Identity expert Vittorio Bertocci joined Auth0 as Principal Architect. Find out what he thinks companies miss when they think ‘identity.’
Auth0 Welcomes Vittorio Bertocci to the Team
If you’ve heard Vittorio Bertocci’s sessions at events like BUILD, Microsoft PDC, and many other industry events around the world, you know why we are so excited he is joining Auth0.
During his lengthy career with Microsoft, Vittorio worked with Fortune 100 and Global 100 companies, including working on Microsoft’s Azure Active Directory team as principal program manager focusing on the developer experience. He contributed to the inception and launch of Microsoft's claims-based platform components (Windows Identity Foundation and ADFS, ADAL and MSAL SDKs, ASP.NET middleware) and turned Auth0 co-founders Eugenio Pace and Matías Woloski onto the concept of identity.
So, if you’ve been missing out, don’t worry. We’ve got you.
"Please join us in welcoming @vibronet to @auth0! Find out what he thinks companies miss most when they think ‘identity’ (and what he’ll be doing for @auth0)."
As Auth0 Principal Architect, Vittorio will be applying his skill for rendering complex ideas clear in webinars and customer meetings.
We’ll frequently share his expertise, but if that’s not enough, you can still find Vittorio’s many articles online, get his books on identity, check out his blog at cloudidentity.com, follow him @vibronet, or catch him at his next speaking engagement.
Since today is his first day at Auth0, we thought we’d seed future conversations with a few introductory questions.
What do most companies miss when they start thinking about “identity?”
Ha! I hate to answer the very first question with “it depends,” but it truly does. Every company, large or small, already has experience with identity — after all, business is made of people, and identity just happens to be how employees, partners, and customers access resources to perform the functions their company needs them to fulfill.
On one extreme of the spectrum, you have very large companies, with a significant investment in traditional identity solutions. Those solutions are normally very good at hiding complexity from users and developers… as long as the action takes place within the boundaries of their network. As those companies start their journey through digital transformation, they are forced to operate with resources and actors outside of their boundaries… and rediscover many of the challenges that their infrastructure hid from them. The good news is that those challenges can be tamed, and doing so leads to even higher levels of productivity.
On the other extreme, there are companies like ISVs providing services to individual users, who start venturing toward the world of enterprise integration as their services evolve to work with business users. The thing that typically surprises developers at that stage is just how much higher the bar is when it comes to data control, consent, policies, SSO, and compliance. Once again, the good news is that there are solid patterns in place that can help integrate with businesses and satisfy those new requirements, without giving up any of the agility of existing solutions.
Which three identity trends most intrigue you?
The first one is easy to pick, as it goes well beyond identity: it’s the increasingly common expectation that everything can be accessed programmatically, through an API. This is one of the most impactful revolutions in recent years. It is empowering more people to tap into existing data and capabilities, and build on it, rather than forcing them to reinvent the wheel or even give up on great ideas because laying the fundamentals is too expensive. As identity practitioners, we have the opportunity and responsibility to make those scenarios possible —connecting users to data and application with the least friction, while ensuring that access occurs respecting policies, consent, and all the appropriate security and access control hygiene.
The second trend I am observing with interest is the increased attention to protect artifacts used in OAuth2, OpenID Connect, and modern protocols in general: token binding, proof of possession, and Webauthn are all signs that our industry is maturing, and the pendulum is once again swinging toward providing viable solutions for high assurance scenarios. Those were all considerations that were top of mind back in the time of the WS-star protocols (which, incidentally, is still my car’s license plate to this day!), but in those days, those properties were a complexity price to pay upfront — an entry ticket for using those protocols, regardless of whether your scenario called for it or not. The modern efforts to bring back those assurances to contemporary protocols takes an incremental approach, so that new capabilities can be gracefully introduced as needed. I like that, and I think it will do a lot of good for many high-value scenarios.
For the third trend: Regardless of whether one thinks it is a revolution or mostly hype, I don’t think I can exempt myself from naming Blockchain here.
Why Auth0 and why now?
In a nutshell: excellence and customer obsession.
Leaving my position at Microsoft has been one of the hardest things I have ever done in my life — the Azure AD team is amazing, Microsoft as a whole is doing everything right, and I was lucky to be successful and do meaningful work there.
Microsoft is a universe in itself. As cloud scenarios rose in importance, I found myself spending more and more time dealing with internal customers, with less time to work with external customers and the industry. Although that’s very interesting and impactful work, my true passion lies with the developer community. Auth0 has done amazing work with developers since its inception, adapting to the industry trends and customer requirements with dazzling speed, flexibility and overall excellence. Add to that the tremendous respect and admiration I have for Eugenio and Matías, and you’ll easily see why I am so excited to join Auth0 and do my best to contribute to its growth.
What will you be doing for Auth0?
The field is wide open! Initially I’ll focus on standards and internal/external education. Most importantly, I’ll cultivate a beginner mindset — absorbing everything I can learn about the company, technology, customers, culture, you name it. Hopefully that will equip me to contribute to product innovation, feeding the virtuous cycle that ties customer Jobs-to-be-Done into features and solutions.
Welcome to Auth0, Vittorio! We are so excited to have you.