generated from coulomb/repo-seed
76 lines
2.4 KiB
Markdown
76 lines
2.4 KiB
Markdown
# Pattern: Human/Agent Identity Split
|
|
|
|
Status: draft
|
|
Readiness target: RL3 production
|
|
Primary owners: NetKingdom, ops-bridge, product repos
|
|
|
|
## Problem
|
|
|
|
Agents acting as invisible extensions of human users make access scope,
|
|
accountability, rate limits, and incident response ambiguous.
|
|
|
|
## Context
|
|
|
|
Use this pattern for AI agents, automation workers, repository agents,
|
|
ops agents, scheduled tasks, and delegated user workflows.
|
|
|
|
## Forces
|
|
|
|
- Agents need to act on behalf of people or systems.
|
|
- Human approval does not mean unlimited agent authority.
|
|
- Audit must distinguish sponsor, agent, tool, and target action.
|
|
- Agents may need tighter scopes and shorter TTLs than humans.
|
|
|
|
## Solution
|
|
|
|
Give agents explicit identities with their own scopes, limits,
|
|
credentials, and audit records. Link agent activity to a human or system
|
|
sponsor without collapsing them into the same principal.
|
|
|
|
## Implementation Sketch
|
|
|
|
1. Define agent identity type in IAM Profile or equivalent registry.
|
|
2. Bind agent to sponsor, purpose, tenant, allowed tools, and TTL.
|
|
3. Issue scoped credentials or certificates for agent activity.
|
|
4. Require flex-auth to evaluate agent context separately.
|
|
5. Emit audit events with both sponsor and agent ids.
|
|
6. Support revocation by agent, sponsor, tenant, and task.
|
|
|
|
## Failure Modes
|
|
|
|
| Failure | Mitigation |
|
|
| --- | --- |
|
|
| Agent uses human token directly | require separate agent credentials |
|
|
| Audit only records sponsor | include agent id and tool/action metadata |
|
|
| Agent keeps broad long-lived access | enforce TTL and purpose-bound scopes |
|
|
| Tenant cannot revoke delegated agent | support tenant-scoped revocation controls |
|
|
|
|
## Related Capabilities
|
|
|
|
- Agent access control.
|
|
- Identity and user management.
|
|
- Authorization and access control.
|
|
- Observability, detection, and audit.
|
|
|
|
## Maturity
|
|
|
|
Draft. The need is explicit in the platform direction; detailed IAM
|
|
Profile claim shape and ops integration are still open.
|
|
|
|
## Verification
|
|
|
|
- Agent events are distinguishable from human events.
|
|
- Revoking the agent does not require disabling the sponsor.
|
|
- flex-auth decisions include agent context.
|
|
- Agent credentials have explicit scope and TTL.
|
|
|
|
## Research Basis
|
|
|
|
Seeded by agent access control, human/agent identity split,
|
|
time-boxed privilege elevation, and auditability requirements.
|
|
|
|
## References
|
|
|
|
- Initial exploration: Authorization and access control.
|
|
- Initial exploration: Identity and access patterns.
|