Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-human-agent-identity-split.md

2.4 KiB

Pattern: Human/Agent Identity Split

Status: draft Readiness target: RL3 production Primary owners: NetKingdom, ops-bridge, product repos

Problem

Agents acting as invisible extensions of human users make access scope, accountability, rate limits, and incident response ambiguous.

Context

Use this pattern for AI agents, automation workers, repository agents, ops agents, scheduled tasks, and delegated user workflows.

Forces

  • Agents need to act on behalf of people or systems.
  • Human approval does not mean unlimited agent authority.
  • Audit must distinguish sponsor, agent, tool, and target action.
  • Agents may need tighter scopes and shorter TTLs than humans.

Solution

Give agents explicit identities with their own scopes, limits, credentials, and audit records. Link agent activity to a human or system sponsor without collapsing them into the same principal.

Implementation Sketch

  1. Define agent identity type in IAM Profile or equivalent registry.
  2. Bind agent to sponsor, purpose, tenant, allowed tools, and TTL.
  3. Issue scoped credentials or certificates for agent activity.
  4. Require flex-auth to evaluate agent context separately.
  5. Emit audit events with both sponsor and agent ids.
  6. Support revocation by agent, sponsor, tenant, and task.

Failure Modes

Failure Mitigation
Agent uses human token directly require separate agent credentials
Audit only records sponsor include agent id and tool/action metadata
Agent keeps broad long-lived access enforce TTL and purpose-bound scopes
Tenant cannot revoke delegated agent support tenant-scoped revocation controls
  • Agent access control.
  • Identity and user management.
  • Authorization and access control.
  • Observability, detection, and audit.

Maturity

Draft. The need is explicit in the platform direction; detailed IAM Profile claim shape and ops integration are still open.

Verification

  • Agent events are distinguishable from human events.
  • Revoking the agent does not require disabling the sponsor.
  • flex-auth decisions include agent context.
  • Agent credentials have explicit scope and TTL.

Research Basis

Seeded by agent access control, human/agent identity split, time-boxed privilege elevation, and auditability requirements.

References

  • Initial exploration: Authorization and access control.
  • Initial exploration: Identity and access patterns.