Attendee Info & Inquiries
Identity systems have traditionally focused on a relatively straightforward task: determine whether someone should have access to something.
The mechanisms became more sophisticated over time — federation, adaptive authentication, risk signals, privileged access controls — but the underlying model remained familiar. A person requested access. A system evaluated policy. A decision was made.
Modern digital environments are making that model harder to sustain.
Today, authorization decisions increasingly involve delegated actors, interconnected ecosystems, automated systems, and a continuously changing context. Access decisions no longer happen at a single point in time, and authority is often exercised indirectly through APIs, services, and AI-driven workflows.
The challenge is no longer simply authenticating users. It is maintaining meaningful control over how authority flows through complex systems.
That tension is clear throughout this year’s Identiverse program.
Control is becoming contextual
For many years, organizations attempted to simplify authorization using stable models:
- role-based access
- centralized identity providers
- static trust relationships
- predictable session boundaries
Those assumptions are becoming harder to maintain.
Users move across devices, organizations, and applications continuously. Services interact dynamically with other services. AI systems increasingly operate with delegated authority. And modern business processes rarely remain confined to a single organizational boundary.
As a result, identity systems are shifting from static control models toward approaches that rely more heavily on context, signals, and ongoing evaluation.
Several sessions at Identiverse this year explore what that transition looks like in practice.
Sessions to watch for
Delegation has always existed in identity systems, but modern digital ecosystems are making those relationships more complicated. This session explores how authorization models evolve when authority must move across organizations, services, and users.
Identity is increasingly evaluated continuously rather than at login alone. This session examines how signals, context, and behavioral information shape modern trust decisions.
Continuous authorization sounds elegant until policies begin accumulating exceptions, edge cases, and overlapping logic. This session explores the operational realities behind dynamic access control.
Single sign-on transformed usability and federation, but growing concerns around risk concentration and trust assumptions are pushing organizations to reconsider where and how trust should be distributed.
Traditional authorization models often assume relatively predictable behavior. AI systems challenge those assumptions by interacting with information differently from how human users do.
Regulation increasingly shapes identity architecture. This session explores how emerging regulatory expectations may affect governance, accountability, and operational controls.
Delegation changes system boundaries
One of the more interesting themes across these sessions is that delegation is forcing organizations to rethink where system boundaries actually exist.
Historically, identity systems often assumed that authority stayed relatively contained within an enterprise environment. Even federation models generally operated within clearly defined trust relationships.
Modern architectures are different.
Today, authority frequently moves between organizations, APIs, cloud services, automated systems, and AI-driven processes. Decisions made in one environment may have consequences in another. Authorization becomes less about a single system enforcing policy and more about coordinating trust across multiple layers.
This creates difficult questions:
- Who remains accountable when authority is delegated multiple times?
- How should organizations limit downstream behavior?
- What signals should influence trust decisions in real time?
- How do you revoke access in environments that continuously recombine services and permissions?
These are not purely technical problems. They are governance and business problems as well.
Standards alone are not enough
Another recurring theme is that protocols and standards can define mechanisms, but they do not automatically resolve questions of trust.
Two organizations may implement the same protocol and still make very different decisions about risk, delegation, or acceptable behavior.
That gap between technical interoperability and operational trust is becoming more visible as organizations deploy increasingly interconnected systems.
The industry is moving toward more dynamic models of authorization and identity orchestration, but those models also introduce greater complexity. More signals, more context, and more delegation can improve security and flexibility — but only if organizations can still reason about how decisions are being made.
Looking ahead
The identity industry has spent years improving authentication.
The next challenge may be learning how to govern authorization in environments where authority is increasingly distributed, contextual, and automated.
That shift does not eliminate the need for strong protocols or centralized controls. But it does mean organizations will need to think more carefully about how trust is established, delegated, monitored, and revoked over time.
The sessions in this track offer a useful window into how practitioners, architects, and standards participants are beginning to approach those questions.
And for executives and product leaders trying to understand where identity is heading next, these conversations are likely to become increasingly important.
