W3C CCG - Use Cases for Access Management
  • Past
  • Confirmed

Meeting

Event details

Date:
Eastern Standard Time
Status:
Confirmed
Repeats:
Weekly on Tuesday, starting from 2 September 2025, until 30 June 2026
Overview of the recurring event
Organizers
Will Abramson
Mahmoud Alkhraishi
Harrison Tang
Groups:
Credentials Community Group ( View calendar)
Participants:
Somaya Assaker, Otto Mora

You've Got the Wrong Use Case

Alan H. Karp
SitePassword

Abstract (provided by Perplexity.ai)

This talk argues that many identity and access management (IAM) failures come from starting with the wrong use cases and ignoring the hazards that emerge as systems grow more complex. Drawing on three decades of experience—from early large‑scale access control deployments to work with the US Navy and modern systems like AWS Cedar and Solid—it shows how designs focused on simple ACL-style scenarios bake in vulnerabilities, complexity, and usability problems.

Using a progression of concrete use cases, the talk surfaces hazards such as excess authority, weak delegation, missing responsibility tracking, awkward conditional policies, and transitive access issues, then demonstrates how authorization‑centric models and capability-style approaches address them more naturally than traditional authentication‑centric IAM. Attendees will leave with a sharper vocabulary for IAM “use case hazards” and a set of design principles for building systems that handle delegation, composition, and accountability without bolting on fixes after the fact.

Meeting Link: https://meet.google.com/dzc-yjfq-tyf

Agenda

Agenda:

  1. Code of Ethics & Professional Conduct Reminder: https://www.w3.org/Consortium/cepc/
  2. IP Note:
    a. Anyone can participate in these calls. However, all substantive contributors to any CCG Work Items must be members of the CCG with full IPR agreements signed. https://www.w3.org/community/credentials/join
    b. Ensure you have a W3 account: https://www.w3.org/accounts/request
    c. W3C Community Contributor License Agreement (CLA): https://www.w3.org/community/about/agreements/cla/
  3. Call Notes are shared with the W3C mailing list within 24 hours
  4. Introductions & Reintroductions
  5. Announcements & Reminders: https://w3c-ccg.github.io/announcements/
  6. Work Items: https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
  7. Main Agenda
  8. Discussions

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.