Episode 009: 04‐25‐2024 Zero Standing Priviledge - GluuFederation/identerati-office-hours GitHub Wiki

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Ian Glazer, Founder Weave Identity
• Co-Host: Vlad Shapiro, Vice President, Infrastructure Security Technologies Brown Brothers Harriman

Linkedin Event

Description

"Least privilege" is the total entitlements required to perform a job over time. But has the time come to redefine least privilege as the minimum "what is needed right now for the task at hand" and not "what might I need right now"? Identity guru Ian Glazer makes the case that this is the direction we need to go.

Questions

1. How does zero standing privilege differ from least privilege or zero trust?
2. Does zero standing privilege apply to workforce only, or also to consumer / citizen?
3. If we are moving to "task granularity" from "person granularity", what are the minimum features that enterprise software vendors would need to implement zero standing privilege?
4. Do we need new OAuth standard to implement Zero Standing Privilege, like the Replacement Txn-Token Flow. In step 6, how would you know what token to issue in response to the request?

Homework

• Ian's article The Least Privilege Fallacy or How I Learned to Stop Worrying and Love Zero Standing Privilege

• Is RBAC Still Relevant? Am I?

Livestream Audio Archive

Here