Identity Management
Skill 7: Non-Human Identity and Access Management
The security foundation for the age of autonomous agents.
Overview
Skill 7 represents a critical evolution in security thinking for agentic AI systems. As agents become autonomous actors performing actions on behalf of users and organizations, they must be treated as distinct, verifiable identities with their own credentials, permissions, and audit trails. The era of embedding static API keys in code or treating agents as extensions of user sessions is over.
The Three Sub-Skills
| Sub-Skill | Focus Area | Key Concepts |
|---|---|---|
| 7.1 Service Principals | Establishing unique agent identities | Service principals, identity lifecycle, federation |
| 7.2 Dynamic Credentials | Eliminating static secrets | Dynamic secrets, JIT access, credential rotation |
| 7.3 Least Privilege | Minimum necessary permissions | OAuth scopes, PBAC, granular access control |
7.1 Service Principals and Identity Lifecycle
Service Principal Creation
- Core Principle: Each agent is registered as a distinct identity in the organization's identity provider
- Implementation: Azure AD service principals, AWS IAM roles, Okta OAuth clients
- Benefits: Unique identity enables fine-grained authorization and complete audit trails
Identity Lifecycle Management
- Stages: Creation → Active → Suspended → Decommissioned
- Automation: Infrastructure-as-Code (Terraform, Pulumi) for provisioning
- Compliance: SOC2 (access reviews), ISO 27001 (identity management)
Identity Federation
- Purpose: Enable agents to operate across organizational and cloud boundaries
- Standards: SAML, OIDC, OAuth 2.0 for cross-domain authentication
- Use Cases: Multi-cloud deployments, partner integrations
7.2 Dynamic, Short-Lived Credentials
Dynamic Secret Generation
- Core Principle: Credentials are minted on-demand and expire automatically
- Flow: Agent authenticates → Secrets manager verifies → Time-bound credential issued
- Tools: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
- Benefits: Eliminates long-lived secrets, reduces blast radius
Just-in-Time (JIT) Access
- Core Principle: High-risk credentials only issued after explicit approval
- Implementation: Approval workflows via PagerDuty, Slack, custom systems
- Compliance: PCI-DSS (privileged access), HIPAA (PHI access)
Credential Rotation and Revocation
- Automatic Rotation: Even dynamic credentials are rotated regularly
- Emergency Revocation: Instant invalidation when incidents are detected
- Use Cases: Zero-trust architectures, incident response
7.3 Least Privilege and Scope-Based Access Control
Least Privilege Principle
- Rule: Grant only permissions required for the agent's specific function
- Example: Invoice reader gets READ access only—no WRITE, DELETE, or access to payroll
- Benefits: Reduces attack surface, limits damage from compromised agents
Scope-Based Access Control
- Implementation: OAuth 2.0 tokens with explicit scopes (e.g.,
calendar.read) - Validation: Resource server validates token scopes before allowing access
- Standards: OAuth 2.0, OIDC, SAML with attribute-based access control
Policy-Based Access Control (PBAC)
- Approach: Dynamic authorization based on policies and context
- Engines: Open Policy Agent (OPA), Cedar, Casbin
- Attributes: User role, time of day, resource sensitivity, risk score
Real-World Security Incidents
Static API Key Leak
Scenario: Developer commits AWS keys to public GitHub
Impact: $50,000 in cryptocurrency mining charges
Mitigation: Dynamic credentials from Secrets Manager, least privilege IAM
Compromised Agent Lateral Movement
Scenario: Customer service agent accesses payroll database
Impact: Data breach, regulatory fines, reputational damage
Mitigation: Granular RBAC, scope-based access, behavioral analytics
Success: Zero-Trust Agent Architecture
Implementation: Istio service mesh, mTLS, OPA policy authorization
Outcome: Passed security audit, zero lateral movement in penetration test
Transferable Competencies
Mastering Skill 7 requires proficiency in:
- Identity and Access Management (IAM): Authentication, authorization, lifecycle
- Cryptography: PKI, certificates, tokens, signatures
- Security Protocols: OAuth 2.0, OIDC, SAML, mTLS
- Secrets Management: Vault, key management, credential rotation
- Policy Engineering: ABAC, RBAC, policy languages (Rego, Cedar)
- Zero-Trust Architecture: Continuous verification, assume breach
Common Pitfalls
- Static API keys: Embedding long-lived credentials in code
- Shared credentials: Multiple agents using the same identity
- Over-privileged agents: Granting more permissions than necessary
- No credential rotation: Credentials that never expire
- Weak authentication: Passwords instead of certificates or tokens
- No audit trails: Unable to attribute actions to specific agents
- Ignoring lifecycle: Not decommissioning retired agent identities
- No revocation capability: Unable to instantly revoke compromised credentials
Key Technologies
Identity Providers
- Azure Active Directory (Microsoft cloud)
- AWS IAM (Amazon cloud)
- Okta (cloud-based identity)
- Google Cloud Identity
Secrets Management
- HashiCorp Vault (industry-leading)
- AWS Secrets Manager
- Azure Key Vault
- Google Secret Manager
Policy Engines
- Open Policy Agent (OPA) - cloud-native
- Cedar (Amazon's policy language)
- Casbin (authorization library)
Service Meshes
- Istio (feature-rich, strong security)
- Linkerd (lightweight, Kubernetes-native)
- Consul (service mesh with discovery)
The Bottom Line
Skill 7 is the security foundation for the age of autonomous agents. Non-human identities are not an afterthought—they are first-class security primitives that must be managed with the same rigor as human identities. By implementing service principals, dynamic credentials, and least privilege access control, organizations can build agentic systems that are not only powerful but also secure, auditable, and compliant.
← Back to Nine Skills Framework | Next: Skill 8 - Tool Engineering →