Product & Architecture
Karl McGuinness
Builder and product leader in identity.
Okta-scale experience shaping identity platforms, architecture, and the standards that define the industry.
Focus
Identity, security, agents, advising, & angel investing.
Elsewhere
Standards Work
IETF OAuth Working Group
- Identity Assertion JWT Authorization Grant (ID-JAG): a mechanism for applications to use identity assertions to obtain access tokens for third-party APIs, coordinating through a shared enterprise IdP via Token Exchange
- OAuth 2.0 Resource Parameter in Access Token Response: defines a
resourceparameter in token responses so clients can confirm the intended protected resource and mitigate resource mix-up attacks
OpenID Foundation
- OpenID Provider Commands 1.0: defines remote procedure calls from an OP to RPs enabling OPs to manage the full account lifecycle: activate, suspend, reactivate, archive, restore, delete, and unauthorize
- OpenID Connect Enterprise Extensions 1.0: extensions for enterprise OIDC deployments, co-authored with Dick Hardt
- IPSIE, Interoperability Profile for Secure Identity in the Enterprise: working group building interoperability and security profiles across existing specifications to move the needle on enterprise identity in practice, not just in theory