Spherical Cow Consulting

Heather Flanagan
March 25, 2025March 2, 2025
Hot Takes

Why Enterprises Should Care About Digital Credentials (Even If It’s Complicated)

Digital Credentials (also known as verifiable credentials) have been promoted as the next best thing for keeping individuals secure in their online as well as in-person transactions. But what about companies? What does a typical enterprise get from moving down the digital credential path? On the one hand, they get a leg up on fraud.

business competition, A worthy competitor, Player confrontation, Administration and Management., 3d rendering

Heather Flanagan
March 18, 2025March 18, 2025
Deep Thoughts, Industry Ideas

Digital Credentials vs. Traditional Federation: What’s the Difference?

tl;dr: Traditional identity federation has enabled digital identity with centralized, third-party logins, for decades. Its limitations in security and user control, however, are becoming a problem, especially when there are alternatives being developed. Digital credentials offer a decentralized, user-empowering alternative that enhances privacy and enables offline authentication. We’re looking at a brave new world with

tension between standards and reality is like balancing boards on top of each other and a ball

Heather Flanagan
March 11, 2025February 15, 2025
Industry Ideas

Standards vs. Reality: The Long Tail of Legacy Systems

From NHI to AI to Shared Signals, even in CIAM it comes back to standards versus reality. Identity standards paint a perfect future: passwordless logins, verifiable credentials, and seamless trust. I love that picture; I want to frame it. Alas, legacy IAM, tight budgets, and a business case that still boils down to ‘but will

Shared signals bouncing through space above Europe.

Heather Flanagan
March 4, 2025March 4, 2025
Industry Ideas
1 Comment

Shared Signals: Who Pays the Price for Stronger Identity?

What if fraud prevention was, you know, a shared effort? That’s where the Shared Signals Framework (SSF) comes in! The idea behind shared signals is simple: instead of each company detecting threats on its own, organizations (or systems within an organization) can share security events—like compromised credentials or suspicious logins—in real-time. The SSF, developed by

Heather Flanagan
February 25, 2025March 2, 2025
Hot Takes, Industry Ideas, Uncategorized

What AI Agents Can Teach Us About Fraud in Consumer Identity

The irony with urgently questioning how to tell whether something is an AI or a person is the fact that we’re struggling just as much to distinguish humans from… well, other humans. This is, in fact, not a new problem at all. After writing about the AI vs Human issue in a previous post, I’m

A cryptographic math maze circle with path to center; which path you actually take is secret thanks to zero-knowledge proofs.

Heather Flanagan
February 18, 2025February 15, 2025
Deep Thoughts, Industry Ideas

Zero-Knowledge Proofs: Privacy, Innovation, and Equity

Imagine being able to prove you’re old enough to buy a drink without flashing your ID—or proving you have insurance without handing over your policy details. Sounds like magic? It’s just math. Zero-Knowledge Proofs (ZKPs) might be the biggest leap for privacy since encryption, but they also come with serious challenges. Let’s talk about the

Heather Flanagan
February 11, 2025February 10, 2025
Deep Thoughts

Agentic AI and Authentication: Exploring Some Unanswered Questions

Agentic AI is changing authentication faster than our identity models can keep up. We’ve built systems assuming users are human, but what happens when an AI agent, not the user, needs to authenticate on their behalf? Our current identity frameworks weren’t designed for this, and the gaps are starting to show. 🎙 Audio Blog If

World map with logistic network distribution representing a supply chain on background.

Heather Flanagan
February 3, 2025March 20, 2025
Industry Ideas

Securing the Software Supply Chain: How SCITT, SPIFFE, and WIMSE Work Together

I’ve been saying that to follow what’s happening in NHI standards, some of the core work you need to follow is happening in the IETF: SPICE, WIMSE, and SCITT. Everybody loves WIMSE with its workload identity architecture, and building the credential format in SPICE that can meet the needs of NHIs is of course brilliant

Can we prove personhood and distinguish between humans and bots?

Heather Flanagan
January 27, 2025February 4, 2025
Hot Takes
1 Comment

Are You Human? A Dive Into the Proof of Personhood Debate

I don’t think of myself as an expert in non-human identity (NHI). Instead, I’d say I’m NHI-curious and eager to share what I’m learning. Lately, I’ve been going down a rabbit hole about when and how to indicate if someone—or something—is human. I’m clearly not alone in asking this. Last year, I was one of

People figures with comment clouds above their heads. Commenting on feedback, participation in discussion, debating the definitions of digital credentials that can be verified

Heather Flanagan
January 20, 2025March 21, 2025
Hot Takes, Industry Ideas

Digital Credentials That Can Be Verified: A Lesson in Terminology

The terminology swirling around the world of digital identity can be overwhelming. Are we talking about verifiable credentials? Digital credentials? What about verifiable digital credentials? Do these terms have profound technical distinctions? Barely (though I suspect some of the more deeply engaged individuals may disagree). The nuances mostly arise from standards politics, the English language,