Episode 197 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Defining the AI Agent Taxonomy

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Danny Zollner, Identity Standards Architect @ Okta

Channels

• Linkedin Event
• Youtube Video

Description

There are so many unanswered questions about the critical challenge of agentic identity: What is an Agent? What is the lifecycle for AI Agents? Is there consensus on the schema and attributes for Agent? Should we differentiate between long-lived and ephemeral agents? Do agents need to register all sub-agents? If the sub-agent shares the subject claim, isn’t that dangerous? What does an agent identity need to have to perform a task? What does the authorizer need to know about it? Or is this agentic identity model totally wrong???

Homework

• Linkedin Article by Danny: Towards a Common Taxonomy of AI Agents
• Diagrid Blog Agent Identity: The Foundational Layer that AI Is Still Missing
• CNCF Blog Cloud native agentic standards
• White Paper A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control

Takeaways

• ⚡ Taxonomy is like a "shared vocabulary". If we can't agree what these over-used English words mean--like "governance", "policy", "agent" and "sub-agent"--we're never going to get anywhere.

• ⚡ If an agent falls in the woods, and no one hears it, does it exist? Danny suggested a persistent identity record as one of the determinative indicators of an agents existence.

• ⚡ RBAC is already straining to scale to address human/workforce access control. Today's entitlement and role-management models are cumbersome, incomplete, and ain't gonna work to control access for gazillions of autonomous software actors.

• ⚡ Agent identity doesn't solve agent authorization. Creating an identity record for an agent is easier than determining what it should be allowed to do safely, dynamically, and with least privilege. And is that narrative even right? Maybe claims of the agent (or the human) won't even matter to determine if an enterprise should allow an action on a resource.

Livestream Audio Archive

here Transcript