Cloud ID Summit Sharpens Focus on Future of IAM Standards

Yubico Team

Yubico Team

4 minute read

One common theme across the talks at last week’s Cloud Identity Summit (CIS) revealed a desire to simplify and unify existing identity and access management (IAM) technologies and standards to build a pragmatic approach to modern identity.

For years, authentication, authorization, single sign-on (SSO), federation, governance, risk, compliance, standards, etc., etc. have all been pointing toward their own identity-based and secured Nirvana. With each one sporting a unique and clearly articulated picture of a future void of complexity and inadequacies. (Oh, if we could only move to that address yesterday.)

But here’s what I heard last week in San Diego.

More than at any previous time, the intersections of these discrete technologies and standards are now closer, clearer, and capable of a scale that is significant to enterprises and consumers. These intersections are beginning to define the possibilities of a common identity and access management stack that can potentially address a large number of use cases while simplifying the number of edge cases.

Is it around the corner? Nope. Are we in the last mile? Perhaps. Does it have promise? Absolutely.

Let me start from a Yubico perspective, the multi-factor authentication and single sign-on integration unveiled last week between Yubico and Ping Identity highlights advantages when authentication hardware is paired with software-based federation and SSO. This combination moves security and convenience closer to being on the same side of the ledger.

And there are other pieces arriving at intersections.

Standards such as OAuth, OpenID Connect (OIDC), Security Assertion Markup Language (SAML), System for Cross-Domain Identity Management (SCIM), Fast Identity Online (FIDO), and User Managed Access (UMA) provide a view into managing modern identity users, authentication, applications, and services. Emerging standards for authentication and SSO (to mobile devices and applications) are evolving within FIDO (Bluetooth and NFC support) and the OpenID Foundation (Native Application SSO).

The result could add up to an infrastructure that begins to define security, levels of assurance, and user control across enterprise and consumer services accessed from desktops, laptops, and mobile devices.

Organizations like the Open Identity Exchange and the Kantara Initiative are adding trust models and certifications. The vetting of IAM systems will eventually look at the whole infrastructure and not the piece parts, which should come to the table already validated.

Add to the mix efforts underway in global governments including the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the United Kingdom’s Office of the Cabinet. These programs are already proving out models that incorporate technologies constructed with the building blocks displayed at CIS.

The qualifier, however, is that integration of identity and security on such a scale does not handle weakness well. Mastering these integrations initially won’t be for the faint of heart. Failures could be epic fireballs.

Vendors will have to partner and defer to customer needs rather than push their checkbox implementations of their competitors’ strengths. Standards in many ways will deflect some of that conflict.

Major vendors at CIS lined up and vowed to work together and push the adoption of standards. Alex Simons, director of program management for Active Directory at Microsoft, said he now has 1,000 engineers in the security and identity business, and “we are here to be your partner.” Google’s Eric Sachs, product management director for Identity, said in his keynote, “We’ve blocked almost all password access to our APIs by default. You have to use OAuth.” And Ian Glazer, senior director of Identity at Salesforce, laid down the gauntlet, saying companies that continue to manage user names and passwords are “toxic waste farmers.”

Color this analysis optimistic. Argue over timelines. Wrestle with cynicism. But don’t underestimate progress made over the past years regardless of the amount of hope crushed along the way. There is a better identity and access management model. It’s more attainable perhaps than ever before, and with better pieces that reduce complexity and improve usability.

It’s time to jump on and follow this arc of progress.

Photo credit: Brian Campbell

Talk to our teamTalk to our team

Share this article:
  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet