This talk argues that many identity and access management (IAM) failures come from starting with the wrong use cases and ignoring the hazards that emerge as systems grow more complex. Drawing on three decades of experience—from early large‑scale access control deployments to work with the US Navy and modern systems like AWS Cedar and Solid—it shows how designs focused on simple ACL-style scenarios bake in vulnerabilities, complexity, and usability problems.
Using a progression of concrete use cases, the talk surfaces hazards such as excess authority, weak delegation, missing responsibility tracking, awkward conditional policies, and transitive access issues, then demonstrates how authorization‑centric models and capability-style approaches address them more naturally than traditional authentication‑centric IAM. Attendees will leave with a sharper vocabulary for IAM “use case hazards” and a set of design principles for building systems that handle delegation, composition, and accountability without bolting on fixes after the fact.
