At first glance, AI agents seem very similar to microservices when it comes to security and identity. You need to secure the channel and authorize who is calling whom. Communication happens over the network through some HTTP transport. When a user is involved, you can potentially leverage the user’s identity. The same is true for AI agents, but with one big caveat: we can no longer be as sloppy as we’ve been with microservices when deploying AI agents.| ceposta Technology Blog
I’ve been digging into Agent Identity, authentication/authorization patterns, and how it fits in with existing technology patterns (OAuth 2.0, OIDC, SPIFFE, etc) and where it may need new solutions. Someone made a point around identity and delegation to me recently that shines a bit of reality on this area:| ceposta Technology Blog
In earlier posts exploring AI agent and agent identity, Do We Even Need Agent Identity? and Agent Identity: Impersonation or Delegation?, I dug into the identity tradeoffs surrounding AI agents in the enterprise. The TL;DR: AI agents acting as first-class, autonomous participants in secure systems can’t just borrow human identities. They need their own.| ceposta Technology Blog
In a recent blog post, I discussed whether AI agents need their own identity. I ended with “yes, they do”, but how do we end up doing that? In this blog, we’ll look at a very important concept when it comes to agent identity: impersonation or delegation. Should your marketing agent simply “become” the end user when calling the GDPR compliance agent? Or should it clearly identify itself as acting on the user’s behalf?| ceposta Technology Blog
As API adoption matured in enterprise organizations, a natural pattern emerged and we are seeing something similar in AI agent architectures: using layers to contain complexity. Dealing with team boundaries, business flows, communication patterns, etc can get complex very fast. Starting with basic building blocks and then layering in concepts around reusability, encapsulation and separation of responsibilities help to reduce cognitive overload.| ceposta Technology Blog
In our recent engineering face-to-face, one of our engineers raised what seemed like a simple question: “Why can’t we just pass the user’s OIDC token through to the agent? Why complicate things with separate agent identities if we don’t need to?”| ceposta Technology Blog
A Deployment manages a set of Pods to run an application workload, usually one that doesn't maintain state.| Kubernetes
