An Interview With Justin Richer - by Dan Moore

Justin Richer is the CTO of UberEther, a high-security identity and platform service company. Justin is a security architect, software engineer, standards editor, and systems designer with over two decades of industry experience. He is the lead author of OAuth2 In Action and contributor to OAuth 2.0 and OpenID Connect. Justin is the editor of a variety of standards including GNAP (RFC9635), HTTP Message Signatures (RFC9421), and OAuth extensions for dynamic client registration (RFC7591, RFC7592), token introspection (RFC7662), and rich authorization requests (RFC9396). Justin is a co-author of NIST SP 800-63, FIPS201, and NIST SP 800-217.

Justin: Our customers manage identities in high security environments, and most of our focus has been on supporting workforce identities with our IAM Advantage product. Even so, the fundamental needs of an identity system remain consistent - the master user record to collect all the attributes and tie them to an entity for each user, a set of access rights available against that record, and all the lifecycle management that comes with it.

The biggest differentiator is the target for the identities - customer and employee functions are rightfully quite different. It’s important to keep these systems sufficiently separated, otherwise a compromised customer account could escalate into control over the system.

Leave a Comment