Episode 199 - GluuFederation/identerati-office-hours GitHub Wiki

Title: What is the GovOps ACC (Authorization Capability Catalog)

• Host: Mike Schwartz, GovOps Technical Initiative Co-Chair
• Co-Host: Rohit Khare, GovOps Technical Initiative Co-Chair

Channels

• Linkedin Event
• Youtube Video

Description

This episode explores the Authorization Capability Catalog (ACC), a GovOps YAML model that maps enterprise capabilities to risk, controls, and compliance objectives. Instead of centering governance on identities (human or software), the ACC treats capabilities as the basic unit of governance. We’ll discuss how capability-centric governance unlocks new visibility into enterprise risk, agentic AI permissions, third-party exposure, and compliance automation. And why the ACC is the right place for GovOps to start.

Homework

• Why the ACC Is the Foundation of GovOps
• ACC Design Document (draft)
• AuthZEN Policy Store Format (draft)
• Agent Security is a Systems Problem

Comment:

• Alan Karp correction: The 1966 paper "Programming Semantics for Multiprogrammed Computations" by Jack Dennis and Earl Van Horn established foundational concepts for capability-based addressing and the object-capability model.

Takeaways

• ⚡ The ACC creates a machine-readable inventory of capabilities and shared lexicon in Gemara YAML format, GovOps enables new metrics and dashboards for risk management.

• ⚡ Governance has focused on identities, but risk lives in capabilities. Humans aren't risky. The actions they do on resources are...

• ⚡ By making the ACC the first deliverable, GovOps accepts as a given that capabilities are the unit of governance. But is Agentic AI the force strong enough to push the capabilities rock up the Sisyphean hill?

• ⚡ Join the GovOps Group on Linkedin: https://gluu.co/govops-group

Livestream Audio Archive

Transcript:

• Transcript
• audio