Hessra - Auth for the Machine Age

[4/1/2026]

#capability-security#authorization#biscuit#naming#designation

What led me to capability security

How a naming problem in a simple webapp led to embracing capability security as the foundation for Hessra.

by Jacob Valentic

[12/4/2025]

#machine-identity#non-human-identity#security#authorization

The Missing Foundation of Non-Human Identity

A foundational model for machine identity based on three dimensions: identity origin, initial policy state, and continuity.

by Jacob Valentic

[10/6/2025]

#cli#devtools#ux#dx#hessra-cli

Designing a CLI That Doesn't Get in Your Way

Design principles for building command-line tools that minimize friction through smart defaults, persistent config, and dual usage modes for humans and automation.

by Jacob Valentic

[9/17/2025]

#identity-tokens#api-keys#bearer-tokens#security#authentication#saas

How to Implement API Keys Using Hessra Identity Tokens

Replace static API keys with cryptographically secure, auto-expiring identity tokens that provide a seamless upgrade path to full authorization.

by Jacob Valentic

[9/3/2025]

#identity-tokens#ai-agents#delegation#biscuit#machine-identity#authorization#non-human-identity

Using Hessra Identity Tokens for Delegated Agent Identities

Learn how to use Hessra's identity tokens to create secure, hierarchical identities for AI agents and sub-agents with cryptographic delegation.

by Jacob Valentic

[8/25/2025]

#machine-identity#authorization#biscuit#zero-trust#ambient-authority#jwt#delegation

Your Contractor Has the CEO's Keycard: The Broken State of Machine Identity

How traditional tokens create ambient authority problems and why separating identity from authorization is the key to secure machine-to-machine communication.

by Jacob Valentic

[7/29/2025]

#zero-trust#security#network#sase#mesh#zanzibar#authorization

High level approaches to Zero Trust

Exploring three conceptual approaches to implementing Zero Trust: simulated solutions, shrinking perimeters, and request-scoped security.

by Jacob Valentic

[7/22/2025]

#security#zero-trust#network#infrastructure#nat

Your network was never safe

The internet broke your network the moment you connected it. Zero Trust is the overdue fix.

by Jacob Valentic

[6/30/2025]

#authorization#security#biscuit#rust

Introducing Hessra: Authorization Built for Machines

Authorization built for machines with offline-verifiable tokens and deep stack coverage.

by Jacob Valentic

BLOG POSTS

What led me to capability security

The Missing Foundation of Non-Human Identity

Designing a CLI That Doesn't Get in Your Way

How to Implement API Keys Using Hessra Identity Tokens

Using Hessra Identity Tokens for Delegated Agent Identities

Your Contractor Has the CEO's Keycard: The Broken State of Machine Identity

High level approaches to Zero Trust

Your network was never safe

Introducing Hessra: Authorization Built for Machines