Part 2 — For the Developer
Ch. 11 — Identity, Access, and Authorization
How to design agent identity, scope permissions, and enforce access control across systems and users.
Audit trails require identity. Identity requires a clear answer to one question: when the agent acted, who was it? Most agent systems cannot answer that question cleanly. That gap is a compliance failure waiting to be discovered.
A human logging into a system presents credentials. The system records an identity. The audit trail is unambiguous. An agent calling an API does none of that by default. It may be:
Each of these is a different compliance posture. The difference matters to every framework in Part 1.
Platform Agentic
Compliance, governance, and accountability for teams building agentic AI systems.