惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
博客园 - 聂微东
Application and Cybersecurity Blog
Application and Cybersecurity Blog
MyScale Blog
MyScale Blog
罗磊的独立博客
H
Help Net Security
L
LangChain Blog
T
Threat Research - Cisco Blogs
量子位
S
Securelist
Last Week in AI
Last Week in AI
L
Lohrmann on Cybersecurity
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
The Hacker News
The Hacker News
Vercel News
Vercel News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Blog of Author Tim Ferriss
T
Threatpost
Security Latest
Security Latest
P
Palo Alto Networks Blog
Microsoft Security Blog
Microsoft Security Blog
NISL@THU
NISL@THU
F
Full Disclosure
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Heimdal Security Blog
J
Java Code Geeks
Recorded Future
Recorded Future
Hugging Face - Blog
Hugging Face - Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog RSS Feed
月光博客
月光博客
C
Cisco Blogs
V
Visual Studio Blog
D
DataBreaches.Net
H
Hacker News: Front Page
博客园 - 叶小钗
N
News and Events Feed by Topic
爱范儿
爱范儿
A
Arctic Wolf

Cloud Native Computing Foundation

Kepler, re-architected: Improved power accuracy and a community call to action! Dragonfly v2.5.0 is released OTel and mesh-derived metrics: A 2026 reference etcd-operator joins Cozystack with a new v1alpha2 API Security Profiles Operator v1: Stable APIs, Security Hardened, and Shaping Upstream Kubernetes Securing CI/CD for an open source project, part 3: Credentials, verification, and what’s next Building a Cluster-Aware AI Agent with Kubernetes, Argo CD, and GitOps From Awareness to Engineered Accessibility in Open Source Building Jaeger’s ClickHouse backend: 8.6× compression on 10 million spans Telemetry that matters: Designing sustainable, high-impact observability pipelines KubeCon + CloudNativeCon, OpenInfra Summit and PyTorch Conference Unite in China to Scale AI Flipkart Wins CNCF End User Case Study Contest for Kubernetes and Chaos Engineering Scale Expanding CARE: Passing CKS can now extend your CKA certification CNCF and Linux Foundation Education Partner with Udemy to Provide a Unified Cloud Native Training & Certification Opportunity CNCF and SlashData Report Confirms India as One of the Largest Cloud Native Communities with 2.25 Million Developers CNCF Welcomes New Silver Members as Global Demand for Cloud Native Infrastructure Grows Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Client Challenge Building a cloud native internal developer platform with Kubernetes, GitOps, and supply chain security The Kubernetes integration tax: Prometheus, Cilium and production reality GPU autoscaling on Kubernetes with KEDA: Building an external scaler Three TAG leads walk into the TOC How Jaeger is evolving to trace AI agents with OpenTelemetry Why Kubernetes policy enforcement happens too late—and what to do about it Zero-Downtime migration from ingress NGINX to Envoy Gateway Client Challenge Client Challenge Client Challenge
Agent Auth: A lawyer’s day in court
epower · 2026-06-23 · via Cloud Native Computing Foundation

Posted on June 23, 2026 by Lin Sun, CNCF Ambassador

I’ve always thought about AI agents as microservices+.

They need everything a traditional microservice needs, and:

  • More authentication requirements because an agent may act on behalf of many different users.
  • More policy requirements because an agent’s behavior can be less predictable, requiring guardrails and policy enforcement.
  • More observability requirements, especially around context, prompts, tool calls, and the contents of requests and responses.
A cartoon example of a lawyers day in court, proving his authority to represent his client Alice.

When thinking about agent auth, I found myself reflecting on a traffic lawyer I hired years ago after receiving a traffic ticket for failing to stop for a school bus. It was my first, and so far only, traffic ticket.😅

The experience turned out to be a useful mental model for understanding agent auth.

Imagine a lawyer walking into court to represent Alice.

This is similar to an AI agent receiving a request from Alice and performing actions on her behalf.

The judge first asks the lawyer to prove who he is.

This is agent identity. Before the system can trust an agent, it needs to know exactly which agent is making the request.

Next, the judge asks, “Who are you representing today?”

This is principal identity. The system needs to know not only who the agent is, but also which user the agent is acting for.

The lawyer then presents documentation showing that he is authorized to represent Alice in this specific case.

In agent systems, this is often represented by an On-Behalf-Of (OBO) token or another delegation artifact. The token carries information about:

  • The identity of the principal (Alice)
  • The identity of the agent
  • The delegated permissions
  • The scope of the delegation

At this point, the judge knows three things:

  1. Who the lawyer is
  2. Who the lawyer represents
  3. What authority has been delegated to the lawyer

But that still isn’t enough.

The judge must also verify that the lawyer is allowed to represent Alice in this particular traffic case. This is where policy enforcement comes in.

Having a valid delegation does not automatically grant unlimited access. The requested action must still comply with the applicable policies and scopes.

In a real courtroom, the lawyer and the judge handle most of this complexity. They carry identities, verify credentials, validate representation rights, and enforce the rules of the court.

In an agentic system, we need similar infrastructure.

An agent platform must be able to:

  • Establish strong agent identities
  • Carry principal identities across requests
  • Issue and validate delegation tokens
  • Enforce authorization policies and scopes
  • Provide observability and audit trails for agent actions

This is where an AI native gateway can play an important role.

Rather than requiring every agent to independently implement identity propagation, delegation verification, policy enforcement, and auditing, the agent gateway and mesh can centralize these capabilities. The agent gateway and mesh become the equivalent of the court clerk, bailiff, and records office combined: ensuring identities are verified, delegations are valid, policies are enforced, and actions are auditable.

Combined with existing identity and service-mesh technologies such as SPIFFE, cert-manager, Istio, and agentgateway, we can build an agent platform where agents focus on business logic while the platform handles identity, delegation, policy enforcement, and observability.

The core idea is simple:

A lawyer is not the client.

An agent is not the user.

Both operate with their own identities while acting on behalf of someone else, under a specific delegation and within a defined scope. Agent auth is fundamentally about making that relationship explicit, verifiable, and enforceable.