An Interview With Peter Fernandez
Heya,
This is another in my series of interviews about the future of CIAM from experts in the space.
Peter Fernandez is a consultant, advocate, architect and engineer, who has more than 30 years of experience designing and developing secure and robust software solutions. When not helping teams with the complexities of integrating Customer Identity and software development in general, you can usually find him working behind the scenes, acting in or directing a show at his local theatre.
That knowledge and experience gained in both domains is what, in 2025, led him to embark on a journey designing and developing the B2B SaaS solution he calls TheatricalPA.
I’m excited to hear Peter’s views on CIAM, identity and more.
Dan: What problems do you see customer identity and access management (CIAM) solving for your customers?
Peter: Currently in the process of building a B2B SaaS solution for theatrical production management, I’ve had recent first-hand experience when it comes to using CIAM to facilitate many of the features that will be making their way into my product. Features that just wouldn’t be possible without a comprehensive CIAM solution.
Not just about security, for me, CIAM has been a fundamental enabler when it comes to what I’m building. As a gateway to seamless customer experience on multiple devices, identity federation across (social) providers such as Facebook, Google, and Apple has provided me with the ability to build some really cool features. And I can see that for more developers, this is going to become increasingly relevant as the trend towards building SaaS solutions continues to grow.
Of course, Customer Identity is also fundamental to providing a secure experience for customers - be that via the added protection of MFA (via the likes of WebAuthN), or first-factor replacement of Passwords via Passkeys, etc. For B2B SaaS development, in particular, though, I think the Access Management side of the equation will start to play a more prominent role, as delegation of user functionality - particularly from an AI perspective - becomes as relevant as delegated administration capability is today. It’s certainly something that is showing great promise for me.
Dan: What are major challenges you see with CIAM (in the industry, in implementation, etc)?
Peter: The threat landscape is ever-changing, and with AI added in the mix, the challenge of protecting customers grows ever more complex. Today, most CIAM solutions are biased towards the “Customer Identity” side of the equation, with Delegated Authorization featuring more prominently than Access Control. As I say, with the continued rise in SaaS solution development - particularly B2B SaaS solution development - I believe this needs to change.
I would say that tighter integrations between what are arguably today the somewhat more disconnected Access Control solutions will be imperative in delivering a more holistic approach to CIAM. One that gives developers the ability to more readily build adaptable and safer applications, too. True Customer Identity & Access Management needs to encompass all aspects of the customer experience in equal measure, and be flexible in the way it does so as well.
It continues to amaze me that, after all this time, the topic of token management still comes under discussion - and in the new era of MCP and Agentic AI, something that’s going to be even more of a challenge. Some vendors are tackling things in a proprietary fashion, whilst other folks are trying to find solutions within the bounds of the protocol standards; my own Access Control Mediation Endpoint pattern (a.k.a. ACME pattern for short ) is one such example that, at the same time, attempts to build a stronger relationship between Identity, Consent and Access Control.
Dan: What excites you about the future of CIAM? Any predictions?
Peter: Going forward, I can foresee the lines between CIAM, AI, and other technologies blurring as we see each incorporated as part of a more expressive SaaS development paradigm. From a customer perspective, this will ultimately provide for a more secure and feature-rich user experience, which can only be a good thing for the various user communities.
From a developer’s perspective, I think new improvements/developments/implementations are always exciting; personally, I get a buzz out of the availability of feature-rich Open Source CIAM to provide a solid foundation on which developers can experiment with building new capabilities.
For example, I’m developing a new Elective Consent capability, as well as an improved Account Linking security workflow, and whilst I won’t say either will make it as part of any future iterations to the standards, they are all implemented as enhancements based on the standards and made possible by having an openly available code base. I think that’s pretty cool.
Thanks again to Peter for sharing his views.
Dan