Modern identity is hard.
This is where it gets clear.

Technical writing on workforce, consumer, and agentic identity - authentication, authorization, and secrets management across all three - written for engineers and architects who need precision, not overviews.

Read the Articles Work With Us

Identity works until it quietly becomes the bottleneck

Most identity systems don't fail dramatically. They fail slowly. Decisions that were "good enough" early on compound into fragility, security risk, and organizational drag.

By the time teams realize something is wrong, identity is political, hard to change, and tightly coupled to everything else.

Three identity populations. One site.

Workforce Identity

Enterprise IAM, Zero Trust architecture, federation, SSO, MFA, and privileged access. Including FIDO2 and passkeys as the authentication layer for employees and contractors.

Consumer Identity

CIAM architecture, passkeys at consumer scale, social federation, and the design tradeoffs that make or break login UX. Same protocols as workforce identity but with entirely different constraints.

Agentic Identity

M2M trust, token delegation, OBO flows, and secrets management for LLM-based systems. The least-documented frontier in modern identity, and where the most consequential architectural decisions are being made right now.

Low-volume. High-signal.

When something in identity is worth a careful writeup (a protocol edge case, an architecture pattern, an emerging agentic identity problem) it goes to the newsletter first.

No cadence commitments. No filler. No sponsored content.

Read the Articles Subscribe

Recent writing

Latest from the blog

What is Digital Identity? A Beginners Guide

Welcome to Identity Explained. Learn what digital identity is, why it matters in 2026, and how to protect your online presence. Start here.

SCIM Is Not What You Think It Is

Most people who've heard of SCIM describe it as "the protocol that syncs users." That's not wrong, exactly. But it's incomplete enough to cause real problems when you're building a provisioning pipeline and suddenly wondering why your app has ghost accounts, delayed deprovisioning, and a sync that only kind of works.

The Emerging Third Pillar of IAM

There's a third pillar of IAM emerging, and it's all anyone seems to be capable of talking about anymore, whether they realize it or not.

View all articles →

Need a senior identity architect, not a six-month engagement?

We work with engineering and security teams on specific identity problems in focused, scoped engagements.

Work With Us