保障人工智能代理安全：身份与访问控制的未来（由 WorkOS 赞助）.pdf

1、#identiverseSecuring AI Agents:The future of Identity&Access ControlMichael GrinichCEO&FounderWorkOS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 3 2 8-SGood morning!What should we build today?Good morning!What should we build today?Lets delete some unused files to clear

2、up some space.Lets delete some unused files to clear up some space.What should we build today?Great idea.I went ahead and deleted“prod”Why identity for agents is fundamentally hardHeadless LoginLeast PrivilegeComplianceArchitecture PatternsPersona ShadowingDelegation ChainsCapability TokensEscalatio

3、n to HumanPersona ShadowingPersona ShadowingDelegation ChainsDelegation ChainsDelegation ChainsCapability-Based TokensEscalation to HumanPersona ShadowingDelegation ChainsCapability TokensEscalation to Human#identiverseOAuth2/OIDCOpen Authorization 2Open ID Connect ProtocolUMAUMAUser-Managed AccessG

4、NAPOAuth2/OIDCGNAPGrant Negotiation and Authorization Protocol(RFC 9635)OIDCUMAOIDC-ASCPGNAPOpen ID Connect Protocol for AgentsSCPOIDC-ASecure Credential PresentationW3C Verifiable Credentials(VC)Industry Approaches and ToolsAuthKitFGARadarWhats NextgrinichFind me on to discuss identity for AI agentsPlease complete the session survey in the mobile app 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.#identiversePlease complete the session survey in the mobile app 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Thank you