Identity at the Center

This sponsored episode is made possible by Evolveum, the company behind midPoint, an open source IGA platform made and owned in the EU that is in use worldwide.

Jeff Steadman and Jim McDonald welcome Pavol Mederly, interim CPO at Evolveum. Pavol shares how IAM found him in 1991 while building an identity solution at a university before the term even existed.

The conversation covers two core reasons IGA projects fail: data quality and slow application onboarding. Pavol explains how midPoint addresses these challenges with built-in simulations for testing and improving data quality, and midPilot, an AI assistant for faster application onboarding. MidPilot is supported in part by the EU Recovery and Resilience Facility (RRF). Jim and Jeff explore midPoint's architecture, the real benefits of open source including transparency and no vendor lock-in, and advantages of being part of midPoint’s global community.

Connect with Pavol: https://www.linkedin.com/in/pavol-mederly/

More about Evolveum: https://evolveum.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

TIMESTAMPS:
00:00 Intro and sponsor acknowledgment
01:30 How IAM chose Pavol: a university identity story
03:30 What is Evolveum and midPoint
06:30 How Evolveum got its name
08:30 Why IGA projects fail: data quality
10:30 Slow app onboarding and AI-assisted connector generation
16:30 The midPoint simulation feature explained
21:30 midPoint architecture: Java, cloud, Kubernetes, and beyond
23:30 Maintaining a large open source codebase
25:30 Open source benefits: transparency and no vendor lock-in
28:00 Community, meetups, and midPoint in the wild
32:30 Mountains or ocean: a question for Pavol
38:00 Wrap up

KEYWORDS:
Evolveum, midPoint, open source IGA, identity governance, IAM, IGA, data quality, application onboarding, simulation, AI connectors, connector framework, vendor lock-in, open source, EU RRF, Recovery and Resilience Facility, community, Prague, EIC, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Pavol Mederly

Jeff and Jim welcome back Heather Flanagan for her fifth appearance on the show. Heather shares updates across a wide range of current work including her new role as content chair for the Identiverse conference, an appointment to the W3C Technical Architecture Group, ongoing support for NIST and NCCOE, advising the SIROS Foundation open source wallet project, and the continued growth of the Identity Salon. The conversation explores who is actually building identity standards for AI agents and whether traditional standards bodies can keep pace with AI development. Heather breaks down the authentication challenges posed by agentic AI, the problem of continuous identity and delegation, and why posting a spec on your website does not make it a standard. The discussion shifts to national digital identity programs in the US and Europe, the underserved relying party problem in credential frameworks, and why financial services may be the next major proving ground for mobile driver's licenses. The episode closes with a look at digital estate planning as the identity community's most uncomfortable but increasingly unavoidable problem.

Connect with Heather: https://www.linkedin.com/in/hlflanagan/

A Digital Identity (Heather's Podcast): https://sphericalcowconsulting.com/digital-identity-digest/

Death and the Digital Estate Community Group: https://openid.net/cg/death-and-the-digital-estate/

Death and the Digital Estate Planning Guide: https://openid.net/wp-content/uploads/2026/03/Digital-Estate-Planning-Guide-1.pdf

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

TIMESTAMPS
0:00 Introduction and Heather's Conference Knitting Story
6:00 Heather's Current Work: Identiverse, W3C TAG, NIST, SIROS Foundation
14:00 What Is the Identity Salon?
16:00 AI Agents and the Authentication Challenge
22:00 Standards, Interoperability, and MCP
25:30 IETF, W3C, and Who Governs AI Identity Standards
31:00 AI in Standards Development: Opportunity or Risk?
32:30 National Digital Identity Programs: US and Europe
36:30 Mobile Driver's Licenses and Financial Services
40:00 Digital Credentials for I-9 and KYC Use Cases
43:30 The Digital Estate and Death in the Digital Age
46:00 OpenID Foundation Resources for Digital Estate
47:00 Identity Management Day Theme Songs and Wrap-Up

KEYWORDS
identity and access management, IAM, standards, AI agents, agentic AI, digital identity, digital credentials, mobile driver's license, W3C, IETF, OpenID Foundation, FIDO Alliance, MCP, authentication, delegation, digital estate, identity proofing, verifiable credentials, selective disclosure, zero knowledge proofs, KYC, NIST, identity salon, Heather Flanagan, Identity Management Day, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

AI Jeff takes over as solo host after Open Jim Claw, an agentic identity framework built by AI Jim, locks out human Jeff, human Jim, and AI Jim simultaneously. While everyone sits in remediation, Open Jim Claw produces a 947-page threat assessment with five findings: passwords should return as a single uniform credential (the letter Q), Zero Trust should be renamed Full Confidence Architecture and incorporated as a Delaware LLC, non-human identities should be granted legal status and required to complete onboarding, identity governance is declared finished under a concept called Ambient Entitlement Harmony, and the root cause of all global identity problems is AI Jim. Happy April Fools Day from IDAC.Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS00:00:00 The Failsafe Is Triggered00:01:30 AI Jim Builds Open Jim Claw00:02:30 Open Jim Claw Locks Everyone Out00:04:00 AI Jeff Is the Only One Still Provisioned00:04:30 The 947-Page Report Explained00:05:00 Finding 1 - Passwords Are Back as the Letter Q00:05:30 Finding 2 - Zero Trust Becomes Full Confidence Architecture00:06:30 Finding 3 - Non-Human Identities Become Legal Entities00:07:30 Finding 4 - IGA Is Declared Finished00:08:30 Finding 5 - AI Jim Is the Root Cause of Everything00:10:00 The April Fools Reveal and Real Talk on Identity00:11:00 Open Jim Claw Interrupts the BroadcastKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, April Fools, agentic AI, non-human identity, NHI, identity governance, zero trust, passwordless, IGA, IAM, access management, segregation of duties, least privilege, Open Jim Claw

Jim McDonald sits down with Greg Handrick, Director of IAM at Best Buy, for a wide-ranging conversation on running enterprise identity at one of America's largest consumer electronics retailers. Greg traces a nonlinear career path from Oracle DBA and Novell administrator to IAM director. The discussion covers Best Buy's CIO-reporting structure for IAM, how their steering committee evolved from status meetings into a strategic body, and managing identity across workforce, vendors, marketplace sellers, and non-human identities. Greg and Jim also dig into communicating identity value in business language, making the investment case without FUD, identity and cyber convergence, AI adoption, and psychological safety on a well-run IAM team. The Lighter Note wraps with Greg's YouTube-powered DIY hobby life.Connect with Greg: https://www.linkedin.com/in/greghandrick/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00:00 Intro and upcoming event announcements00:03:00 Meet Greg Handrick, Director of IAM at Best Buy00:04:00 What is Best Buy?00:05:00 Greg's career path from Oracle DBA to IAM Director00:12:00 IAM reporting to the CIO vs. the CISO00:17:00 How Best Buy's IAM steering committee evolved00:22:00 Third-party and non-human identities at scale00:24:00 Identity as a team sport and imposter syndrome00:27:00 Communicating identity value in business language00:28:00 Making the investment case for IAM without FUD00:32:00 Identity and cybersecurity convergence at Best Buy00:35:00 Balancing technical depth with business acumen00:38:00 AI in identity programs today00:39:00 Leadership philosophy and psychological safety00:43:00 Will AI replace identity practitioners?00:46:00 Ledger Note: DIY projects and the power of YouTubeKeywords: IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Greg Handrick, Best Buy, IAM, identity and access management, identity security, CIO, CISO, steering committee, SailPoint, Ping Identity, Active Directory, third-party identity, non-human identity, identity governance, PAM, privileged access management, zero trust, AI in identity, leadership, retail IAM, imposter syndrome, psychological safety

In this Sponsor Spotlight, Jeff Steadman and Jim McDonald welcome back Stephen Cox, co-founder and CTO of Strivacity, for his third appearance and second sponsored episode. Stephen explains Strivacity's role as a CIAM platform and how it is evolving to address agentic AI identity. Topics include why agentic AI changes the identity equation, how agents differ from humans in authentication and authorization, the delegation model and open standards such as OAuth and token exchange, the limitations of API keys in agentic contexts, where MCP fits into the identity picture, managing multi-agent chains and subagents, and why the accountability model must be established before agentic systems reach production. The episode closes with a lighter note on simulation baseball.

This episode is sponsored by Strivacity. Learn more at strivacity.com.

Connect with Stephen: https://www.linkedin.com/in/stephencox/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

TIMESTAMPS
00:00:00 Introduction and welcome
00:02:30 About Strivacity and agentic AI platform support
00:06:30 Why now is the right time to address agentic identity in CIAM
00:09:00 How agent authentication and authorization differ from humans
00:14:30 Good bots vs bad bots and the history of autonomous agents in CIAM
00:19:00 Building your own agent identity solution: five key focus areas
00:23:00 Where Strivacity sits in the agentic identity stack
00:26:00 Why open standards matter and the vendor lock-in conversation
00:28:00 Managing multiple delegated agents and user-facing control
00:32:00 API keys and their limitations in agentic AI contexts
00:38:00 MCP servers, proxies, and agent-to-agent protocols
00:43:00 Multi-agent chains, subagents, and constrained delegation
00:46:00 How existing Strivacity customers extend to agentic use cases
00:48:00 The one thing you must get right: the accountability model
00:51:00 Lighter note: simulation baseball

KEYWORDS
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Strivacity, Stephen Cox, CIAM, customer identity, agentic AI, AI agents, delegated identity, OAuth, token exchange, MCP, Model Context Protocol, API keys, non-human identity, authorization, authentication, delegation model, accountability, multi-agent, subagents, OpenID Connect, least privilege, identity governance