[#53] Sophomore Survey: Folie à Deux?
What does this newsletter have in common with a deck of cards? Jokers!
1/ Authorizing an Election of our own
It’s finally here: our subscriber-only survey to chart a more sustainable course for our second year. There’s only ten questions, so open a tab and read along in this issue for an explanation of each item for All the Questions Authorized to Answer!

Surveying our Landscape
Think of this section as a Voter’s Guide to the ballot being sent to you by Substack. Only the first and last two require responses.
1/ Miss us much?
Email darling Superhuman has been credited with identifying regret as a unifying metric for surveying PMF (Product/Market Fit).
later argued that 40% “very disappointed” was a critical threshold for sustainable growth.1Q1. How would you feel if this newsletter was no longer sustainable, in its current form?
To discover our NRF (Newsletter-Reader Fit), we also tried mapping feelings to frequencies: how often have you learned or shared something you saw first on the AuthZ Substack? {Weekly || Monthly || Occasionally || Never]
2/ Frequency
Fiddling with the frequency of publication might help. Could dialing it up (to short, daily blipverts) or down (to monthly deep-dives) increase engagement?
Q2. How often would you prefer to receive news about AuthZ?
Daily — It would be better for keeping up with the accelerating pace of AuthZ headlines (even if that mean moving to a different platform, like a LinkedIn Group)
Weekly — It would be better to stick to the current cadence (even if issues vary in length, tone, and format)
Occasionally — It would be better to curate fewer, better links (even if that means skipping some weeks)
Monthly — It would be better to dive deeper into a single AuthZ theme or technology
3/ Posts or Podcasts?
Frankly, writing takes more time than talking (and video takes more effort than either!). Some of out biweekly conference calls have been so entertaining that live office hours might be a format that works well for our community?
Q3. Would you prefer listening to a podcast over reading a newsletter?
No — I don't find podcasts effective for learning or sharing technology headlines about AuthZ
Maybe — Only if it's easier on volunteer editors to talk than to write?
Short-form Podcast — I prefer to hear from real people reacting to real news about AuthZ on a regular basis
Long-form Podcast — I prefer to hear directly from AuthZ leaders, in their own voices
4/ Weekly, Wiki, or Chat?
One indicator if interest is how many readers send in submissions for stories. Or, more pointedly, how few… A community is more sustainable than a fan club.
Q4. Would you participate more if this newsletter became a Wiki? or a Forum?
Nope — I'm here to learn about AuthZ, not expert enough to contribute to a body-of-knowledge
Links — I would prefer to submit more tips if it were easier (and got credit)
Group — I would prefer to collaborate in a LinkedIn group, Slack chat, or mailing lists
Wiki — I would prefer to contribute or edit articles in an open-access AuthZ technology hub
5-7/ Sponsorship by IDPro, OpenID, or Startups?
Sustainability can also sound like a fancy way to ask for money. Allying with an existing organiation(s) also brings credibility, ethical expectations, and a built-in audience.
Q5. Would you pay to join IDPro for a newsletter about IAM?
Q6. Would you pay to join OpenID for a newsletter about AuthZEN?
Q7. Would you like Sponsors to pay for a newsletter about AuthZ startups?
8-9/ Opportunities for Improvement?
There isn’t a “mission statement” for the newsletter today; no single set of companies we cover or standards that might be relevant. Nor is it committed to comprehensively covering every event, every tool, or every tutorial. What kind of stories are most helpful, from startup news to personnel changes to breach analyses?
Q8. What topics or types of stories should we add or expand upon?
This is your chance to weigh in with your perspective on what we could do differently, or suggest different benchmarks for success:
Q9. How would you suggest improving this newsletter, or other other sources you would compare it to?
10/ The Year of AuthZ?
And the bottom line that cycles back to our top-line: it’s important to cover a technology trend when it’s about to take off. The only hard part is knowing when!
Q10. Will 2025 be your “Year of AuthZ”?
For you and/or your employer, what is your priority for engaging with externalized authorization technologies in 2025?
LOW PRIORITY — to EDUCATE ourselves
MEDIUM PRIORITY — to EXPLORE approaches
HIGH PRIORITY — to EVALUATE products and vendors
TOP PRIORITY — to DEPLOY solutions into production, at scale
2/ First Try at a Second Chance?
I’m turning 50 on Monday, and the most important lesson I’ve learned in my career is a corollary of William Gibson’s maxim that “The future is already here – it's just not evenly distributed” — namely that being right, early… is the same as being wrong.2
I’m glad this section celebrates the voices of some key folks from our first year, and more that we respect and take inspiration from as we prepare for a second.
Un an déjà!
First: first-birthday cards from two of our co-curators; with a third on the way from
when he takes the helm next week.3Mike Kiser
From
, Sailpoint’s Director of Strategy and Standards:“One year on, and the recent accelerated pace of movement within authorization continues. We’ve seen discussions at multiple gatherings, full sessions at conferences and (less) formal places such as the Internet Identity Workshop, and, of course, an AuthZEN Interop or two. Progress has been made—but there’s more to come.”
”Authorization has tendrils that reach out into most everything in identity; in the year to come, I expect to see connections with other advancing standards and technologies: the shared signals framework and SCIM Events, policy governance, and the rising wave of new architectures. Here’s to another year of trying to keep pace with the onrush of news and snark that is the AuthZ newsletter!”
Eve Maler
And from outgoing editor
, Venn Factory’s Founder & Impresario:“The Authorization Clipping Service is a true grassroots effort and reflects the will of a widespread community that cares about authorization, access control, and permissions. I’ve found it of immense value as a reader, as a contributing newsletter editor, and in my frequent interactions with other community members. I’m looking forward to seeing its evolution over the next year of continued maturity in the authorization space.”
“To help in its evolution, I hope you’ll fill out the survey we’ve prepared!”
🎭 Yes, I buried the lead, dear readers: I meant “outgoing” in both senses:
😎 Happily, for her irrepressible enthusiasm for identity; but also
😥 Sadly, for her intelligent, insightful, and indispensable insights are exiting our rotation (— but not, hopefully, irreplaceable… Keep any eye out for new faces entering the lineup soon… maybe including yours? Contact us!)
Folie à Deux…?
Second: From first-birthdays to some second-thoughts about setting goals for a second-year… An experimental OKR for marking progress towards an in-person conference about all things AuthZ-related was reaching the first 1,000 subscribers.
Virtual engagement is only a proxy for real-world impact, like the goal of getting together at Gartner IAM in Grapevine, TX in two weeks for advances in AuthZEN at Axiomatics and Aserto and a BBQ-based Access Control Hangout hosted by Strata Identity and Venn Factory.
There’s still room for a few more subscribers out of the fifty spots, which would make for a nicely packed house — literally!
While it is incredibly impressive that over half of you open4 each issue, that’s still 219 short of our target. After all, goals can be galvanizing when they are measure-able — but also have to be measure-d!
Substack tells us we owe a lot to other newsletters that have driven significant shares of our sign-ups, including , , , and . Not to mention those of you who share and comment on LinkedIn, too.
However you squint at the charts, though, growth has been linear of late, in contrast to other “tech influencers” that have explored alternative pathways to making a broader impact, such as The Identity Jedi,
, CyberHut, IDAC, , or the torrid pace of NHIMG.Org3/ Subverting a ‘sophomore slump’
Fifty-four weeks in, you’d think your volunteer editors would be playing with a full deck… But each time that our nearest and dearest 782 subscribers draw the short straw when I’m lollygagging with a late issue must, it must feel like a pack of Jokers!

Since nobody’s making mad tech influencer money off this free newsletter, you might think might your editors rather resemble those original Fools: characters across the centuries who chose to write their own AuthZ policy engines from scratch, instead of adopting simple, secure, and scalable solutions.

But, while the first Joker film was a success, the second outing was… not. Even adding more star power didn’t help, when it wasn’t clear who the audience was & the tale risked repeating itself like the perennial “Year of the LAN” or “Infrastructure Week.”
How might this newsletter avoid repeating its first year while avoiding both tragedy and farce? Perhaps the Louvre has something to teach us about when high culture meets low:

4/ Thanks for giving…
While the recent American elections vividly demonstrated how hard survey design can be, it’s better than all the other ways of sharing our wisdom with each other. On the eve of Thanksgiving in America, I know I’ll be giving thanks for your attention and support, so please share the gift of your feedback, too.
PS. I’m hoping for write-in results at least as entertaining as our first community poll, on what our first conference should be called!
Of course, knowing that number won’t bias our results — because y’all knew that already, amirite?
I’ve had the good fortune to work with a wide range of pioneering technologists, and while I’ve never envied their own fortunes, I have envied their timing!
Isn’t it handy Canadians got their Thanksgiving out of the way in October?
Heck, maybe it’s 100% — if the other half of you are such pros at cybersecurity 🕵️ that all your clicks are cloaked? 😜