Do Agents Dream of Electric Entitlements?

by

Naomi Duke
in

Darran Rolls, Founder & CTO, Identity Innovation Labs

Last week, June 25th marked the 33rd anniversary of the release of the 1982 SiFi classic Blade Runner.  Ridley Scot’s masterpiece was based on Philip K. Dick’s amazing book Do Androids Dream of Electric Sheep? I want to recognize this seminal point in science fiction history and say that, just as Deckard asked the question “what does it means to be human”, we need to ask the same question “what does it means to be agentic?”, at least from an IAM perspective.

Just like Replicants, agents deserve autonomy, privacy and life-giving security & identity. In the emerging world of MAS (multi agent systems) , we must, as Tyrell Corporation mission statement put it, we must strive to be “more human than human” and address the Agent Identity Dilemma.

The Agent Identity Dilemma

As a lifelong IAM practitioner, I’ve watched identity evolve from the mainframes to the mobile device, to cloud workloads, and now to agents and agent frameworks. These autonomous, code-bound entities—driven by evolving models, with widening MCP capabilities, are rapidly becoming first-class actors in the digital ecosystems. But one question haunts me: do agents dream of electric sheep and electronic entitlement management? Because they should. And we should too.

This came to the front in a recent LinkedIn thread here. I made a somewhat glib reference to the Tyrell Corporations motto “More human than human”.  As timely as that was last week, the key point is here, if we are to avoid creating a colossal agent identity security mess, we need to achieve rapid consensus on the core IAM authorization and relationship model that sits at its center.  Agents, like humans, need autonomy but MUST HAVE a concrete and immutable audit and controls model that includes identity and fine-grained access control.

Today’s IAM systems strive to overlay a concrete subject-action-object entitlement control model. But MAS systems break this model. Consider an AI agent acting on behalf of a user, operating within a host service, accessing a third-party API. Who authorized what? And on whose behalf? What is the identity governance context for those actions? Too often, this gets buried in logs, hidden in tokens, permitted at runtime based on attributes that aged out or leveraged by policies that no business-focused human could make sense of anyway!

Is this the next great IAM cesspit? An emerging tangle of relationships without structure, standards, or governance?  Gee I hope not for all our sake…

Rethinking the Model

So I believe we need to develop and agree upon a new model for agent identity authorization based on:

  1. Service Registration: Every agent must register with an owning governance system.
  2. Distributed Identifier (DID): Each agent receives a globally resolvable, unique identifier – maybe a DID, or something similar
  3. Run-As Relationships: Contains defined links to identities the agent may leverage as a proxy to gain access
  4. Run-On-Behalf-Of Capabilities: Scoped delegation to act on a user’s intent, with context – a context that travels through to logging
  5. Owning System Identity: The entity that created or deployed the agent, ensuring ownership, traceability and governance
  6. Runtime Authorization & Audit: Explicit policies to control fine grained access to external data, resources or “tools” – again somthing that stays ‘linked’ to the access event that it allowed at runtime.

All this fundamentally begins with a well-defined and universally accepted set of relationships and context.  We need a core IAM context model that delivers a known ontology for key agent relationships.  I’m no IAM architect, but it seems to me it should look something like the following.

Agents don’t need dreams, they need reference models—model for access, authority, accountability and governance. These relationships must be enumerable, observable and above all else sustainably governable BY THE BUSINESS. So, if you’re agent-focused or Identity-aware, join the discussion now.  If we fail to define this clearly today, the agent frontier will become the agent IAM nightmare of tomorrow – a nightmare the likes of which we’ve never seen before!