BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Sabre//Sabre VObject 4.5.8//EN CALSCALE:GREGORIAN LAST-MODIFIED:20260126T161600Z BEGIN:VTIMEZONE TZID:America/New_York X-MICROSOFT-CDO-TZID:10 BEGIN:DAYLIGHT DTSTART:20250309T070000 TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20260308T070000 TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT END:DAYLIGHT BEGIN:STANDARD DTSTART:20251102T060000 TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:6c106024-7f5f-4297-972b-18af6432aaef DTSTAMP:20260126T161600Z SUMMARY:W3C CCG - Use Cases for Access Management DTSTART;TZID=America/New_York:20260127T120000 DTEND;TZID=America/New_York:20260127T125000 DESCRIPTION:https://www.w3.org/events/meetings/6c106024-7f5f-4297-972b-18af 6432aaef/20260127T120000/\n\nYou've Got the Wrong Use Case\n\nAlan H. Karp \nSitePassword\n\nAbstract (provided by Perplexity.ai)\n\nThis talk argues that many identity and access management (IAM) failures come from startin g with the wrong use cases and ignoring the hazards that emerge as systems grow more complex. Drawing on three decades of experience—from early la rge‑scale access control deployments to work with the US Navy and modern systems like AWS Cedar and Solid—it shows how designs focused on simple ACL-style scenarios bake in vulnerabilities\, complexity\, and usability problems.\n\nUsing a progression of concrete use cases\, the talk surfaces hazards such as excess authority\, weak delegation\, missing responsibili ty tracking\, awkward conditional policies\, and transitive access issues\ , then demonstrates how authorization‑centric models and capability-styl e approaches address them more naturally than traditional authentication ‑centric IAM. Attendees will leave with a sharper vocabulary for IAM “ use case hazards” and a set of design principles for building systems th at handle delegation\, composition\, and accountability without bolting on fixes after the fact.\n\nMeeting Link: https://meet.google.com/dzc-yjfq- tyf\n\nAgenda\n\nAgenda:\n1. Code of Ethics & Professional Conduct Reminde r: https://www.w3.org/Consortium/cepc/ \n2. IP Note: \n a. Anyone ca n participate in these calls. However\, all substantive contributors to an y CCG Work Items must be members of the CCG with full IPR agreements signe d. https://www.w3.org/community/credentials/join\n b. Ensure you have a W3 account: https://www.w3.org/accounts/request\n c. W3C Community Con tributor License Agreement (CLA): https://www.w3.org/community/about/agree ments/cla/\n3. Call Notes are shared with the W3C mailing list within 24 h ours\n4. Introductions & Reintroductions\n5. Announcements & Reminders: ht tps://w3c-ccg.github.io/announcements/\n6. Work Items: https://github.com/ w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+revie w+next%22\n7. Main Agenda\n8. Discussions\n\nJoining Instructions: https:/ /meet.google.com/dzc-yjfq-tyf\n\nJoining Instructions\n\nGoogle Meet:\nhtt ps://meet.google.com/dzc-yjfq-tyf\n\nVoice:\nDial: ‪(US) +1 434-265-5260 ‬ PIN: ‪242 728 140‬#\nMore phone numbers: https://tel.meet/dzc-yjfq -tyf?pin=8764998681084 STATUS:CONFIRMED CREATED:20250825T160815Z LAST-MODIFIED:20260126T161600Z SEQUENCE:8 ORGANIZER;CN=W3C Calendar;PARTSTAT=ACCEPTED;ROLE=NON-PARTICIPANT:mailto:nor eply@w3.org ATTENDEE;CUTYPE=GROUP;ROLE=OPT-PARTICIPANT;RSVP=FALSE;CN=Credentials Commun ity Group:mailto:public-credentials@w3.org ATTENDEE;CN=Somaya Assaker:mailto:tech.architector@gmail.com ATTENDEE;CN=Otto Mora:mailto:otto@axiswd.com RECURRENCE-ID;TZID=America/New_York:20260127T120000 END:VEVENT END:VCALENDAR