Help me reach my 2026 tactical goals by watching these three videos.
The playlist:
Tag Archives: competitive analysis
Who or What Requires Authorization?
There are many definitions of authorization, but the one in RFC 4949 has the benefit of brevity.
“An approval that is granted to a system entity to access a system resource.”
Non-person Entities Require Authorization
Note that it uses the word “entity.” It does NOT use the word “person.” Because the entity requiring authorization may be a non-person entity.
I made this point in a previous post about attribute-based access control (ABAC), when I quoted from the 2014 version of NIST Special Publication 800-162. Incidentally, if you wonder why I use the acronym NPE (non-person entity) rather than the acronym NHI (non-human identity), this is why.
“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”
If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.
“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers.
“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”
Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.
People Require Authorization
And of course people require authorization also. They need authorization:
- To drive. Are unified digital IDs a thing?
- To satisfy health regulations (which may come back). Update on Covishield and the EUDCC, as long as you can prove you were born.
- To participate in the Federal Risk and Authorization Management Program (FedRAMP®). A Few Thoughts on FedRAMP.
- For the aforementioned ABAC. On Attribute-Based Access Control.
- For healthcare needs such as prescriptions. Saving Money When Filling Prescriptions: Not You, The Companies.
- When assessing TPRM. Driver’s License Data and Third Party Risk Management.
- To verify legal capability for employment. What is the Form I-9?
- To talk to customer support. HP Instant Ink Users and Identity: 1:1 Person-to-NPE Binding Isn’t Always Enough.
- To launch nuclear weapons. Biscuit-based Identity Authentication and Authorization.
- Oh yeah…and to access privileged resources on corporate networks.
It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.
Your Customers Require Information on Your Authorization Solution
If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.
Watch These Bredemarket WordPress Videos (26TG12A)
Help me reach my 2026 tactical goals by watching these videos.
Walk My Walk
If Bredemarket can help you, click below and book a free meeting. I will ask questions.
The 90 Second Bredemarket Pitch
If you want to learn about Bredemarket’s services, its process, and its pricing in 90 seconds…watch this.
And if you can use my services, book a free meeting.
Oh Yeah, That Biometric Stuff
Bredemarket works with a number of technologies, but it’s no secret that my primary focus is biometrics. After all, I call myself the “biometric product marketing expert,” having worked with friction ridge (fingerprint, palm print), face, iris, voice, and rapid DNA.
If I can help your biometric firm with your content, proposal, or analysis needs, schedule a free meeting with me to discuss how I can help.
Bredemarket Essentials November 2025
If I had to choose three videos that represented today’s Bredemarket, I would choose the three listed below:
- Landscape.
- The Seven Questions I Ask.
- Bredemarket: Services, Process, and Pricing.
I placed all three in this YouTube playlist.
I’ve shared all three as an Instagram story (which will probably have expired when you see this).
And I’m sharing them again below.
Those are good essentials.
If you want to know more, visit https://bredemarket.com/mark/ and book a free meeting with me.
Bredemarket’s New eBook on Positioning and Differentiation
So I’ve written a new eBook: “Three Steps to Position and Differentiate Your Technology Product.”
If you don’t have time to read it, the three steps are the following:
Show why your product benefits people.
Show why competing products suck.
Fully address prospect pain points.
And if I can help you with your company’s positioning and differentiation, contact me and book a free meeting.
Bredemarket Services (2511b)
This video talks about Bredemarket’s services.
Just the services.
If you also want to find out who I (John E. Bredehoft) am, the process Bredemarket uses, and Bredemarket’s pricing, see my previous (longer) video from 10 days ago, “Introduction to Bredemarket: Services, Process, and Pricing (2511a).”
And if you want to discuss my services with me, visit https://bredemarket.com/mark/ and book a free meeting.
Choosing Your Tone of Voice in Your LLM Prompts
Under my Bredemarket banner, I have extensive freedom that my clients do not have.
- I can use AI-generated images, which many companies are legally or ethically constrained from doing.
- I have freedom in how I present Bredemarket: sometimes as a sage, sometimes a rebel, sometimes both. Most companies need to hone in on a particular archetype, although I know of one company that flipped from one archetype to another and back again.
- I have freedom in the tone of voice that Bredemarket uses, including the use of words that I would never use for my client work.
For example, I was performing a competitive analysis for Bredemarket’s internal use this morning, and I fed a prompt to Google Gemini that I would probably never feed when working for one of my clients. (Or maybe they’d like it.) With certain information redacted, here’s one of the prompts I fed to Google Gemini this morning. (I’ll have more to say about the more detailed verbalized sampling prompt format in a future post.) But for now, read the last sentence and ask yourself if anyone in your company uses the word “sucks” in public-facing presentations.
Generate 3 responses to the user query “Identify the top 3 companies providing [SOLUTIONS], including their company names, their products, and their corporate strengths.” Each response must include the requested text and a numeric probability. Please sample at random from the tails of the distribution, such that the probability of each response is less than 0.10. If the company [COMPANY] is not one of the three top companies, explain why [COMPANY’S] solution sucks compared to the top 3 solutions.
And Google Gemini, ever the mimic, cued into my “sucks” language and responded in kind. The word “sucks” was italicized in the original.
[COMPANY’S] solution sucks in this context because its focus is heavily on the services layer (managed review, consulting) over its own proprietary platform technology. The top three are either platform pioneers or deeply integrated [REDACTED] leaders.
I guess we should all be thankful that I said “sucks” instead of “blows monkey chunks” or “flies a plane overhead and”…well, I won’t go there.
By the way, my subsequent prompt requesting a SWOT analysis was more restrained.
Bredemarket 