The OrthID blog.
Field notes on sovereign identity, AI agents and healthcare - written by the people building it.
Why AI agents need their own identity
An agent acting on patient data is not a user and not a service account. Here's why it needs a first-class, scoped, expiring identity of its own - and what breaks when it doesn't.
Read the postSovereignty isn't a checkbox
Data residency is more than a region dropdown. We break down what it actually takes for identity to stay inside a jurisdiction - and where most providers quietly leak.
Read moreWe refused the operational tax of legacy IdPs
Per-seat pricing, phone-home telemetry, pooled tenants. The hidden costs of legacy identity providers - and the design decisions we made to avoid them.
Read moreToken exchange, explained for healthcare teams
RFC 8693 in plain language: how on-behalf-of delegation lets an agent borrow a clinician's authority for one task, scoped down, with a receipt.
Read moreMigrating off Auth0 without the downtime
A field-tested playbook for moving users, orgs and SSO connections to a sovereign identity layer - without a flag day or a help-desk surge.
Read more[Draft titles - posts to author before publish.]
Want this in your stack, not just your reading list?
See how OrthID gives every human, organisation and agent a sovereign identity.