Most organizations say they are doing Zero Trust. Many still trust their IAM directory implicitly, protect it with a firewall, and call that a modern identity architecture. That is a perimeter by another name. In this session, Agne Caunt (Dock Labs), Richard Esplin (Dock Labs) and Justin Richer (MongoDB) work through what Zero Trust actually requires at the identity layer, why federated architectures tend to recreate the problems they were designed to solve, and what a more structurally sound approach looks like.
0:00 Introduction and guest overview
3:48 Zero Trust: origins and core principles
10:26 Why Zero Trust is still unnatural
11:45 Zero Trust in what? The foundational question
13:14 Directory synchronization: how enterprise identity fragility compounds
15:47 Verifiable credentials and the move to user wallets
18:06 Is the wallet really untrusted? Justin pushes back
20:39 Practical transition: using wallets at domain boundaries, not everywhere
22:55 VCs as a reinvention of X.509 for an online world
26:22 Tool comparison: OAuth/OIDC/SAML + SCIM vs. VCs
27:42 Shared Signals and Events (SSE): strengths and structural limits
31:51 User Managed Access (UMA): what it got right, why it stalled
34:35 GNAP: what it solves, when to use it instead of OAuth
41:00 SPIFFE/SPIRE: workload identity and short-lived credentials
46:06 SPIFFE's trust model and the "bottom turtle" question
47:24 WIMSE: bridging workload identity across trust domains
51:12 Agentic identity: the question from the audience
52:38 AI agents -- neither human nor workload, and why that matters
55:26 "On behalf of" vs. "for the benefit of" -- the liability distinction
58:55 What would a Zero Trust native architecture actually look like?
Website - https://www.dock.io/
LinkedIn - https://www.linkedin.com/company/docknetwork/