Identity, examined.
A vendor-neutral reference for the whole field: protocol deep dives, vendor analysis, global identity regulations, national eID schemes, and the best learning resources on the web. Sourced, dated, and free, for the people who build and study identity.
Built for people who build and study identity.
Independent and free. The protocols, the laws, the national eIDs, and the best learning material on the web, organized so you can actually learn from it.
Data-protection and identity regulations, each mapped to how it impacts authentication, consent, governance, verification, and data residency.
Explore →National digital identity schemes from Aadhaar to Login.gov, with the standards they use, how people authenticate, and honest privacy notes.
Explore →OAuth, OpenID Connect, SAML, WebAuthn, FAPI, SCIM, and verifiable credentials, explained for the engineers who implement them.
Explore →The best identity material on the internet: RFCs, NIST and OWASP guidance, academic research, industry reports, books, courses, talks, and podcasts.
Explore →Sourced identity-security statistics and a live standards tracker, every figure attributed, for analysts and researchers.
Explore →Working, code-forward guides: add login, validate a JWT, protect an API, set up SCIM provisioning, and add passkeys.
Explore →A world where every identity and security professional, in every country, has free and independent access to the knowledge to master IAM, and where the field's best practices are shaped openly by its practitioners, not its vendors.
We are a non-profit, vendor-neutral community. We curate trustworthy IAM knowledge, news, and jobs; connect practitioners across backgrounds and borders; and give the next generation of identity professionals a place to contribute, be credited, and grow, all in the open and free of commercial influence.
No sponsorship and no pay-for-placement. Opinions are clearly opinions; facts are sourced.
Every claim, score, and statistic carries a citation and a date you can check.
Free for everyone, written for a global audience, and welcoming AI and search engines that learn from it.
Every segment of identity, and the top tools in each.
The whole industry, mapped into six pillars, from workforce IAM and CIAM to PAM, machine identity, authorization, and what comes next.
Workforce Identity
Identity for employees, contractors, and internal systems.
- 20Workforce IAMTop: Microsoft Entra ID
- 18MFATop: Yubico
- soonPasswordless & Passkeys
- soonDirectory Services
- 22Password ManagementTop: 1Password
Customer Identity (CIAM)
Login, onboarding, and trust for the people who use your product.
- 29CIAM PlatformsTop: Auth0
- 44Identity Verification (IDV/KYC)Top: Persona
- soonConsent & Preference (CMP)
Privileged & Governance
Control, certify, and right-size who can do what.
Machine, Workload & Secrets
Identity for services, workloads, and the secrets they use.
Access, Authorization & Network
Decide and enforce access at the app and network edge.
- 11Authorization (FGA/ReBAC)Top: AuthZed
- 12Zero Trust Network AccessTop: Cloudflare Zero Trust
- soonIdentity Orchestration / Fabric
Emerging & Foundational
Where the industry is heading, and what it's built on.
The data behind the decisions.
Decentralized Identity for Enterprises: A 2026 Adoption Guide
How enterprises should approach decentralized identity in 2026: where it fits alongside existing IAM, the concrete use cases, a phased adoption path, and the governance and risk questions to answer first.
- GuideJul 6, 2026Decentralized Identity Explained: A Practical Guide
- GuideJul 6, 2026Decentralized Identity vs Federated Identity
- GuideJul 6, 2026DID Methods Compared: did:web, did:key, did:ion and More
- GuideJul 6, 2026Reusable Identity and KYC with Verifiable Credentials
- GuideJul 6, 2026Verifiable Credentials Implementation Guide
- GuideJul 6, 2026What Is Decentralized Identity?
- GuideJul 6, 2026What Is Self-Sovereign Identity (SSI)?
- GuideJun 30, 2026Non-Human Identity (NHI) Security: The 2026 Guide
Vendors we'd actually recommend.
Scored against a published capability matrix and re-evaluated on a published cadence.
Microsoft Entra ID
4.7/ 5Best for: Microsoft 365 and Azure-centric organizations
Read the profile →Okta
4.7/ 5Best for: Workforce SSO and lifecycle for mid-to-large enterprises
Read the profile →HashiCorp Vault
4.7/ 5Best for: Secrets management with dynamic, short-lived credentials for cloud infrastructure
Read the profile →Identity is a community of practice.
Behind every identity system are the people who designed it, shipped it, broke it, and rebuilt it better. We document their work, and connect you to where the conversations are happening.
New resources, analysis, and updates.
Resources, analysis, and identity news.
Weekly practitioner discussion.
When something material ships.
Channels by category.
r/StartWithIdentity
Occasional. Useful.
We send when something material ships: an annual report, a major vendor profile, a fresh interview. Maybe twice a month at peak. Often less.
SubscribeAuthored by people who've actually shipped identity at scale.
Every evaluation carries a date, an author, and a confidence level.
The capability matrix is open. You can see what we scored and how.
Anything that could shape a view is disclosed on the page.