Identity & Access Management has long had the seriously egocentric tendency to focus on identity only, itself. After, it’s called “I am” for a reason. As a result, identity challenges have been addressed extremely well. True, some areas are still being worked on (e.g. identity proofing) but overall, the industry has gotten a good grasp on identity. However, identity is only part of the equation. If you look across to the other side, you’ll notice there’s an entire field that deals with applications, data, and their access. In between? A chasm. To go across, one lonesome, mysterious, and feared bridge of Death authorization. Authorization, in its many flavors, attempts to bridge the divide between identity and access (application, functions, data). This talk will cover the standards’ and the industry’s latest efforts in our aim to address that gap, from ABAC and the tried-and-true XACML to more recent innovations such as Open Policy Agent, OAuth 2.0’s Rich Authorization Requests, the Grant Negotiation and Authorization Protocol (GNAP), or the JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants. The talk will help you navigate the treacherous waters of identity standards and understand which path to go down, when, and for what purpose. So, as we embark on this journey, might I ask what your favorite color is?