Long-time admirer, first-time (solo) speaker

Well, that was a cool experience. I trekked to SXSW this year (along with Venn Factory’s Jade Young) for a first-time1 opportunity to speak about a passion topic: why digital identity matters to both humans and businesses. I left with an impression that all of the event participants alike — both geek and nongeek — invested in both marketing rails and privacy protections — care about getting the connected world right.

I first wrote about this opportunity back in January. Since then, I’ve received a lot of interest in what it means to “build a healthy digital humanity.” But figuring out how to address an audience with such a wide range of interests and knowledge took some doing, even though it was tagged as an intermediate-level session. I decided to tackle things head-on…

• What exactly is IAM? What are its impacts, pro and con?
• What’s the deal with all those identity standards?
• Which new innovations might address our growing security, privacy, and experience challenges?
• What innovation is still desperately needed?
• What do’s and don’ts must humans and organizations both heed?

The larger SXSW landscape

Throughout the event, I saw participants with the same spirit of innovation on the one hand, and caution about where digital humanity is going on the other, that I was addressing through the lens of identity. Here’s a quick tour of some exhibitors and pitch participants that caught my eye…

• Crowd Compass, I visited with this SXSW 2025 Innovation Awards finalist at the Expo and was intrigued by their robustly decentralized approach for “finding your friends at music festivals without your phone,” involving creating a mesh network with a specialized device. I remember the FireChat launch from a decade ago; my interest then and now centers on physical safety and disaster recovery, which is one of the use cases Crowd Compass is pursuing.
• The Human Rights Foundation: Their Expo exhibit, and SXSW talk (which I was unable to attend), focused on the risks of CBDCs. It’s the first time I’ve seen a resource dedicated to such risks, which I worry about too.
• HAND (Human & Digital) Identity: I missed seeing this SXSW Pitch finalist but I have been following HAND and its CEO Will Kreth, and love their focus on “talent identity” and digital replica rights. What celebrities need today, all of us will need tomorrow!

Share

Q&A

In my session I mentioned a number of new-for-me topics, and I’ll share more about them in time. For now, I thought you might be interested in the topics that came up in the session Q&A. It was great to see how wide-ranging they were, and how well they demonstrate the concerns that are out there about where digital humanity is going.

Here’s a recounting, with a few added links…

In other SXSW tracks about quantum computing, they fear “Q Day” in 3-5 years when credentials, logins, passwords, and bank accounts will all be compromised all at once. What’s your take?

Identity, like cybersecurity writ large, is full of cryptography, and so it’s susceptible to this risk all the way down to the roots of the technology. Quantum risk is like the “Y2K” challenge, only there’s no specific day when we know it will arrive. That makes it nerve-wracking.

There are standards, most particularly PQC standards from NIST, to help organizations get on a more mature footing. Becoming quantum resilient is a must, if not becoming fully quantum safe right away.

I don’t believe we’re only 3-5 years away, maybe 10 years (here’s a timeline that takes 10 years total). But who wants to take a chance? We’re in the singularity now, so start migrating as soon as you can!

Now that we’re going to have all these AI agents, will they be operating on our phones?

There are pros and cons to doing this work server-side vs. on the edge. At the same time we’re seeing more options for bringing client-side power to the equation, which is good. An interesting organization is Kwaai.ai, which is building an open-source stack for RAG-based personal AI agents designed to empower humans.

A reasonable critique of decentralized identity is that for user experience reasons, often the digital wallet doesn’t live on our phone, it lives on the web — what’s called a custodial wallet. This brings us back to creating honeypots of the IdP sort.

Pernicious re-centralization of the architectural sort will always be with us, as well as insidious re-centralizationwhere business models make it easier to create bottlenecks such as we see in crypto exchanges.

There’s a challenge in bringing “legacy” users along to use safer authentication methods. What to do?

Being able to orchestrate authentication user journeys in a responsive fashion is key to solving such problems. IAM platforms have some good technology for this, and there are point solutions as well. You can A/B test, you can segment your population, you can use different authentication methods suitable for different contexts: don’t use voice in noisy environments, don’t use fingerprint for emergency room surgeons with gloves on, and so on.

For apps with very diverse populations, it’s especially necessary to be adaptive. Biometric innovation is coming along to help in many cases. There may be a trust factor with biometrics, however; many people won’t turn on Face ID due to these concerns.

Leave a comment

Postscript

Thanks to Mike Schwartz of Gluu for hosting an impromptu IAM meetup in his WeWork offices during SXSW, and even doing a pigeon release off the roof! He’s doing his part to keep Austin wonderfully weird. 🤠

Make your impact irresistible with Venn Factory:

• Gain market impact and industry insights through advisory services
• Invite Eve to speak at your customer or investor event
• Engage Eve for individualized IAM leadership coaching

Work with Eve

¹Back in 2015, thanks to an invitation from identity pal Joni Brennan, I participated in a SXSW panel on identity in the Internet of Things. It was sponsored by the IEEE Technology for Humanity initiative — I sense an ongoing theme here!