The power of running with real-time signals: Continuous identity at Identiverse 2025
On September 17, 2011, I was reminded that obtaining and reacting to real-time data is essential. I was running the Stockholm Half Marathon and desperately trying to pace myself on a course that I had never run before. My goal was to keep close to 5 minutes per kilometer (8 minutes per mile)—and the Garmin on my wrist was continually giving me feedback in real-time.
It's no secret that one of the reasons why I run is for the tech: I have a deep passion for sports watches and the data they provide. It’s not just data for the sake of data, though. These devices inform my strategy. At any point during my run, I could glance down and get an instant read of my current speed (as seen above) or several other signals coming into my watch in real time like speed, heart rate, cadence, weather conditions, elevation, messages from friends and family, etc. Because I could obtain this data in real-time, my strategy for the race could be adjusted with a glance. In other words, my real-time data led me to real-time decision-making.
What you don’t know can hurt you
You don't need a sports watch to run a half marathon, though. There are clocks placed at key sections of the race: beginning, middle, and end of the racecourse. But relying only on those clocks (or data) results in a weakened approach to running the race— an approach that presents risk. Sure, I might be close to on pace in those three small segments where a clock is visible, but what's happening between those checks? Those unknown sections represent a danger to me not achieving my race goals. Even if my halfway check is on pace, I may be racing through one section and dragging myself through the next. Without knowing what's happening at the moment, I can't prevent myself from doing what I'm not supposed to.
It's clear that receiving a stream of real-time data — and making real-time decisions from that data — reduces risk and ensures that I'm doing what I said that I was going to do. My race is far more likely to be a success.
From running to identity: A parallel path
Identity is beginning to grasp the same, obvious idea — that real-time data and decision making reduces risk to any organization.
This shift to real-time, cross-component communication is at the heart of what we’ve been working on with the OpenID Foundation’s Shared Signals Framework (SSF) and the various events that this transport layer can support: Continuous Access Evaluation Protocol (CAEP), Risk Incident Sharing and Coordination (RISC), and System for Cross-domain Identity Management (SCIM). This approach allows for the sharing of identity information and context in a steady stream; identity-based decisions can then be evaluated continually.
Identiverse next week in Las Vegas presents the chance to learn about the concept of “continuous identity” and to engage with the identity community as we think through its implications.
Fuel for the (continuous) identity-minded: What to read, see, and learn at Identiverse
Prereading (for the flight on the way to Identiverse):
Shared Signals Framework: The Blueprint for Modern IAM
Sean O’Dell (Disney) takes you through the concept of the Shared Signals Framework and its implications for identity and security.
Juggling with fire made easier: Provisioning with SCIM Events
Jen Schreiber (Workday) and I describe SCIM Events—a new standard for event-based SCIM that was introduced at the European Identity Conference a few weeks ago. We explore the benefits of moving SCIM to real-time.
Sessions to Attend:
Tuesday, June 3 // 9:00 am – 12:00 pm // Mandalay Bay F
Andrew Cameron (GM) and Sean O’Dell (Disney) take you through a long-form exploration of what event-driven, continuous identity means for future architectures, complete with potential benefits, limitations, and the road ahead.
Bringing It All Together: Harnessing the CAEPabilities With Event-Driven IAM
Tuesday, June 4 // 11:40 am – 12:30 pm // Mandalay Bay K
Andrew Cameron (GM), Sean O’Dell (Disney), Atul Tulshibagwale (SGNL), Jeff Steadman (Identity at the Center Podcast), and some guy named “Mike Kiser” (SailPoint)
Panel discussion that will cover the various aspects of standards, event-driven/continuous identity, and how identity architecture is evolving. Interactive session with Q&A. Arguments, puns, and hijinks will most certainly ensue.
Episode IX: The Rise of Continuous Identity
Friday, June 6 // 11:00 am – 11:30 am // Mandalay Bay K
Andrew Cameron (GM), Sean O’Dell (Disney)
End the week with a keynote that maps the changes that event-driven, continuous identity will drive through existing architectures. There are rumors that there is a strong Star Wars vibe for this talk (but perhaps it’s just an allusion in the title? Only attendees will find out for certain.)
To be clear, these are not the only sessions worth attending at Identiverse 2025: it’s a fantastic place to catch up on standards, what works and doesn’t in real world deployments, and how identity can make an impact in “normal” people’s lives. I’ll post about those separately. But shifting architectures to be event-driven and collaborative —enabling real-time, “continuous identity” — is one of the topics I’m most excited about.
Almost as much as that new watch.
---
We hope to see you at Identiverse: Stop by the SailPoint booth (#727)! We have a full schedule of demo theater sessions lined up.
Tuesday June 3rd
6:30 pm: Secure and manage all machine identities - from service accounts to bots and RPAs
7:00 pm: Introducing SailPoint Harbor Pilot
7:30 pm: AI-powered application onboarding
Wednesday, June 4th
10:10 am: Secure and scalable automation for privileged tasks
12:40 pm: Discover, govern, and secure real-time access to sensitive data
1:00 pm: AI-powered application onboarding
1:30 pm: Introducing SailPoint Harbor Pilot
3:45 pm: Securely manage the full lifecycle of third-party non-employees
5:15 pm: Simplified role management with SailPoint Identity Security Cloud
5:45 pm: Secure and manage all machine identities - from service accounts to bots and RPAs
6:15 pm: SailPoint Cloud Infrastructure Entitlement Management - IaaS Governance
Thursday, June 5th
10:10 am: Introducing SailPoint Harbor Pilot
12:45 pm: Securely manage the full lifecycle of third-party non-employees
1:15 pm: Secure and manage all machine identities – from service accounts to bots and RPAs