Authorization is no longer just about roles and permissions. In this episode of Identity at the Center podcast, PlainID Co-Founder and CTO Gal Helemski joins hosts Jeff and Jim to discuss why modern environments like APIs, microservices, and agentic AI require policy-based, context-aware authorization. From RBAC limitations to intent-based access control and zero standing privilege, this conversation breaks down what secure authorization looks like today, and where identity and access management is heading next.
What you’ll hear in the episode:
- Why authorization is “the last line of defense” before data, APIs, tools, and services
- The real shift from RBAC to PBAC (and why roles alone can’t keep up)
- What “zero standing privilege” means in practice, and why it matters now
- How authentication (“who you are”) and authorization (“what you can do”) must stay distinct and continuous
- Why agentic AI changes everything: many steps, many decisions, many opportunities for overreach
- Where to place controls in agent workflows: prompt → data (RAG) → tools (MCP) → response masking
- The rise of intent-based access control (identity + what + why + context)
- Why visibility and auditing are as important as enforcement for security governance
