Why IAM Remains a Challenge and What We Can Do About It
Everyone expects Identity & Access Management to be a “set it and forget it” problem. But the reality looks quite different: the same challenges keep resurfacing, they are technically demanding, time-consuming, and frequently create friction between teams, ultimately resulting in significant costs. And the rise of AI agents makes it even worse.
Over the years, Dimitrij explored these recurring issues, which led to a multi part blog series published in 2025, initially aimed at updating the OWASP Microservice Security Cheat Sheet. His goal was to show how well known IAM building blocks can be combined into pragmatic, coherent, and operationally realistic solutions. That work eventually grew beyond the original scope and is extending to multiple new OWASP Cheat Sheets plus an entirely new architectural-level cheat sheet format.
In this talk Dimitrij will share the essence of the patterns and the strategies he identified and documented, show how to avoid the usual traps, and how to reduce IAM complexity in distributed systems to create the space to focus on what is actually being built - the product.
This talk is aimed at developers, architects, and security practitioners working with distributed systems. It provides an overview of actually known IAM patterns that are however often unfamiliar in real-world projects.
- Date
- 2026-03-26
- Time
- 19:00 - 21:00
- Conference / Event
- Cologne OWASP Stammtisch
- Venue
- REWE Digital, Köln