#390 - Identity Management for Agentic AI with Tobin South
Identity at the Center8 Dec

#390 - Identity Management for Agentic AI with Tobin South

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, to delve into the intricacies of identity management in the age of agentic AI. They discuss the challenges and solutions related to AI agents, the role of the Model Context Protocol (MCP), and the concept of recursive delegation and scope attenuation. Additionally, the conversation covers practical advice for developers and enterprises on preparing for AI-driven identity management and explores the cultural touchstone of coffee from various global perspectives.


Connect with Tobin: https://www.linkedin.com/in/tobinsouth/

OpenID Foundation: https://openid.net/

Identity Management for Agentic AI (OpenID Whitepaper): https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdf


Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com


Chapter Timestamps:

00:00 – Jeff and Jim banter about unopened iPads and conference season

05:55 – Introduction to Tobin South and his AI identity background

07:00 – How AI has evolved from machine learning to generative models

09:00 – The OpenID AI Identity Management Community Group

10:30 – ChatGPT’s impact on the AI perception shift

12:00 – Users vs. Agents: What’s the difference?

14:00 – Letting the right bots in: AI agents vs. bad bots

17:00 – AI impersonation, delegation, and the risk of shared credentials

20:00 – Impersonation vs. Delegation – what practitioners need to know

23:00 – Governance, oversight, and delegated authority for agents

26:00 – Liability and “who is responsible” in agentic systems

30:00 – How developers can prepare for agent identity and access management

32:00 – Explaining the Model Context Protocol (MCP)

36:00 – Enterprise use cases for MCP and internal automation

38:00 – Is MCP the next SAML?

42:00 – Recursive delegation and scope attenuation explained

46:00 – The one key takeaway for IAM professionals

48:00 – Lighter note: Coffee talk – from Sydney to San Francisco

54:00 – Wrap-up and where to find more IDAC content


Keywords:

IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Tobin South, OpenID Foundation, AI Identity Management, Agentic AI, Delegated Authority, Impersonation vs Delegation, Model Context Protocol (MCP), Recursive Delegation, Scope Attenuation, Identity Access Management, IAM, AI Governance, AI Standards, Enterprise AI, AI Agents, Identity Security

Avsnitt(392)

Identity At The Center #40 - IAM ROI

Identity At The Center #40 - IAM ROI

Jim and Jeff talk about how to develop a Return on Investment (ROI) strategy when it comes to IAM. Link to Auth0 Forrester report we discuss: https://auth0.com/forrester-total-economic-impact/ Risk Management Concepts: https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security-and-risk-management/cissp-risk-management-concepts/ Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

20 Apr 202039min

Identity At The Center #39 - Digital Transformation and CIAM

Identity At The Center #39 - Digital Transformation and CIAM

Jim and Jeff talk about how consumer/customer IAM (CIAM) is a fundamental part of a digital transformation strategy. Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

13 Apr 202042min

Identity At The Center #38 - Data Privacy Regulations are Dead On Arrival with Richard Bird

Identity At The Center #38 - Data Privacy Regulations are Dead On Arrival with Richard Bird

Jim and Jeff talk with Richard Bird, Chief Customer Information Officer at Ping Identity, about data privacy and why data privacy regulations are dead on arrival. LinkedIn article by Richard: https://www.linkedin.com/pulse/data-privacy-joke-your-town-nation-richard-bird/ Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

6 Apr 202050min

Identity At The Center #37 - Access Management with Andy

Identity At The Center #37 - Access Management with Andy

Jim and Jeff talk with Andy Clark, Principal Consultant at Okta, about access management including the why's of OIDC and SAML, scopes, and flows. To register for the free virtual Oktane 2020 conference, visit https://www.oktane20.com/ Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

30 Mars 202036min

Identity At The Center #36 - Assessing CIAM Maturity

Identity At The Center #36 - Assessing CIAM Maturity

Jim and Jeff talk about how assessing CIAM (customer/consumer identity & access management) can be different than an enterprise IAM assessment. Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

23 Mars 202050min

Identity At The Center #35 - Managing IAM Through A Pandemic

Identity At The Center #35 - Managing IAM Through A Pandemic

Jim and Jeff talk about the current global health situation and things to consider from an IAM perspective. Jeff also finds a way to talk baseball with Jim as it relates to the Houston Astros and their brute force hacking of pitchers and catchers for the last few seasons (allegedly). Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

16 Mars 202045min

Identity At The Center #34 - Managing IAM Risk with Esteban

Identity At The Center #34 - Managing IAM Risk with Esteban

Jim and Jeff talk with Esteban about the approach he takes in managing IAM risk for his organization. The Institute of Internal Auditors (IIA) Position Paper: The Three Lines Of Defense In Effective Risk Management And Control Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

9 Mars 202035min

Identity At The Center #33 - IAM for IoT

Identity At The Center #33 - IAM for IoT

Jim and Jeff talk about a topic suggested by listener Kerem B.; How to approach IAM for IoT (Internet of Things). For more IoT Security info, visit www.iotsecurityfoundation.org Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message or email us at questions@identityatthecenter.com.

2 Mars 202029min

Populärt inom Teknik

uppgang-och-fall
natets-morka-sida
elbilsveckan
market-makers
rss-laddstationen-med-elbilen-i-sverige
rss-uppgang-och-fall
rss-elektrikerpodden
bilar-med-sladd
rss-badfluence
rss-technokratin
developers-mer-an-bara-kod
skogsforum-podcast
hej-bruksbil
rss-racevecka
rss-veckans-ai
bli-saker-podden
rss-digitala-influencer-podden
har-vi-akt-till-mars-an
rss-snacka-om-ai
under-femton