2026-05-27 –, Arena
A pragmatic look at "IAM for AI," showing how familiar tools like OAuth, and emerging work such as CIMD and ID-JAG, can meet AI’s needs without inciting revolution.
Comparable only to seismic shifts like the Industrial Revolution or the rise of the Internet, the emergence of artificial intelligence is unquestionably transformative. But does it really demand an equally radical upheaval in IAM standards and technology? With the seemingly endless parade of prophets and profiteers declaring the revolution imminent and assuring us that they alone can lead it, you might think so.
The reality might be less dramatic and more practical. Many of the core challenges of 'IAM for AI' look pretty familiar. Regular old OAuth is already well suited to a surprising amount of AI systems' needs, and emerging efforts like CIMD and ID-JAG seem poised to fill in some of the gaps. It may be that our existing IAM foundation can rise to the occasion, or that our expectations can be tempered to meet the moment.
Join a curmudgeonly pragmatist and occasional OSW contributor on a journey from 'Eh, I?' to 'I am.' without inciting revolution.
As a Distinguished Engineer for Ping Identity, Brian aspires to one day know what a Distinguished Engineer actually does for a living. In the meantime, he's tried to make himself useful with little things like designing and building much of PingFederate, the product that put Ping Identity on the map. When not making himself useful, he tries to build his legacy by sneaking his name onto technical documents that few people will ever actually read, including some identity and security standards in the IETF and OpenID Foundation. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.