Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/pattern-human-agent-identity-split.md

76 lines
2.4 KiB
Markdown

# Pattern: Human/Agent Identity Split
Status: draft
Readiness target: RL3 production
Primary owners: NetKingdom, ops-bridge, product repos
## Problem
Agents acting as invisible extensions of human users make access scope,
accountability, rate limits, and incident response ambiguous.
## Context
Use this pattern for AI agents, automation workers, repository agents,
ops agents, scheduled tasks, and delegated user workflows.
## Forces
- Agents need to act on behalf of people or systems.
- Human approval does not mean unlimited agent authority.
- Audit must distinguish sponsor, agent, tool, and target action.
- Agents may need tighter scopes and shorter TTLs than humans.
## Solution
Give agents explicit identities with their own scopes, limits,
credentials, and audit records. Link agent activity to a human or system
sponsor without collapsing them into the same principal.
## Implementation Sketch
1. Define agent identity type in IAM Profile or equivalent registry.
2. Bind agent to sponsor, purpose, tenant, allowed tools, and TTL.
3. Issue scoped credentials or certificates for agent activity.
4. Require flex-auth to evaluate agent context separately.
5. Emit audit events with both sponsor and agent ids.
6. Support revocation by agent, sponsor, tenant, and task.
## Failure Modes
| Failure | Mitigation |
| --- | --- |
| Agent uses human token directly | require separate agent credentials |
| Audit only records sponsor | include agent id and tool/action metadata |
| Agent keeps broad long-lived access | enforce TTL and purpose-bound scopes |
| Tenant cannot revoke delegated agent | support tenant-scoped revocation controls |
## Related Capabilities
- Agent access control.
- Identity and user management.
- Authorization and access control.
- Observability, detection, and audit.
## Maturity
Draft. The need is explicit in the platform direction; detailed IAM
Profile claim shape and ops integration are still open.
## Verification
- Agent events are distinguishable from human events.
- Revoking the agent does not require disabling the sponsor.
- flex-auth decisions include agent context.
- Agent credentials have explicit scope and TTL.
## Research Basis
Seeded by agent access control, human/agent identity split,
time-boxed privilege elevation, and auditability requirements.
## References
- Initial exploration: Authorization and access control.
- Initial exploration: Identity and access patterns.