I’m a product and technology leader with 25+ years of experience building mission-critical, internet-scale identity and security platforms. Most recently I served as SVP & Chief Product Architect at Okta, where I spent a decade shaping how modern enterprises think about identity as foundational infrastructure.
This blog — Control Plane — is where I work through the harder questions: not just how identity works today, but what it needs to become as autonomous agents, delegated authority, and machine-speed decisions replace the human-centric models we built everything on.
Focus Areas
- Agentic identity — how authentication and authorization must evolve when agents act on behalf of principals, delegate to other agents, and operate without human supervision
- Governance and authority — delegation chains, power-of-attorney models, and the accountability structures that make autonomous systems trustworthy
- Trust infrastructure — the protocols, assertions, and verification mechanisms that let systems make access decisions with confidence
- Enterprise identity — federation, lifecycle management, and the interoperability gaps that still make enterprise identity harder than it should be
Standards Work
Identity problems don’t get solved in products alone. I contribute to the specifications that define how systems interoperate.
IETF OAuth Working Group
- Identity Assertion JWT Authorization Grant (ID-JAG) — a mechanism for applications to use identity assertions to obtain access tokens for third-party APIs, coordinating through a shared enterprise IdP via Token Exchange
- OAuth 2.0 Resource Parameter in Access Token Response — defines a
resourceparameter in token responses so clients can confirm the intended protected resource and mitigate resource mix-up attacks
OpenID Foundation
- OpenID Provider Commands 1.0 — defines remote procedure calls from an OP to RPs enabling OPs to manage the full account lifecycle: activate, suspend, reactivate, archive, restore, delete, and unauthorize
- OpenID Connect Enterprise Extensions 1.0 — extensions for enterprise OIDC deployments, co-authored with Dick Hardt
- IPSIE — Interoperability Profile for Secure Identity in the Enterprise — working group building interoperability and security profiles across existing specifications to move the needle on enterprise identity in practice, not just in theory
Background
Before Okta I worked across enterprise software, developer tools, and security infrastructure. My career has been at the intersection of product strategy and deep technical architecture — particularly the places where the two have to converge to build something that actually scales to tens of thousands of enterprise customers.