On October 24, 2025, the day after IIW 41 wrapped up, we held the first-ever Agentic Internet Workshop (AIW1) at the Computer History Museum. Hosting it right after IIW 41 made logistics easier and allowed us to build on the momentum—and the brainpower—already in the room.
Like IIW, AIW1 followed an Open Space unconference format, where participants proposed sessions and collaboratively shaped the agenda in the morning at opening circle. With more than 40 sessions across four time slots, the result was a fast-moving day of rich conversations around the tools, architectures, and governance needed for the agentic internet.
Dazza Greenwood conducts a session (click to enlarge)
We welcomed attendees from 10 countries, with the U.S., Canada, Germany, Japan, and Switzerland most represented. The geographic spread (see map above) reflected growing international interest in agents, autonomy, and infrastructure. We expect that trend to accelerate as these ideas move from prototypes to deployed systems.
Topics and Themes
IIW 41 was about the state of identity. AIW1 asked: what happens when we give identity the power to act?
Discussions ranged from deeply technical to philosophically provocative. Participants tackled the infrastructure of agentic browsers, agent identity protocols, and governance models like MCP, KERI, and KYAPAY. We saw sessions on AI agent policy enforcement, private inference, and how to design trust markets and legal frameworks that support human-centric agency.
Agenda Wall (click to enlarge)
We also explored cultural and narrative lenses, from the metaphor of Murderbot to speculative design sessions on agentic AI glasses, human-in-the-loop messaging, and digital media provenance. Questions like "Do you want agents acting without your consent?" and "What is agenthood, really?" brought the conversation to the edge of ethics, autonomy, and technical realism.
Throughout the day, a recurring theme was trust, how it's built, signaled, enforced, and sometimes broken in a world of interoperating agents.
Looking Ahead
We're just getting started. AIW1 was both a proof of concept and a call to action. The conversations launched here are already shaping work in standards groups, startups, and community labs.
Watch for announcements about AIW2 in 2026. We'll be back—with more sessions, broader participation, and even sharper questions.
Twice a year, the Internet Identity Workshop brings together one of the most engaged and forward-thinking communities in tech. In October 2025, we gathered for the 41st time at the Computer History Museum in Mountain View, California. As always, the Open Space unconference format let the agenda emerge from the people in the room. And once again, the room was full of energy, ideas, and deep dives into the problems and promise of digital identity.
This time, we also hosted a special Agentic Internet Workshop on October 24, immediately following IIW. It followed the same unconference format, focusing on how personal agents, identity, and infrastructure come together to support agency online. That event deserves its own write-up, so I'll cover it in a separate post.
Whether you're working on self-sovereign identity, verifiable credentials, digital wallets, or the broader architecture of the agentic internet, IIW remains the place where serious builders and thoughtful critics come to talk, sketch, debate, and collaborate. Here's a look at how it went.
Attendance
Internet Identity Workshop XLI (that's 41 for those who haven't picked up Roman numerals as a hobby) brought together 287 participants at the Computer History Museum in October 2025. That's a slight dip from the spring's IIW 40, which topped 300, but still a strong showing, especially in a field where the most impactful conversations often happen in smaller, focused groups.
The sustained numbers are a testament to the growing interest in decentralized identity, personal agency online, and the agentic internet. As always, the hallway track was just as rich as the sessions, and the energy was unmistakable.
Geographic Diversity
We continued to see excellent geographic representation at IIW 41, particularly from within the U.S., where California dominated as usual. Top contributing cities included San Jose (12 attendees), San Francisco (11), and Mountain View (10)—the heart of Silicon Valley is clearly still in it. We continue to see good participation from Japan (11) and had a good delegation from South Korea (4) as well. We saw fewer attendees from Europe and Canada and that's a shame. They're doing important work and their voices are needed in the global identity conversation.
Notably, this time we saw increased participation from Central and South America, a trend we hope continues. IIW benefits tremendously from global perspectives, especially as identity challenges and solutions are shaped by local contexts. That said, Africa remains unrepresented, a gap we'd love to see filled in future workshops. If you know identity thinkers, builders, or policy folks in African countries, point them our way, we'd love to extend the conversation. We'll be holding an IIW-InspiredTM Regional event. DID:UNCONF Africa happening in February for the second time. We'll work on getting some of those folks over to participate in the global identity conversation next time.
Topics and Themes
As always, the agenda at IIW was built fresh each morning, reflecting the real-time priorities and curiosities of the people in the room. Over the course of three days, that emergent structure revealed a lot about where the digital identity community is—and where it's heading.
Agenda Wall being created on day 2 (8x speedup) (click to view)
One of the most visible throughlines was SEDI (State-Endorsed Decentralized Identity). From foundational overviews to practical demos, governance conversations, and even speculative provocations ("Is Compromising a SEDI Treasonous?"), SEDI became a focal point for discussions about infrastructure, policy, and the nature of institutional trust.
OpenID4VC also had a major presence, with sessions spanning conformance testing, server-to-server issuance, metadata schemas, and questions of organizational adoption. This wasn't just theory—there were working demos, hackathon previews, and implementation notes throughout.
On the technical front, we saw renewed energy around:
Agent-centric architectures, including agent-to-agent authorization, trust registries, and personal AI agents.
Key management and recovery, especially via KERI, ACDC, and protocols like CoralKM.
Post-quantum resilience, with deep dives into cryptographic agility and the readiness of various stacks.
Sessions also ventured into user experience and adoption: passkey wallets, native apps, biometric credentials, and real-world policy interactions. There were thoughtful explorations of friction: what gets in the way of people using these tools? And what happens when systems designed for power users collide with human realities?
Demo session (click to enlarge)
Meanwhile, the social and ethical layers of identity weren't neglected. We heard about harms, digital fiduciaries, and the politics of age assurance and identity verification. Sessions like "The End of the Global Internet" and "Digital Identity Mad-Libs" reminded us that the stakes are not just technical, they're societal.
Importantly, global perspectives played a growing role. From the UN's refugee identity challenges to discussions of Germany's EUDI wallet and OpenID in Japan, it's clear the community is engaging with a wider set of implementation contexts and constraints.
All told, the IIW 41 agenda reflected a community in motion, technically ambitious, intellectually curious, and increasingly attuned to the human systems it hopes to serve. The book of proceedings should be out soon with more details.
This Community Still Matters
IIW 41 reminded us why this community matters. It's not just the sessions, though those were rich and varied, but the way ideas flow between people, across disciplines, and through time. Many of the themes from this workshop—agent-based identity, governance models, ethical frameworks—have been incubating here for years. Others, like quantum resilience or national-scale deployments, are just now stepping into the spotlight.
Whiteboarding (click to enlarge)
If there was a feeling that ran through the week, it was momentum. The stack is maturing. The specs are converging. The real-world stakes are clearer than ever.
Huge thanks to everyone who convened a session, asked a hard question, or scribbled a diagram on a whiteboard. You're why IIW works.
Mark your calendars now: IIW 42 is coming in the spring, April 28-30, 2026. Until then, keep building, keep questioning. And, maybe, even send in a few notes for that session you forgot to write up.
Recently, I heard someone describe Visa as a "centralized" model. That's a common misconception. Visa doesn't operate a single, central database of all transactions. Instead, it provides a trust framework—a set of rules, standards, and infrastructure—that allows thousands of banks, processors, and merchants to interoperate. The actual accounts, balances, and customer relationships remain distributed across the network.
We already live with another example of a trust framework in the physical world: the driver's license. By law, states issue these credentials according to a well-defined process, and other parties—from bars to TSA agents to car dealerships—accept them as proof of age or identity. What's striking is that most of those parties have no formal contract with the issuing state. The framework itself, enshrined in statute and social practice, creates the trust. People rely on the attributes the license carries, not because they have negotiated agreements, but because the framework guarantees its validity.
This is a helpful way to think about first-person identity. Credentials, issued according to this model, make it possible to build trust frameworks for many different ecosystems, just as Visa did for payments or states have done with licenses. A trust framework defines how participants interoperate, but it doesn't centralize everyone's data or relationships.
Here's the key difference: payments is a relatively simple domain compared to identity. You can imagine one Visa handling payments worldwide. Identity, by contrast, has vastly more requirements, policies, and contexts. There won't be a single "identity Visa." Instead, there will be tens of thousands: ecosystem-specific trust frameworks for finance, healthcare, education, workforce, commerce, government services, and beyond. Each will be tailored to its own needs, but they will all be possible because of the same first-person identity foundation.
Fraud prevention, auditability, and traceability are absolutely essential. But those aren't functions of centralization. They come from well-designed credentials and trust frameworks. First-person identity doesn't reject the Visa model—it makes it possible to replicate it, many times over, in the far more complex world of identity.
We're just a few weeks away from the next Internet Identity Workshop (IIW), happening October 21–23, 2025 at the Computer History Museum in Mountain View. I always look forward to those three days—it's the one place where the people building the protocols and systems that underpin digital identity come together, set the agenda themselves, and move the work forward in real time.
This year, we're trying something new. On Friday, October 24, right after IIW wraps up, we'll be hosting the first-ever Agentic Internet Workshop (AIW) at the same venue. Think of it as IIW's younger sibling: same open space format, same collaborative energy—but focused squarely on the agentic internet.
Why? Because we're at an inflection point. Together, we now face the shift toward an internet where agents—AI-powered and otherwise—interact, negotiate, and make decisions on our behalf. Just like IIW gave us space to define protocols like OAuth, OpenID Connect, and Decentralized Identifiers, AIW is meant to give us a neutral ground to figure out the next generation of protocols for an agentic world.
If you've got work in this space—or even just a deep curiosity about where it's headed—I hope you'll stay the extra day. We're capping attendance at 200 people to keep it intimate, and pricing starts at $150 for independents and startups.
And one more thing: both IIW and AIW depend on sponsors to keep costs low and the community strong. If you or your organization would like to help support either event, please get in touch with me.
Iโm excited to share that the first six chapters of my new book, Dynamic Authorization: Adaptive Access Control, are now available through Manningโs Early Access Program (MEAP). You can start reading today at Manningโs site. As part of the launch, Manning is offering 50% off.
I wrote this book because I noticed something curious in the identity world: while authentication has largely become a solved problem—at least technically—authorization remains widely misunderstood. Many organizations still rely on outdated models like static role-based access control, which donโt hold up in todayโs distributed, collaborative, and zero-trust environments. But the landscape is changing. New tools, such as Cedar, give us the means to create authorization systems that provide better security while also making life easier for employees and customers.
The first chapters of the book lay out this problem space and begin introducing modern approaches. Chapter 1 frames the challenge of authorization in todayโs systems. Chapters 2 introduces the broader topic of digital identity, while chapter 3 drills down on authentication. Chapter 4 introduces authorization with chapters 5 outlining old-school static authorization tecahniques and chapter 6 diving into dynamic models: relationship-based access control (ReBAC), attribute-based access control (ABAC), and policy-based access control (PBAC). To make these ideas concrete, I use practical examples drawn from a fictional company, ACME Corp., to motivate the material and show how it is used in life-like scenarios.
Looking ahead, later chapters will introduce Cedar, the open-source policy language from AWS, and compare it with other frameworks like OPA/Rego and XACML. Iโll also cover how to implement policies effectively, treat them as code, and test them for reliability. My goal is to help practitioners understand both the โwhyโ and the โhowโ of dynamic authorization so they can design systems that adapt to real-world complexity.
If youโve ever struggled with brittle role hierarchies, confusing permission schemes, or the tension between security and usability, this book is for you. And since itโs in MEAP, you can start reading now and follow along as new chapters are released. I'm open to your feedback and suggestions.
The web has come a long way since static HTML. Even so, building user interfaces is still often an exercise in complexity: frameworks layered on frameworks, intricate build tools, and brittle glue code tying everything together. But there's another way—native, composable building blocks, pieces of UI that can be easily reused, reasoned about, and combined without pulling in half the npm registry. That's the promise of web components, and it's why tools like XMLUI are exciting. They let us focus on function and structure, not scaffolding and ceremony.
I'm going to skip the technical deep dive. You can get that on the XMLUI site or in Jon Udell's excellent XMLUI introduction. But even just a simple example can show the power of components.
Imagine you need a table that displays updated information about the status of London tube stations.
Normally, you'd link to an API, fetch the data, loop over the JSON, and build the DOM with JavaScript or a framework like React. Or...you could do it with XMLUI like this:
This is a web component in action: you name the data source, define the structure, and let XMLUI handle the heavy lifting. And this is just scratching the surface, there are multiple component types, styling options, even MCP (Multi-Component Pages) interfaces for multi-agent or AI-powered applications.
One reason I'm personally excited about XMLUI is that I've been looking for a way for Picos to create their own interfaces, rather than relying on an external React app, like we did with Manifold. Picos—distributed, autonomous agents with lightweight logic—used to have UI capabilities. XMLUI components might allow them to regain that ability, natively and declaratively. Bruce Conrad has already been experimenting with this, and I love the idea of using a tool we don't have to build ourselves. Lightweight, component-driven, and web-native, XMLUI seems like a natural fit for Pico-based architectures.
XMLUI isn't just another UI framework, it's a shift toward declarative, modular web development that feels especially well-suited to the world of Picos. By letting components define themselves, serve themselves, and run directly into the browser, we can finally build UIs that are as lightweight and autonomous as the agents they represent. There's still more to explore, but I'm optimistic that XMLUI can help bring back a native interface layer for Picos that's simple, composable, and entirely in their control for easier development and deployment.
When you're the parent of a teenager out late at night, the prospect of them phoning home might seem reassuring. But that same action—to check in, to report back—is also the dream of every government that wants to monitor its citizens and every company seeking to surveil its customers.
This concern sits at the heart of the No Phone Home movement, which advocates for digital identity systems that don't phone home—that is, digital credentials that do not silently report back to their issuers or some central authority every time they're used. While this kind of telemetry can be marketed as a security or interoperability feature, in reality, it opens the door to a kind of invisible surveillance infrastructure that undermines privacy and individual freedom.
I've added my name as a signatory to the No Phone Home campaign, joining a broad coalition of organizations and individuals who believe that digital identity should serve people, not institutions. The signatories include respected organizations like the ACLU, the EFF, and Brave Software, as well as numerous experts with deep experience in digital identity, cryptography, and privacy advocacy.
Enabling Surveillance...and Control
The phrase "phone home" might conjure nostalgic images of a homesick alien, but in the context of digital credentials, it's far more sinister. When a credential—like a mobile driver's license or digital vaccine certificate—relies on contacting a central authority each time it's presented, it creates a record of where and how it was used. Even if that data isn't stored today, the potential exists. That built-in capacity for surveillance is what the No Phone Home campaign seeks to dismantle.
What's more, the very architecture of phone-home systems inherently concentrates power. It privileges the issuer over the holder, undermining the principles of user control and consent. It's not hard to imagine a world where access to services—buying a train ticket, checking into a hotel, entering a public building—depends on real-time authorization or permission from a government server or corporate backend.
Shoshana Zuboff, in The Age of Surveillance Capitalism, lays bare the business model that feeds off this architecture. Her thesis is chilling: surveillance is no longer a byproduct of digital services—it is the product. As she puts it, "Surveillance capitalism unilaterally claims human experience as free raw material for translation into behavioral data." In this world, "phoning home" isn't a safety feature—it's the toll you pay for participation.
Against that backdrop, the No Phone Home movement demands digital identity architectures where credentials are presented to verifiers without any need to check back with the issuer. This model aligns with the principles of self-sovereign identity and decentralization. It shifts the balance of power, placing control squarely in the hands of the individual.
Systems that Phone Home
Many digital identity systems are designed to contact a central server—typically the issuer or identity provider—whenever an identity credential is presented. This is especially true in federated identity systems, where verifying a token often means checking with the original source. OAuth and OpenID Connect, for example, explicitly redirect the user to the identity provider (IdP) as part of the authentication process. SAML can be more opaque, performing these validations through backend calls that may not be obvious to the user. In all these cases, the result is the same: the issuer is aware of the credential's use, creating a trail of user activity that can be observed, logged, and potentially acted upon.
Some verifiable credential systems can operate similarly, enabling the issuer to learn where and when credentials are used. OpenID for Verifiable Credential Issuance (OpenID4VC), for example, inherits these patterns from OpenID and can allow for issuer visibility into credential presentations. But this is a design choice, not a necessity. For example, the verifiable credential presentation protocol in Anoncreds is designed to avoid these pitfalls, enabling credential verification and even revocation checks without contacting the issuer—preserving privacy without sacrificing trust.
Mobile driver's licenses (mDLs) exemplify how this can go wrong. They feel like physical IDs—familiar, simple, and discreet—but unlike handing over a plastic card, an mDL may rely on server retrieval to validate the credential in real time. This means that governments could know when and where you use your license, and in some implementations, could even grant or deny permission for its use. The result is a powerful mechanism for surveillance, packaged in the form of a seemingly benign, everyday artifact.
The American Association of Motor Vehicle Administrators (AAMVA) has acknowledged the privacy concerns associated with server retrieval mode in mDLs. In their December 2024 Implementation Guidelines (version 1.4), they warned about the tracking potential of this mode. Subsequently, in version 1.5, they prohibited the practice. But, as Timothy Ruff argues in Phone Home is Bad. Really Bad, many systems still support it, and the prohibition is simply a policy choice that could be reversed.
The usual justification for "phoning home" is the need to verify that a credential is still valid or hasn't been revoked. But this function doesn't require building surveillance into the architecture. Cryptographic techniques like revocation registries, signed timestamps, and status lists enable real-time verification without ever contacting the issuer. These methods let verifiers check credential status in a privacy-preserving way, ensuring both trust and autonomy. In fact, this is not just possible, it's already being done. Many projects in the self-sovereign identity space routinely demonstrate how to maintain trust without compromising privacy.
These "phone home" systems risk turning identity into an instrument of control. By embedding surveillance into the plumbing of digital trust, they invert the foundational goal of identity systems: to empower the individual.
Build the Future You Want to Live In
The choice to build digital identity systems that don't phone home is ultimately a choice about the kind of society we want to live in. Do we want a world where every credential presentation creates a record, where silent connections to central servers allow for invisible oversight, and where the potential for control is built into the foundation of everyday interactions?
The No Phone Home campaign isn't just about technical standards—it's about civic architecture. It asks us to reject the logic of surveillance and embrace designs that respect human dignity. As our daily lives increasingly rely on digital intermediaries, we have a narrow window to get this right.
By insisting on architectures that protect privacy by design—not just by policy—we build a future where technology empowers rather than controls. That's a future worth fighting for.
Photo Credit: Phoning Home from DALL-E (public domain)
At the end of April, I wrapped up my time at AWS. I joined in September 2022, stepping into the world of AWS Identity, where I worked on authorization and related areas like Zero Trust. It was a deeply rewarding experience. I got a front-row seat to the sheer professionalism and operational excellence it takes to run a cloud service at that scale. The bar is high, and I came away with a renewed appreciation for what it means to build for resilience, security, and speed—at the same time, and without compromise.
For the past 20 months, we've been living in Virginia while I led a team of developers at HQ2, Amazon's second headquarters in Arlington. That's ultimately what made this decision necessary. As much as I loved the work and the people, we've long felt the pull of home. Utah is where our family is, and where we wanted to be. With AWS's return-to-office mandates and no local office in Utah, something had to give. In the end, family won. No regrets there.
I'm especially grateful to Neha Rungta, who brought me into AWS. Neha and I go way back—I knew her when she was pursuing her PhD in computer science at BYU. She's a remarkable leader, and AWS is fortunate to have her. I appreciate the trust she placed in me and the opportunity to be part of something as consequential as AWS Identity.
So, what's next? I'm not retired—but for now, my time is my own. I'm working on a book for Manning about authorization, a topic that's increasingly critical as digital systems become more interconnected and identity-aware. I'm also staying engaged with the identity community through the Internet Identity Workshop (IIW), which continues to be a wellspring of innovation and collaboration.
Recently, we launched the IIW Foundation, a 501(c)(3) nonprofit dedicated to advancing open empowering approaches to digital identity. Our mission is to support not only the flagship IIW events but also IIW-Inspiredโข regional gatherings around the world. There's more to come on that front, and I'll share details in future posts.
Stepping away from AWS wasn't easy, but it was the right move. And as I turn the page, I'm excited about the work ahead—and grateful for the journey so far.
Photo Credit: Leaving AWS from DALL-E (public domain)
Last week, I posted a report on IIW XL, our fortieth event. When participants register, one of the questions we ask them is what they value most about IIW. Over 100 people answered that question. Rather than bore you with the raw data, I asked ChatGPT to summarize the responses. Here's what it said:
Attendees of the Internet Identity Workshop (IIW) overwhelmingly value the event for its strong sense of community, collaborative spirit, and the opportunity to connect in person with peers, innovators, and industry leaders. Many describe the environment as one of mutual respect and openness, where "creative, open discussions" thrive and "everyone is there" to engage deeply on current and emerging identity challenges. The unconference format stands out as a major strength, allowing participants to shape the agenda, dive into interactive workshops, and experience "productive conversations with other attendees" in a way that feels dynamic and inclusive.
Another consistent theme is the access to cutting-edge knowledge and thought leadership in digital identity. Attendees appreciate being "in the room where the future of identity is being designed," hearing about "the latest developments in enterprise IAM," and learning directly from experts in topics like decentralized identity, verifiable credentials, OAuth, and OpenID Connect. The opportunity to "catch up on standards," "inform product roadmaps," and "gain knowledge about key trends" makes IIW not just informative but strategically valuable.
Crucially, IIW is also seen as a place where real progress happens. Participants value the ability to test ideas, gain feedback, and move forward on shared goals in a collaborative setting. As one attendee put it, it's a rare opportunity "to explore problem spaces and solution spaces together," while another highlighted the value of "making progress on standards or other collaborative efforts." The event's unique mix of expertise, spontaneity, and shared purpose creates the conditions for meaningful breakthroughs that extend well beyond the workshop itself.
Beyond the sessions, many emphasized the personal and professional relationships formed over time—"the relationships that have been developed over many years" and the chance to "collaborate in person with colleagues around the world." Several first-time attendees expressed excitement about joining a space described as "unlike any other" and "highly recommended" by peers. Whether returning veterans or newcomers, participants consistently frame IIW as a place of learning, contribution, and genuine connection.
This past week, we held the 40th Internet Identity Workshop—a milestone event that brought together a global community of builders, dreamers, and implementers focused on the future of digital identity. And what a gathering it was.
If there's any lingering doubt about IIW's reach or relevance, just take a look at the map of attendees. People came from all over the world to shape the conversation on the importance of digital identity in the modern age.
As expected, the United States made up the bulk of attendees, with 223 participants from across 20+ states, but what stood out this time was the breadth of international participation:
๐ฐ๐ท South Korea: 12 attendees
๐จ๐ฆ Canada: 11 attendees
๐ฏ๐ต Japan: 10 attendees
๐ฉ๐ช Germany: 7 attendees
๐ฌ๐ง United Kingdom: 5 attendees
๐ฎ๐ณ India: 4 attendees
๐ฎ๐น Italy, ๐ฉ๐ฐ Denmark, ๐ฆ๐น Austria, ๐ฆ๐บ Australia: 3 each
๐จ๐ท Costa Rica, ๐จ๐ด Colombia: 2 each
๐บ๐ฆ Ukraine, ๐น๐ญ Thailand, ๐น๐ผ Taiwan, ๐จ๐ญ Switzerland, ๐ธ๐ช Sweden, ๐ช๐ธ Spain, ๐ฟ๐ฆ South Africa, ๐ต๐น Portugal, ๐ณ๐ฟ New Zealand, ๐ณ๐ฑ Netherlands, ๐ฎ๐ช Ireland, ๐ซ๐ท France, ๐ช๐ฌ Egypt, ๐จ๐ฑ Chile, ๐ฆ๐ท Argentina: 1 each
That's 28 countries represented—more than we've ever had before. We still need more participation from Africa. We have a scholarship program if that would help you come!
California: The Identity Capital (Again)
Of course, California led the way in states with a whopping 117 attendees, and cities like San Francisco (24), San Jose (19), Oakland, and Mountain View formed a familiar cluster of identity wonks. Other strong showings came from Washington (18 attendees), Utah (12), and the tech corridors of Massachusetts and New York.
One surprise highlight? Seocho-gu, South Korea, which sent 10 participants—a remarkable show of commitment from a single district in Seoul. We're seeing more and more investment from Asia in building open, interoperable identity layers, and it's a welcome sign.
What We Talked About
While I'll save the detailed session notes for the Book of Proceedings (still to come), a few themes emerged repeatedly:
Agent-based architecture is gaining traction, and the discussions around personal digital agents (and their governance) were some of the most animated of the week.
Interoperability wasn't just a buzzword—there were concrete efforts to align schemas, protocols, and credential formats across communities.
Authenticity and trust were explored beyond technology—touching on human governance, decentralized reputation, and context-aware interactions.
And yes, AI made its appearance—both as a tool for agent enhancement and a source of identity risk.
It's worth noting that the sessions weren't just technical deep dives. Some of the most impactful conversations happened in hallway chats, whiteboard scribbles, and shared coffee lines.
IIW Still Feels Like a Meetup (and That's a Good Thing)
Despite this being the 40th edition, IIW retains its uniquely informal, self-organized flavor. There's no main stage, no keynotes, and no vendors hawking wares. Just a grid of ideas and a crowd of people who care enough to show up, share, and build.
That's what makes IIW magical.
To everyone who attended—whether from Sunnyvale or Sรฃo Paulo, Tokyo or Toronto—thank you for being part of this milestone. Let's keep making identity better.
