingercole.com/events/eic2026

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps
00:00 - Welcome back to 2026 and EIC preparations
02:48 - The shift from future potential to current AI agent challenges
03:12 - Understanding AI disillusionment and the lack of control in regulated industries
05:19 - Security as a business enabler vs progress prevention
09:55 - Why AI agents should not be classified simply as non-human identities
11:43 - Complex relationships between humans, agents, and delegated tasks
15:17 - Self-service identity for knowledge workers and AI productivity
18:40 - The risks of decentralized agent creation and "shadow" AI
21:58 - How AI is being baked into identity products beyond role mining
26:55 - Using usage data to reduce over-entitlements
34:10 - The Identity Fabric: A capability-based approach to IAM
40:33 - Vendor rationalization and the flexibility of the fabric
47:19 - Previewing EIC 2026 topics: Wallet initiatives and consent
52:44 - Final advice: Curing symptoms vs addressing causes

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Kuppinger, KuppingerCole, IAM, AI Agents, Identity Fabric, EIC 2026, Non-Human Identity, Workload Identity, ITDR, IGA, Cybersecurity