Matt Topper, president of UberEther, highlights the complexities of managing identity, credentials, and access control in modern data systems during his appearance on the Data Engineering Podcast. As organizations shift towards composable ecosystems, challenges arise from integrating various data platforms like warehouses, lakes, and streaming systems. This integration often leads to fractured governance and audit trails. Topper emphasizes practical strategies, such as using JSON Web Tokens (JWTs) to propagate user identity and externalizing policies with engines like Open Policy Agent (OPA) and Amazon's Cedar. He also points to the importance of database proxies for implementing row and column security. The conversation delves into several specific issues, including machine-to-machine access, short-lived credentials, and the need for workload identity. Topper discusses catalog-driven governance and lineage-based label propagation, highlighting tools like OpenTDF for binding policies to data objects. He raises the challenge of translating broad data governance policies into enforceable constraints, advocating for more manageable practices in the industry. The discussion also touches on the audit trails generated by data systems and how they can inform technical controls, as well as the need for foundational technologies to improve composability regarding identity and authorization. Streaming data ingestion further complicates security controls, as real-time data delivery presents unique vulnerabilities. Topper identifies lessons learned from Zanzibar-style policy models and stresses the human aspect of enforcement. He concludes by noting the importance of trust composition, which unifies provenance, policy, and identity context. This approach aims to clarify data access, usage, and intent throughout the data lifecycle.