Identity & AI Governance Glossary

The process of restricting access to resources, systems, or data based on defined policies. Access control determines who (or what) is allowed to perform specific actions.

The coordination and sequencing of multiple AI agents working in concert to complete complex, multi-step tasks, often involving sub-agent delegation.

An identity provider built natively for the agentic era. Unlike traditional IdPs designed for human-to-app logins, an AIdP secures high-velocity, machine-to-machine interactions with continuous authentication and intent-aware authorization.

The process of cryptographically proving that a system, agent, or workload is operating in a trusted, expected state — often used in hardware-based security (TPMs) and Zero Trust architectures.

The process of determining whether an authenticated identity (human or machine) has permission to perform a requested action. Authorization follows authentication and is governed by access policies.

A type of access token where possession of the token grants access, with no additional verification of the holder. Bearer tokens are high-risk if intercepted and are incompatible with Zero Trust principles for agentic workloads.

A security principle requiring that AI agents operate only within a strictly defined scope of actions, preventing autonomous decision-making outside the intended execution context. Sub-agents must inherit, not expand, the permissions of their parent.

A fine-grained, cryptographically signed credential that grants permission for one specific operation at one specific time. Capability tokens are the foundation of Zero Standing Privilege architectures.

A specialization of IAM focused on managing external customer identities, authentication flows, consent management, and personalization at scale.

An attack in which an adversary injects malicious instructions into the context of an LLM agent, causing it to deviate from its intended behavior. Related to prompt injection but targets the persistent memory or context of multi-turn agents.

The use of public-key cryptography to create tamper-proof, verifiable permission grants. Unlike policy-engine checks alone, cryptographic authorization produces a signed artifact proving the authorization occurred at a specific point in time.

Security controls designed to detect and prevent unauthorized access to or exfiltration of sensitive data. In agentic contexts, DLP must evaluate the semantic intent of agent actions, not just file-level access patterns.

The sequence of trust grants as a parent agent authorizes sub-agents to act on its behalf. Each link in the chain must be cryptographically verifiable and bounded by the principle of least privilege.

The continuous measurement of an agent's behavioral deviation from its authorized baseline. High drift scores indicate an agent is operating outside its intended execution context and may be compromised.

Authorization decisions made in real-time based on current context — the identity, intent, environmental signals, and risk score — rather than a static role or permission set cached at login.

The full set of environmental conditions, user intent, model instructions, and scope constraints under which an agent is authorized to act. INDRA enforces that all agent actions remain cryptographically bound to their originating execution context.

A trust model that allows identity assertions from one domain (an IdP) to be accepted by another domain (a service provider) without requiring separate credentials. Implemented via SAML, OIDC, or WS-Federation.

The original, verifiable goal or instruction provided by a human that initiates an agentic workflow. Preserving and cryptographically anchoring human intent is central to INDRA's authorization model.

A next-generation authorization paradigm that governs access based on the semantic purpose of an action, not just the identity of the requester. Even a correctly-scoped agent is denied if its inferred intent deviates from its authorized execution plan.

A system responsible for creating, maintaining, and managing digital identities. An IdP authenticates users or machines and issues identity assertions (tokens) to service providers. Examples include Okta, Microsoft Entra, and INDRA.

An attack where malicious instructions are embedded in content an agent retrieves from an external source (a web page, document, or API response), causing the agent to execute unintended commands on behalf of an attacker.

A Zero Standing Privilege pattern where credentials and permissions are provisioned only at the moment of need and automatically revoked upon task completion. JIT access eliminates the attack surface of always-on credentials.

A compact, URL-safe token format for representing claims between two parties, signed with HMAC or RSA/ECDSA. JWTs are widely used for API authentication but are typically long-lived, creating risk in agentic environments.

The security principle that any identity — human or machine — should be granted only the minimum permissions necessary to perform its specific task. Least privilege reduces blast radius in the event of a compromise.

An open standard for connecting AI models to external tools and data sources. MCP servers expose capabilities that agents can call, making robust M2M identity controls critical for each interaction.

Communication and authentication between software systems, services, or agents without direct human involvement. M2M identity management requires purpose-built solutions distinct from human SSO flows.

An architecture in which multiple AI agents collaborate, each with specialized capabilities, communicating and delegating tasks to complete complex goals. Multi-agent systems dramatically expand the non-human identity attack surface.

Digital identities assigned to machines, services, APIs, bots, and AI agents rather than people. NHIs now vastly outnumber human identities in enterprise environments and require dedicated governance frameworks.

An open authorization framework that allows third-party applications to obtain limited access to user accounts via delegated token-based access. OAuth 2.0 is widely used but was designed for human-driven consent flows.

An identity layer built on top of OAuth 2.0 that adds authentication to the protocol, allowing clients to verify the identity of end-users. OIDC is the modern standard for federated SSO and is supported by INDRA.

Controls and tooling designed to manage, monitor, and audit access by privileged users and service accounts. Traditional PAM is designed for human administrators; agentic AI requires dynamic, intent-aware extensions.

A runtime system that evaluates access requests against defined rules and conditions to produce an authorization decision. INDRA's edge-native policy engine evaluates decisions in sub-millisecond time.

Any entity (user, service, agent, or device) that can be authenticated and granted permissions within an access control system.

An attack in which adversarial instructions are embedded in user-supplied or retrieved content to override or hijack an LLM's behavior, causing it to perform unintended or malicious actions.

An access control model in which permissions are assigned to roles, and identities are granted roles. RBAC is widely used but lacks the semantic awareness required to govern AI agents whose actions must be evaluated by intent, not just role.

An XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider. SAML 2.0 is the dominant enterprise SSO protocol.

A credential limited to a specific resource, action, or time window. Scoped credentials reduce blast radius by ensuring a compromised token grants access only to the narrow surface it was issued for.

A non-human identity used by applications, services, and agents to authenticate to APIs and resources. Poorly managed service accounts with static, long-lived passwords are among the most exploited vectors in enterprise breaches.

Unauthorized or ungoverned AI tools and agents deployed by employees outside the oversight of IT and security teams. Shadow AI creates blind spots in the identity and data governance posture.

An open-source standard for cryptographically attesting the identity of workloads in dynamic, cloud-native environments using X.509 SVIDs. SPIFFE provides a foundation for zero-trust workload identity.

An authentication scheme that allows a user to log in once and access multiple applications or services with the same session. SSO reduces credential fatigue for humans but is inapplicable to autonomous agents.

An AI agent spawned by a parent agent to perform a specific sub-task. Sub-agents must operate within a bounded scope of delegated permissions and must not be able to acquire privileges exceeding those of their parent agent.

The practice of automatically replacing credentials (API keys, JWTs, session tokens) at regular intervals to limit the window of exposure if a token is compromised.

A defined perimeter within which a consistent set of security policies applies. Zero Trust architectures eliminate implicit trust at network boundaries, requiring verification for every request regardless of origin.

A tamper-evident, cryptographically signed digital credential conforming to W3C standards. Verifiable Credentials enable decentralized, portable identity assertions without relying on a central authority.

IAM controls applied to an organization's employees, contractors, and partners. WIAM is now converging with CIAM and NHI governance as the workforce increasingly includes AI agents and autonomous tools.

A standard format for public key certificates used to authenticate identities in TLS, code signing, and workload identity (e.g. SPIFFE SVIDs). X.509 certificates bind a public key to an identity via a trusted Certificate Authority.

INDRA's foundational security paradigm. Zero Identity asserts that no machine identity should exist in a persistent, always-on state. Every credential is ephemeral, every session is bound to a verified human intent, and every authorization is continuously re-evaluated.

A security model in which no identity — human or machine — holds persistent access rights. All privileges are provisioned just-in-time, scoped to a specific task, and revoked immediately upon completion, eliminating standing attack surfaces.

A security framework defined by NIST SP 800-207 based on the principle "never trust, always verify." Zero Trust requires continuous authentication and authorization for every access request, regardless of network location.

A cryptographic method allowing one party to prove to another that a statement is true without revealing any information beyond the fact of its truth. ZKPs enable privacy-preserving authentication and verifiable computation in agentic systems.