The document summarizes a presentation on revisiting identity and access management (IAM) foundations. It discusses key IAM concepts like separation of duties, role engineering, and permission drift. It also proposes several IAM metrics that can be tracked, such as the percentage of access requests granted within service level agreements and the percentage of systems using single sign-on. Finally, it provides a bibliography of over 30 references on IAM topics including role-based access control models, economic analyses of IAM, and approaches for modeling IAM requirements.