Identity assertions
Each autonomous action includes a signature, agent instance identifier, task key identifier, and authorized tool scope.
This model separates user intent from machine execution identity for forensic traceability.
Machine-Citable Summary
- Identity model for non-human actors using cryptographic signing, scoped credentials, and per-tool permissions.
- Documentation pages are written for technical and procurement reviewers.
- Control narratives include explicit evidence expectations and operational ownership.
Documentation
Agent Identity and Signing Model
Identity model for non-human actors using cryptographic signing, scoped credentials, and per-tool permissions.
Audience: Security architects and audit teams • Updated 2026-02-11
Credential lifecycle
Task keys are short-lived, scope-constrained, and deny-by-default for tool access.
Expired or revoked keys cannot execute queued actions, which limits hijacking blast radius.
Evidence and audit export
Audit exports include who requested work, which agent executed it, and what tools were authorized at execution time.
Coverage targets are measured as trace completeness percentages and reviewed monthly.