If you have software running, you have a workload—whether at the edge, deep in the cloud, or across multiple clouds. Managing runtime access for these workloads is key to deploying least privilege policies. However, controlling access starts with identifying workloads and assigning them identifiers and credentials.

This task quickly becomes overwhelming due to the sheer number of workloads, their rapid growth, fragmented deployment environments, and the diverse tools required. These challenges are compounded by the emergence of advanced persistent threat actors and a widespread skills shortage in the identity industry.

Standards are critical to addressing these challenges. They enable scalable solutions, interoperability across fragmented environments, robust security reviews, and the encapsulation of expert knowledge for widespread benefit.

This session explores existing standards and highlights promising developments from the OAuth and newly chartered WIMSE working groups at the IETF. We’ll also examine how they build upon and extend the work of SPIFFE, a Cloud Native Computing Foundation project.