#390 - Identity Management for Agentic AI with Tobin South

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, to delve into the intricacies of identity management in the age of agentic AI. They discuss the challenges and solutions related to AI agents, the role of the Model Context Protocol (MCP), and the concept of recursive delegation and scope attenuation. Additionally, the conversation covers practical advice for developers and enterprises on preparing for AI-driven identity management and explores the cultural touchstone of coffee from various global perspectives.

Connect with Tobin: https://www.linkedin.com/in/tobinsouth/

OpenID Foundation: https://openid.net/

Identity Management for Agentic AI (OpenID Whitepaper): https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdf

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps:

00:00 – Jeff and Jim banter about unopened iPads and conference season

05:55 – Introduction to Tobin South and his AI identity background

07:00 – How AI has evolved from machine learning to generative models

09:00 – The OpenID AI Identity Management Community Group

10:30 – ChatGPT’s impact on the AI perception shift

12:00 – Users vs. Agents: What’s the difference?

14:00 – Letting the right bots in: AI agents vs. bad bots

17:00 – AI impersonation, delegation, and the risk of shared credentials

20:00 – Impersonation vs. Delegation – what practitioners need to know

23:00 – Governance, oversight, and delegated authority for agents

26:00 – Liability and “who is responsible” in agentic systems

30:00 – How developers can prepare for agent identity and access management

32:00 – Explaining the Model Context Protocol (MCP)

36:00 – Enterprise use cases for MCP and internal automation

38:00 – Is MCP the next SAML?

42:00 – Recursive delegation and scope attenuation explained

46:00 – The one key takeaway for IAM professionals

48:00 – Lighter note: Coffee talk – from Sydney to San Francisco

54:00 – Wrap-up and where to find more IDAC content

Keywords:

IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Tobin South, OpenID Foundation, AI Identity Management, Agentic AI, Delegated Authority, Impersonation vs Delegation, Model Context Protocol (MCP), Recursive Delegation, Scope Attenuation, Identity Access Management, IAM, AI Governance, AI Standards, Enterprise AI, AI Agents, Identity Security