An Interview With Dick Hardt
Hiya,
This is another in my series of interviews about the future of CIAM from experts in the space.
Dick Hardt is a visionary leader in the identity and access management space, with a career spanning over two decades of groundbreaking contributions to technology and security. As the founder of Hellō Identity Co-op, he focuses on revolutionizing user-controlled identity and privacy solutions, simplifying identity federation for B2B SaaS companies.
Hardt has played a pivotal role in designing OAuth and JSON Web Tokens (JWTs), technologies foundational to secure digital identity. A serial entrepreneur with three successful exits, he has led identity initiatives at Microsoft and Amazon, driving innovation in global authentication systems. He also founded ActiveState in 1997, which became a leader in tools for open-source programming languages and anti-spam software, and was acquired by UK-based security company Sophos in 2003. In 2003, he founded Sxip Identity, promoting next-generation internet identity technology, and was a founding board member of the OpenID Foundation.
Known for his engaging speaking style and thought leadership, Hardt is a regular at tech conferences worldwide, advocating for open standards and privacy-enhancing technologies. His passion for simplifying complex identity systems aligns with his ongoing work on OAuth 2.1, the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) standard and OpenID Provider Commands (of which you’ll read more below).
I’m excited to hear Dick’s views on CIAM, identity, and more.
Dan: What problems do you see customer identity and access management (CIAM) solving for your customers?
Dick: We are helping B2B SaaS vendors federate with their customers to enable them to have SSO and centralized IAM.
Protecting accounts against credential stuffing and phishing is hard. CIAM solutions enable a B2B SaaS vendor to focus on the value their application brings to their customers rather than identity infrastructure. We focus on helping B2B SaaS vendors offer SSO for their customers. This shifts account protection to their customers who will often be using Google, Microsoft, or Okta -- who have dedicated teams focused on protecting user accounts. SAML is the traditional protocol for SSO, but there are a number of advantages to OpenID Connect, which is what we at Hellō support.
After SSO, the customers want to centrally manage access rather than managing access at each app. Organizations want to update what a user can do centrally, and have the change propagated to all their applications. Today the synchronization between the central directory and applications is typically done with SCIM.
Dan: What are major challenges you see with CIAM (in the industry, in implementation, etc)?
Dick: Setting up SAML and SCIM is far too complicated for most B2B SaaS vendors, and for most SMBs. When these protocols were created, they needed to support a wide array of use cases, which led to there many dials that can be adjusted which makes configuration and management difficult.
On top of that, the security landscape was very different and as new threats have emerged, we now have phishing resistant authentication with passkeys and continuous authentication.
Each enterprise has a slightly different view of what is required for a secure deployment, which creates overhead for B2B SaaS deployments as each one is its own snowflake.
Dan: What excites you about the future of CIAM? Any predictions?
Dick: The IPSIE working group is working to profile the collection of protocols and standards so that enterprises and B2B SaaS vendors can refer to a level to get the desired outcomes they want in a repeatable fashion.
OpenID Connect is a modern protocol for SSO, but there is only SCIM for account lifecycle management. While sophisticated deployments need all the power of SCIM, it is overkill for most B2B SaaS.
I'm working with Karl McGuiness, previously Chief Product Architect at Okta on OpenID Provider Commands that builds upon the OpenID Connect token verification model and data schema.
We are excited about lowering the barrier for more deployments to be centrally managed!
Thanks again to Dick for sharing his perspective, and thanks to you for reading!
Dan