Identity at the Center

What does it mean to build an identity system that is ethical? Jim McDonald and Jeff Steadman are joined by Elizabeth Garber, Executive Director of IDPro and marketing lead for the OpenID Foundation, for a conversation spanning ethics in digital identity, the tension between privacy and safety, biometric exclusion risks, and how practitioners can use structured frameworks to navigate these discussions productively. Elizabeth shares her three-part career journey, the latest from the IDPro community, and previews her upcoming keynotes at EIC Berlin and Identiverse Las Vegas.

Connect with Elizabeth: https://www.linkedin.com/in/elizabethgarber

IDPro Discount - New members get $25 off their first year of membership: https://idpro.org/idac/

Ethics and Digital Identity by Henk Marsman: https://bok.idpro.org/article/id/104/

Ethics for Digital Identity and Identity-Driven Algorithms by Mike Kiser: https://bok.idpro.org/article/id/105/

Human Centric Digital Identity white paper: https://openid.net/wp-content/uploads/2023/10/Human-Centric_Digital_Identity_Final-v1.1.pdf

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps:

00:00 Intro and Jim's allergy research
03:42 Conference announcements: EIC and Identiverse
06:00 Welcome Elizabeth Garber
07:04 Elizabeth's three-part origin story
11:55 IDPro mission and the identity community
18:13 Membership, CIDPRO certification, and the Body of Knowledge
21:17 IDPro Slack community
23:40 IdentiBeer and local meetups
26:26 IDPro listener discount at idpro.org/idac
29:00 Operationalizing ideas in IAM
32:19 Ethics in the IDPro Body of Knowledge
33:30 Defining ethics in technology
34:19 The trolley problem and moral consistency
37:10 Big tech, privacy, and law enforcement
39:28 Where practitioners start with ethics
43:30 Biometric exclusion and the Uganda story
49:00 Privacy vs. safety: a false choice?
53:48 The case for consistent ethical frameworks
57:53 Elizabeth's EIC and Identiverse talks
59:49 Improv comedy and expensive hobbies
1:07:25 Wrap-up

Keywords: ethical IAM, digital identity ethics, IDPro, identity and access management, privacy, safety, biometrics, exclusion, Elizabeth Garber, GAIN Digital Trust, OpenID Foundation, Body of Knowledge, Ethical Canvas, zero knowledge proofs, passkeys, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, EIC Berlin, Identiverse

This bonus episode of Identity at the Center is brought to you with support from Elimity. Jeff and Jim sit down with Maarten Decat, co-founder and CEO of Elimity, to explore the emerging product category known as IVIP, Identity Visibility and Intelligence Platforms. Maarten explains how Elimity was built around a question every IAM practitioner eventually faces: who can actually do what within our organization? The conversation covers why IVIP is distinct from traditional IGA, how identity data graphs provide deeper visibility than flat entitlement lists, and what regulatory drivers like SOC 2, ISO 27001, and DORA are pushing organizations toward this space. They also discuss deployment patterns, integration approaches, ROI metrics for leadership, and what Maarten calls provable control. The episode closes with a memorable story about Elimity branded Belgian beer and a very formal legal letter. Learn more at elimity.com/idac.

Connect with Maarten: https://www.linkedin.com/in/maartendecat/

Learn more about Elimity: https://elimity.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

CHAPTER TIMESTAMPS

00:00 Introduction and ax-throwing memories from EIC Berlin
01:35 Introducing Maarten Decat, co-founder and CEO of Elimity
01:57 How identity chose Maarten: from PhD to startup founder
03:09 The Elimity origin story and the problem it set out to solve
04:52 Defining IVIP: Identity Visibility and Intelligence Platforms
05:31 Where did the name Elimity come from?
06:57 Why identity visibility has become a security priority now
09:02 What organizations were doing before IVIP existed
11:16 Can IGA do what IVIP does? Addressing the skeptics
14:20 The identity data graph: deeper and wider than IGA
16:20 IVIP and IGA as complementary tools, not competitors
16:49 What falls outside IVIP scope: automated provisioning
18:01 IVIP as the intelligence layer in your IAM stack
19:45 What data sources connect into an IVIP platform
21:44 Extending visibility to non-human identities
22:00 M&A use cases: gaining visibility across two organizations
23:55 IVIP and the identity fabric concept
25:18 Visibility, intelligence, and actions: building the right stack
26:36 How deployments typically start and what early wins look like
28:44 Integration approaches and realistic effort timelines
32:00 What success looks like at six to twelve months
36:07 Metrics and ROI: talking to leadership about identity risk
38:14 Case studies and customer examples on the Elimity website
38:58 What every IAM practitioner should know about IVIP
40:12 Elimity's global reach: EU, US, and Middle East
41:42 The Elimity branded beer story and a very formal legal letter
46:43 Wrap-up and final thoughts

KEYWORDS

IVIP, identity visibility and intelligence platforms, IGA, identity governance, access control, identity data graph, Elimity, Maarten Decat, non-human identities, access risk, provable control, SOC 2, ISO 27001, DORA, CCPA, cybersecurity, PAM, IAM, identity and access management, EIC, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Jeff and Jim are joined by Warwick Ashford, senior analyst at KuppingerCole and returning MC of the European Identity and Cloud Conference, for a full preview of EIC 2026. The conference runs May 19-22 at the Berlin Congress Center and is expecting around 1,500 attendees with roughly 250 speakers across 200 sessions. Warwick walks through the 2026 tagline, Digital Trust Through Intelligent Identity, and unpacks the five parallel content streams covering identity governance, real-world IAM use cases, emerging tech, enterprise infrastructure, and privacy and compliance. The conversation covers how AI and agentic identity have moved from theory to a central agenda theme, what to know about the quantum-safe identity block, why EU digital wallets and digital sovereignty are getting serious keynote time, and why EIC records everything so you never have to pick the wrong session. Jeff also shares his take on where EIC fits in the broader conference calendar alongside Identiverse and Gartner, and why he is thoroughly done hearing that identity is the new perimeter.

Connect with Warwick: https://www.linkedin.com/in/warwickashford/

Attend European Identity and Cloud Conference 2026 (use code idac25mko for a 25% discount): https://www.kuppingercole.com/events/eic2026?ref=partneridac26

Secure Remote Access: The Foundation of Industrial Cybersecurity (KC Analyst Chat Video): https://www.youtube.com/watch?v=jqpNg-ogEv4

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

00:00:00 Intro and AI Cybersecurity Discussion
00:04:00 EIC 2026 and Discount Code
00:05:47 Introducing Warwick Ashford
00:07:00 Warwick's Recent Work: MDR, SRA for OT/ICS, and TPAG
00:10:16 The History and Evolution of the EIC Name
00:11:00 Tagline: Digital Trust Through Intelligent Identity
00:12:10 How AI Has Elevated the EIC Agenda
00:14:49 Sessions vs Workshops at EIC
00:17:57 EIC as a Community and Networking Conference
00:18:00 Jeff's Conference Circuit: EIC, Identiverse, and Gartner
00:25:28 EIC 2026 Keynote Highlights
00:31:55 Virtual Attendance and Session Recordings
00:34:34 Hidden Gem: The Quantum-Safe Identity Block
00:36:15 Logistics: 1500 Attendees and 250 Speakers
00:38:00 The Five Parallel Content Streams
00:43:31 Is Identity the New Perimeter?
00:48:13 Fun Segment: Most Memorable Theater Moments

Keywords: EIC 2026, European Identity Conference, Warwick Ashford, KuppingerCole, digital trust, intelligent identity, agentic identity, non-human identities, ITDR, quantum-safe identity, EU digital wallets, identity fabric, identity control plane, IAM, zero trust, Berlin, conference preview, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Warwick Ashford

Jeff and Jim welcome back five-time guest Jeff Reich, Executive Director of the Identity Defined Security Alliance, just ahead of Identity Management Day 2026 on April 14th. Jeff walks through the structure of the 21-hour global event, this year's theme of Finding Identity: The Search for You, Me, and the Machines, and highlights from each regional program including a remarkable 11th grader presenting on cybersecurity and neuroscience. The conversation expands into AI guardrails, the growing obsolescence of traditional PAM, zero standing privilege as a long-term goal, the march toward a passwordless world through passkeys, and what quantum resilience actually means for practitioners today.

Connect with Jeff: https://www.linkedin.com/in/jreich/

Learn more about the Identity Defined Security Alliance: https://www.idsalliance.org/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps:
00:00 Welcome and podcast life behind the scenes
02:00 Identiverse 2026 updates and conference discount codes
05:00 Introducing Jeff Reich, Executive Director of IDSA
07:00 Identity Management Day: structure of a 21-hour global event
11:00 Oceania and Asia region highlights
13:30 EMEA highlights and powerhouse panelists from Copenhagen
16:00 Americas region and the 11th grader presenting on cybersecurity
20:00 Theme reveal: Finding Identity, The Search for You, Me, and the Machines
23:30 AI and identity: guardrails, frameworks, and what organizations are missing
28:30 Standing privilege is crumbling in the age of ephemeral workloads
30:00 Is traditional PAM becoming obsolete?
34:30 Zero standing privilege and the passkey journey
40:30 Getting the fundamentals right before chasing the shiny tools
46:30 Quantum computing, quantum resilience, and cryptocurrency risk
53:00 Social engineering is still the biggest threat
55:00 Identity Management Day theme song suggestions

Keywords:
Identity Management Day 2026, IDSA, Identity Defined Security Alliance, Jeff Reich, IAM, non-human identities, machine identities, agentic identity, zero standing privilege, PAM, passkeys, quantum resilience, AI and identity, deepfakes, social engineering, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

This sponsored episode is made possible by Evolveum, the company behind midPoint, an open source IGA platform made and owned in the EU that is in use worldwide.

Jeff Steadman and Jim McDonald welcome Pavol Mederly, interim CPO at Evolveum. Pavol shares how IAM found him in 1991 while building an identity solution at a university before the term even existed.

The conversation covers two core reasons IGA projects fail: data quality and slow application onboarding. Pavol explains how midPoint addresses these challenges with built-in simulations for testing and improving data quality, and midPilot, an AI assistant for faster application onboarding. MidPilot is supported in part by the EU Recovery and Resilience Facility (RRF). Jim and Jeff explore midPoint's architecture, the real benefits of open source including transparency and no vendor lock-in, and advantages of being part of midPoint’s global community.

Connect with Pavol: https://www.linkedin.com/in/pavol-mederly/

More about Evolveum: https://evolveum.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

TIMESTAMPS:
00:00 Intro and sponsor acknowledgment
01:30 How IAM chose Pavol: a university identity story
03:30 What is Evolveum and midPoint
06:30 How Evolveum got its name
08:30 Why IGA projects fail: data quality
10:30 Slow app onboarding and AI-assisted connector generation
16:30 The midPoint simulation feature explained
21:30 midPoint architecture: Java, cloud, Kubernetes, and beyond
23:30 Maintaining a large open source codebase
25:30 Open source benefits: transparency and no vendor lock-in
28:00 Community, meetups, and midPoint in the wild
32:30 Mountains or ocean: a question for Pavol
38:00 Wrap up

KEYWORDS:
Evolveum, midPoint, open source IGA, identity governance, IAM, IGA, data quality, application onboarding, simulation, AI connectors, connector framework, vendor lock-in, open source, EU RRF, Recovery and Resilience Facility, community, Prague, EIC, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Pavol Mederly