Sign up to save your podcasts
Or
Share Open Authorization In The World Of AI With Aaron Parecki
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Open Authorization In The World Of AI With Aaron Parecki
Episode Summary
How do we apply the battle-tested principles of authentication and authorization to the rapidly evolving world of AI and Large Language Models (LLMs)? In this episode, we're joined by Aaron Parecki, Director of Identity Standards at Okta, to explore the past, present, and future of OAuth. We dive into the lessons learned from the evolution of OAuth 1.0 to 2.1, discuss the critical role of standards in securing new technologies, and unpack how identity frameworks can be extended to provide secure, manageable access for AI agents in enterprise environments.
Show Notes
In this episode, host Danny Allan is joined by a very special guest, Aaron Parecki, the Director of Identity Standards at Okta, to discuss the critical intersection of identity, authorization, and the rise of artificial intelligence. Aaron begins by explaining the history of OAuth, which was created to solve the problem of third-party applications needing access to user data without the user having to share their actual credentials. This foundational concept of delegated access has become ubiquitous, but as technology evolves, so do the challenges.
Aaron walks us through the evolution of the OAuth standard, from the limitations of OAuth 1 to the flexibility and challenges of OAuth 2, such as the introduction of bearer tokens. He explains how the protocol was intentionally designed to be extensible, allowing for later additions like OpenID Connect to handle identity and DPoP to enhance security by proving possession of a token. This modular design is why he is now working on OAuth 2.1—a consolidation of best practices—instead of a complete rewrite.
The conversation then shifts to the most pressing modern challenge: securing AI agents and LLMs that need to interact with multiple services on a user's behalf. Aaron details the new "cross-app access" pattern he is working on, which places the enterprise Identity Provider (IDP) at the center of these interactions. This approach gives enterprise administrators crucial visibility and control over how data is shared between applications, solving a major security and management headache. For developers building in this space today, Aaron offers practical advice: leverage individual user permissions through standard OAuth flows rather than creating over-privileged service accounts.
Links
- Okta
- OpenID Foundation
- IETF
- The House Files PDX (YouTube Channel)
- WIMSE
- AuthZEN Working Group
- aaronpk on GitHub
- Snyk - The Developer Security Company
Follow Us
- Our Website
- Our LinkedIn
View all episodes
By Snyk
4.7
2121 ratings
Episode Summary
How do we apply the battle-tested principles of authentication and authorization to the rapidly evolving world of AI and Large Language Models (LLMs)? In this episode, we're joined by Aaron Parecki, Director of Identity Standards at Okta, to explore the past, present, and future of OAuth. We dive into the lessons learned from the evolution of OAuth 1.0 to 2.1, discuss the critical role of standards in securing new technologies, and unpack how identity frameworks can be extended to provide secure, manageable access for AI agents in enterprise environments.
Show Notes
In this episode, host Danny Allan is joined by a very special guest, Aaron Parecki, the Director of Identity Standards at Okta, to discuss the critical intersection of identity, authorization, and the rise of artificial intelligence. Aaron begins by explaining the history of OAuth, which was created to solve the problem of third-party applications needing access to user data without the user having to share their actual credentials. This foundational concept of delegated access has become ubiquitous, but as technology evolves, so do the challenges.
Aaron walks us through the evolution of the OAuth standard, from the limitations of OAuth 1 to the flexibility and challenges of OAuth 2, such as the introduction of bearer tokens. He explains how the protocol was intentionally designed to be extensible, allowing for later additions like OpenID Connect to handle identity and DPoP to enhance security by proving possession of a token. This modular design is why he is now working on OAuth 2.1—a consolidation of best practices—instead of a complete rewrite.
The conversation then shifts to the most pressing modern challenge: securing AI agents and LLMs that need to interact with multiple services on a user's behalf. Aaron details the new "cross-app access" pattern he is working on, which places the enterprise Identity Provider (IDP) at the center of these interactions. This approach gives enterprise administrators crucial visibility and control over how data is shared between applications, solving a major security and management headache. For developers building in this space today, Aaron offers practical advice: leverage individual user permissions through standard OAuth flows rather than creating over-privileged service accounts.
Links
- Okta
- OpenID Foundation
- IETF
- The House Files PDX (YouTube Channel)
- WIMSE
- AuthZEN Working Group
- aaronpk on GitHub
- Snyk - The Developer Security Company
Follow Us
- Our Website
- Our LinkedIn
More shows like The Secure Developer
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
373 Listeners
Software Engineering Daily
624 Listeners
Risky Business
375 Listeners
The Cloudcast
153 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
CyberWire Daily
1,023 Listeners
Thoughtworks Technology Podcast
43 Listeners
The Application Security Podcast
36 Listeners
Y Combinator Startup Podcast
226 Listeners
Tech Brew Ride Home
963 Listeners
Defense in Depth
75 Listeners
The Stack Overflow Podcast
63 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,888 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
594 Listeners
BG2Pod with Brad Gerstner and Bill Gurley
497 Listeners