Part 2 — For the Developer

Ch. 11 — Identity, Access, and Authorization

How to design agent identity, scope permissions, and enforce access control across systems and users.

Audit trails require identity. Identity requires a clear answer to one question: when the agent acted, who was it? Most agent systems cannot answer that question cleanly. That gap is a compliance failure waiting to be discovered.

A human logging into a system presents credentials. The system records an identity. The audit trail is unambiguous. An agent calling an API does none of that by default. It may be:

Each of these is a different compliance posture. The difference matters to every framework in Part 1.

Platform Agentic

Compliance, governance, and accountability for teams building agentic AI systems.

Access the book — sign in with Google·LinkedIn