A new digital “system of systems” with people, services, and billions of things is emerging. Managing authorization statically doesn’t scale to needs for distributed data, central policy, relationships beyond roles, or consumer privacy/trust. Eve Maler and Ashley Stevenson demonstrate how User-Managed Access (UMA) and Identity Relationship Management (IRM) simplify new authorization challenges.