Papers

Frameworks built to be picked up and used.

Longer-form, citable work: named metrics, reference models, and methodology built to be reused. Published openly, and indexed on SSRN.

Practitioner Reference · Identity & Access The IAM Framework Citation Gap What standards say vs. what practitioners think they say

IAM teams cite ISO and NIST to defend their work, and the citations do not always match what the documents say. This reference maps the four ways a citation fails, the wrong concept, the wrong document, the stale edition, and the invented requirement, each worked against the primary source, with guidance on defending it to an auditor.

Wrong concept Wrong document Stale edition Invented requirement

Read the paper → June 2026 · 11 pages · PDF White Paper · Published on SSRN Measuring What Moves A Dynamic Metrics Framework for Identity Governance Responsiveness

Operational IGA metrics measure whether governance work happened, not whether the program is keeping pace with how fast access changes. This paper proposes four named, program-level metrics for governance responsiveness, the way DORA metrics did for software delivery, applied to human and non-human identity alike.

EDR · Entitlement Drift Rate GL · Governance Lag JHL · Justification Half-Life TG · Trust Gradient

Read the paper → May 2026 · 18 pages · DOI 10.2139/ssrn.6842545