惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Visual Studio Blog
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
腾讯CDC
T
Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CERT Recently Published Vulnerability Notes
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
美团技术团队
Cisco Talos Blog
Cisco Talos Blog
C
Cisco Blogs
A
Arctic Wolf
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
L
LINUX DO - 热门话题
爱范儿
爱范儿
GbyAI
GbyAI
The Register - Security
The Register - Security
AWS News Blog
AWS News Blog
MyScale Blog
MyScale Blog
T
Tenable Blog
Hugging Face - Blog
Hugging Face - Blog
A
About on SuperTechFans
Cyberwarzone
Cyberwarzone
量子位
Microsoft Azure Blog
Microsoft Azure Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
B
Blog RSS Feed
小众软件
小众软件
D
Docker
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
AI
AI
SecWiki News
SecWiki News
酷 壳 – CoolShell
酷 壳 – CoolShell
S
Secure Thoughts
N
News | PayPal Newsroom
The Hacker News
The Hacker News
MongoDB | Blog
MongoDB | Blog
Martin Fowler
Martin Fowler
博客园 - 司徒正美
L
Lohrmann on Cybersecurity
Cloudbric
Cloudbric

Cloud Native Computing Foundation

Kepler, re-architected: Improved power accuracy and a community call to action! Dragonfly v2.5.0 is released OTel and mesh-derived metrics: A 2026 reference etcd-operator joins Cozystack with a new v1alpha2 API Security Profiles Operator v1: Stable APIs, Security Hardened, and Shaping Upstream Kubernetes Securing CI/CD for an open source project, part 3: Credentials, verification, and what’s next Building a Cluster-Aware AI Agent with Kubernetes, Argo CD, and GitOps From Awareness to Engineered Accessibility in Open Source Building Jaeger’s ClickHouse backend: 8.6× compression on 10 million spans Telemetry that matters: Designing sustainable, high-impact observability pipelines KubeCon + CloudNativeCon, OpenInfra Summit and PyTorch Conference Unite in China to Scale AI Flipkart Wins CNCF End User Case Study Contest for Kubernetes and Chaos Engineering Scale Expanding CARE: Passing CKS can now extend your CKA certification CNCF and Linux Foundation Education Partner with Udemy to Provide a Unified Cloud Native Training & Certification Opportunity CNCF and SlashData Report Confirms India as One of the Largest Cloud Native Communities with 2.25 Million Developers CNCF Welcomes New Silver Members as Global Demand for Cloud Native Infrastructure Grows Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Building a cloud native internal developer platform with Kubernetes, GitOps, and supply chain security The Kubernetes integration tax: Prometheus, Cilium and production reality GPU autoscaling on Kubernetes with KEDA: Building an external scaler Three TAG leads walk into the TOC How Jaeger is evolving to trace AI agents with OpenTelemetry Why Kubernetes policy enforcement happens too late—and what to do about it Zero-Downtime migration from ingress NGINX to Envoy Gateway Client Challenge Client Challenge Client Challenge
Agent Auth: A lawyer’s day in court
epower · 2026-06-23 · via Cloud Native Computing Foundation

Posted on June 23, 2026 by Lin Sun, CNCF Ambassador

I’ve always thought about AI agents as microservices+.

They need everything a traditional microservice needs, and:

  • More authentication requirements because an agent may act on behalf of many different users.
  • More policy requirements because an agent’s behavior can be less predictable, requiring guardrails and policy enforcement.
  • More observability requirements, especially around context, prompts, tool calls, and the contents of requests and responses.
A cartoon example of a lawyers day in court, proving his authority to represent his client Alice.

When thinking about agent auth, I found myself reflecting on a traffic lawyer I hired years ago after receiving a traffic ticket for failing to stop for a school bus. It was my first, and so far only, traffic ticket.😅

The experience turned out to be a useful mental model for understanding agent auth.

Imagine a lawyer walking into court to represent Alice.

This is similar to an AI agent receiving a request from Alice and performing actions on her behalf.

The judge first asks the lawyer to prove who he is.

This is agent identity. Before the system can trust an agent, it needs to know exactly which agent is making the request.

Next, the judge asks, “Who are you representing today?”

This is principal identity. The system needs to know not only who the agent is, but also which user the agent is acting for.

The lawyer then presents documentation showing that he is authorized to represent Alice in this specific case.

In agent systems, this is often represented by an On-Behalf-Of (OBO) token or another delegation artifact. The token carries information about:

  • The identity of the principal (Alice)
  • The identity of the agent
  • The delegated permissions
  • The scope of the delegation

At this point, the judge knows three things:

  1. Who the lawyer is
  2. Who the lawyer represents
  3. What authority has been delegated to the lawyer

But that still isn’t enough.

The judge must also verify that the lawyer is allowed to represent Alice in this particular traffic case. This is where policy enforcement comes in.

Having a valid delegation does not automatically grant unlimited access. The requested action must still comply with the applicable policies and scopes.

In a real courtroom, the lawyer and the judge handle most of this complexity. They carry identities, verify credentials, validate representation rights, and enforce the rules of the court.

In an agentic system, we need similar infrastructure.

An agent platform must be able to:

  • Establish strong agent identities
  • Carry principal identities across requests
  • Issue and validate delegation tokens
  • Enforce authorization policies and scopes
  • Provide observability and audit trails for agent actions

This is where an AI native gateway can play an important role.

Rather than requiring every agent to independently implement identity propagation, delegation verification, policy enforcement, and auditing, the agent gateway and mesh can centralize these capabilities. The agent gateway and mesh become the equivalent of the court clerk, bailiff, and records office combined: ensuring identities are verified, delegations are valid, policies are enforced, and actions are auditable.

Combined with existing identity and service-mesh technologies such as SPIFFE, cert-manager, Istio, and agentgateway, we can build an agent platform where agents focus on business logic while the platform handles identity, delegation, policy enforcement, and observability.

The core idea is simple:

A lawyer is not the client.

An agent is not the user.

Both operate with their own identities while acting on behalf of someone else, under a specific delegation and within a defined scope. Agent auth is fundamentally about making that relationship explicit, verifiable, and enforceable.