https://notes.karlmcguinness.com/tags/xaa/Recent content in XAA on Control Plane by Karl McGuinnessHugoen-uspublic@karlmcguinness.com (Karl McGuinness)public@karlmcguinness.com (Karl McGuinness)Sun, 05 Apr 2026 12:00:00 -0700https://notes.karlmcguinness.com/notes/id-jag-beyond-the-enterprise-idp/Sun, 05 Apr 2026 12:00:00 -0700public@karlmcguinness.com (Karl McGuinness)https://notes.karlmcguinness.com/notes/id-jag-beyond-the-enterprise-idp/ID-JAG, also often called Cross-App Access (XAA), is centered in the current draft on Enterprise IdP trust, but the issuer that matters is the immediate IdP the downstream authorization server already trusts for SSO and subject resolution, not necessarily the top-level workforce IdP. The same trust pattern can also extend architecturally to CIAM and platform identity layers that federate upstream workforce login while remaining authoritative for downstream product trust, tenant context, and subject resolution.