Sign up to save your podcasts
Or
Share Open Authorization In The World Of AI With Aaron Parecki
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Open Authorization In The World Of AI With Aaron Parecki
Episode Summary
How do we apply the battle-tested principles of authentication and authorization to the rapidly evolving world of AI and Large Language Models (LLMs)? In this episode, we're joined by Aaron Parecki, Director of Identity Standards at Okta, to explore the past, present, and future of OAuth. We dive into the lessons learned from the evolution of OAuth 1.0 to 2.1, discuss the critical role of standards in securing new technologies, and unpack how identity frameworks can be extended to provide secure, manageable access for AI agents in enterprise environments.
Show Notes
In this episode, host Danny Allan is joined by a very special guest, Aaron Parecki, the Director of Identity Standards at Okta, to discuss the critical intersection of identity, authorization, and the rise of artificial intelligence. Aaron begins by explaining the history of OAuth, which was created to solve the problem of third-party applications needing access to user data without the user having to share their actual credentials. This foundational concept of delegated access has become ubiquitous, but as technology evolves, so do the challenges.
Aaron walks us through the evolution of the OAuth standard, from the limitations of OAuth 1 to the flexibility and challenges of OAuth 2, such as the introduction of bearer tokens. He explains how the protocol was intentionally designed to be extensible, allowing for later additions like OpenID Connect to handle identity and DPoP to enhance security by proving possession of a token. This modular design is why he is now working on OAuth 2.1—a consolidation of best practices—instead of a complete rewrite.
The conversation then shifts to the most pressing modern challenge: securing AI agents and LLMs that need to interact with multiple services on a user's behalf. Aaron details the new "cross-app access" pattern he is working on, which places the enterprise Identity Provider (IDP) at the center of these interactions. This approach gives enterprise administrators crucial visibility and control over how data is shared between applications, solving a major security and management headache. For developers building in this space today, Aaron offers practical advice: leverage individual user permissions through standard OAuth flows rather than creating over-privileged service accounts.
Links
- Okta
- OpenID Foundation
- IETF
- The House Files PDX (YouTube Channel)
- WIMSE
- AuthZEN Working Group
- aaronpk on GitHub
- Snyk - The Developer Security Company
Follow Us
- Our Website
- Our LinkedIn
View all episodes
By Snyk
4.7
2121 ratings
Episode Summary
How do we apply the battle-tested principles of authentication and authorization to the rapidly evolving world of AI and Large Language Models (LLMs)? In this episode, we're joined by Aaron Parecki, Director of Identity Standards at Okta, to explore the past, present, and future of OAuth. We dive into the lessons learned from the evolution of OAuth 1.0 to 2.1, discuss the critical role of standards in securing new technologies, and unpack how identity frameworks can be extended to provide secure, manageable access for AI agents in enterprise environments.
Show Notes
In this episode, host Danny Allan is joined by a very special guest, Aaron Parecki, the Director of Identity Standards at Okta, to discuss the critical intersection of identity, authorization, and the rise of artificial intelligence. Aaron begins by explaining the history of OAuth, which was created to solve the problem of third-party applications needing access to user data without the user having to share their actual credentials. This foundational concept of delegated access has become ubiquitous, but as technology evolves, so do the challenges.
Aaron walks us through the evolution of the OAuth standard, from the limitations of OAuth 1 to the flexibility and challenges of OAuth 2, such as the introduction of bearer tokens. He explains how the protocol was intentionally designed to be extensible, allowing for later additions like OpenID Connect to handle identity and DPoP to enhance security by proving possession of a token. This modular design is why he is now working on OAuth 2.1—a consolidation of best practices—instead of a complete rewrite.
The conversation then shifts to the most pressing modern challenge: securing AI agents and LLMs that need to interact with multiple services on a user's behalf. Aaron details the new "cross-app access" pattern he is working on, which places the enterprise Identity Provider (IDP) at the center of these interactions. This approach gives enterprise administrators crucial visibility and control over how data is shared between applications, solving a major security and management headache. For developers building in this space today, Aaron offers practical advice: leverage individual user permissions through standard OAuth flows rather than creating over-privileged service accounts.
Links
- Okta
- OpenID Foundation
- IETF
- The House Files PDX (YouTube Channel)
- WIMSE
- AuthZEN Working Group
- aaronpk on GitHub
- Snyk - The Developer Security Company
Follow Us
- Our Website
- Our LinkedIn
More shows like The Secure Developer
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
The Changelog: Software Development, Open Source
282 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Thoughtworks Technology Podcast
42 Listeners
Software Engineering Daily
625 Listeners
AWS Podcast
203 Listeners
Smashing Security
311 Listeners
Darknet Diaries
7,874 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
187 Listeners
Defense in Depth
76 Listeners
Risky Bulletin
33 Listeners
The 404 Media Podcast
312 Listeners