文章探讨了AI代理在身份管理中的重要性,指出传统IAM系统无法满足其需求。Strata的Maverics Agentic Identity解决方案将AI代理视为第一类身份,支持动态身份、零信任原则和跨域协作,确保安全与合规。 2025-6-19 22:8:43 Author: securityboulevard.com(查看原文) 阅读量:3 收藏
Artificial intelligence is no longer just about passive assistants or chatbots that wait for human instructions. We’re in the agentic era—where AI agents reason, plan, take initiative, and act autonomously. These agents don’t just help humans; they become actors on behalf of humans, systems, and even other agents.
Gartner predicts that by 2026, 30% of enterprises will deploy AI agents that act with minimal human intervention, executing workflows, transactions, and decisions at machine speed. But there’s a critical gap: our identity and access management systems weren’t designed for this reality.
The truth is, from an IAM perspective: agents are people too. They deserve the same identity rigor, accountability, and Zero Trust protections that we apply to human users—but adapted for their unique attributes. That’s where Strata’s Maverics Agentic Identity comes in.
How AI Agents Are Like Human Identities in IAM
If you peel back the layers, AI agents and human users share the same identity needs in five key ways:
Unique Digital Identities
Both agents and people require distinct digital identities for authentication and authorization. Without this, there’s no way to apply policies, enforce accountability, or enable trust.
Delegated Authority
Just as people delegate tasks or authorize actions, AI agents often act on behalf of others—whether that’s a user, a system, or another agent. IAM systems must manage this delegation securely and traceably.
Zero Trust Enforcement
Both humans and agents need to operate under Zero Trust principles—least privilege, dynamic policy enforcement, and context-aware access decisions.
Credential Management
Agents, like humans, rely on credentials—tokens, certificates, keys—that must be issued, rotated, and revoked in a governed, auditable way.
Auditability
Accountability is key for both. Every action needs to be tied to a verifiable identity and delegation chain, logged for compliance, incident response, and governance.
How AI Agents Are Different From Human Identities
While agents share these fundamental traits, their unique characteristics break traditional IAM models:
Ephemeral Lifespan
Humans may have accounts for years; agents may exist for seconds. They spin up, act, and disappear at machine speed.
Scale
An enterprise might have thousands of employees—but millions of agents. In some cases, AI agents will outnumber human identities 80 to 1, pushing IAM systems beyond their limits.
Complex Delegation Chains
Humans delegate to agents, but agents may also delegate to other agents, creating intricate, multi-hop trust relationships that must be secured and auditable.
Dynamic, Task-Specific Identity
Unlike people with persistent roles, agents need Just-in-Time identities: credentials scoped tightly for a specific task, time-limited, and purpose-bound.
Cross-Domain, Multi-agent Collaboration
Agents don’t just stay within one cloud or system. They act across domains, collaborate with other agents, and require real-time identity federation and policy enforcement.
How Maverics Agentic Identity Delivers First-Class Identity for AI Agents
Strata’s Maverics Agentic Identity is purpose-built to bridge these gaps—treating agents as first-class identities, just like people, but optimized for their unique nature.
Here’s how:
Just-in-Time Provisioning
Agents don’t get pre-provisioned accounts. Maverics dynamically creates identities only when needed, binds them to their task and delegation chain, and retires them the moment the task is done—no leftover credentials, no risk sprawl.
OAuth Orchestration at Scale
Maverics operationalizes the full spectrum of OAuth capabilities:
- On-Behalf-Of (OBO): Chain agent actions to their human or system delegator.
- Token Exchange: Propagate identity and permissions across trust boundaries.
- Proof-of-Possession (DPoP): Ensure tokens can’t be replayed if intercepted.
- Proof Key for Code Exchange (PKCE): Secure agent auth flows without pre-shared secrets.
- Continuous Access Evaluation Protocol (CAEP): Enforce Zero Trust dynamically; revoke or reauthorize in real time as conditions change.
Attribute-Based Authorization
Beyond scopes and roles, Maverics leverages OAuth attributes and custom claims to drive fine-grained, context-aware policies. Authorization decisions reflect purpose, task, delegation, and risk—enabling Zero Trust at machine speed.
Comprehensive Auditability
Every agent action is logged—who acted, on whose behalf, for what purpose, and with what authority. Whether it’s a human or agent, Maverics ensures a clean, auditable trail for compliance and incident response.
Seamless Federation and Cross-Domain Trust
Maverics supports cross-cloud, multi-agent operations through federated identity, token exchange, and secure delegation. AI agents can collaborate across domains while preserving Zero Trust controls.
Why Start With Maverics Agentic Identity Now
AI agents aren’t coming—they’re here. The question is whether your IAM is ready. Maverics Agentic Identity ensures:
- You can govern AI agents with the same rigor you apply to people.
- You apply Zero Trust at machine speed, without slowing down innovation.
- You’re ready for what’s next: Strata is leading the charge on standards and innovation, helping identity evolve alongside AI.
AI agents deserve first-class identity management. With Maverics, they get it.
Ready to test-drive the future of identity for AI agents?
Join the Maverics Identity for Agentic AI and help shape what’s next.
The post Why AI Agents Deserve 1st Class Identity Management appeared first on Strata.io.
*** This is a Security Bloggers Network syndicated blog from Strata.io authored by Eric Olden. Read the original post at: https://www.strata.io/blog/agentic-identity/why-ai-agents-deserve-first-class-identity-management-7b/
如有侵权请联系:admin#unsafe.sh