{"id":5070,"date":"2026-04-19T11:32:29","date_gmt":"2026-04-19T15:32:29","guid":{"rendered":"https:\/\/www.indigoconsulting.ca\/?p=5070"},"modified":"2026-04-20T17:55:35","modified_gmt":"2026-04-20T21:55:35","slug":"the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance","status":"publish","type":"post","link":"https:\/\/www.indigoconsulting.ca\/fr\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/","title":{"rendered":"Le plan d'action d'entreprise pour l'identit\u00e9 agentique : attestation des charges de travail et gouvernance du cycle de vie"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5070\" class=\"elementor elementor-5070\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d0116af e-flex e-con-boxed e-con e-parent\" data-id=\"d0116af\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-fba6479 e-con-full e-flex e-con e-child\" data-id=\"fba6479\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-aad242a e-con-full e-flex e-con e-child\" data-id=\"aad242a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7a63e04 elementor-widget elementor-widget-text-editor\" data-id=\"7a63e04\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.indigoconsulting.ca\/\"><strong>Home<\/strong><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7572614 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"7572614\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<div class=\"elementor-icon\">\n\t\t\t<i aria-hidden=\"true\" class=\"fas fa-chevron-right\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c101ce elementor-widget elementor-widget-text-editor\" data-id=\"9c101ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.indigoconsulting.ca\/solutions\/resources\/\">Resources<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6939bf elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"c6939bf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<div class=\"elementor-icon\">\n\t\t\t<i aria-hidden=\"true\" class=\"fas fa-chevron-right\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9ac3880 elementor-widget elementor-widget-text-editor\" data-id=\"9ac3880\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The Enterprise Blueprint for Agentic Identity<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da2572f elementor-widget elementor-widget-heading\" data-id=\"da2572f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-44149a6 elementor-widget elementor-widget-text-editor\" data-id=\"44149a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The Identity industry is not starting from scratch. Existing foundational frameworks provide robust and immediately applicable solutions for securing today&#8217;s agents. The best practices of separating concerns, applying least privilege, and ensuring clear audit trails are the bedrock upon which the next generation of agentic systems must be built.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51c39e0 elementor-widget elementor-widget-text-editor\" data-id=\"51c39e0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Apr 20th, 2026<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5d6368 elementor-author-box--layout-image-left elementor-author-box--image-valign-top elementor-widget elementor-widget-author-box\" data-id=\"e5d6368\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-author-box\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/nseigneur\/\" target=\"_blank\" class=\"elementor-author-box__avatar\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/03\/Nicolas-Seigneur-240x300.png\" alt=\"Picture of Nicolas Seigneur\" loading=\"lazy\">\n\t\t\t\t<\/a>\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/nseigneur\/\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tNicolas Seigneur\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Chief Technology Officer<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0679d75 elementor-widget elementor-widget-image\" data-id=\"0679d75\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"2560\" height=\"1350\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg\" class=\"attachment-full size-full wp-image-5071\" alt=\"\" srcset=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg 2560w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--300x158.jpeg 300w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--1024x540.jpeg 1024w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--768x405.jpeg 768w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--1536x810.jpeg 1536w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--2048x1080.jpeg 2048w, https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--18x9.jpeg 18w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d891ec5 e-flex e-con-boxed e-con e-parent\" data-id=\"d891ec5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-e7196ee e-con-full elementor-hidden-tablet elementor-hidden-mobile e-flex e-con e-child\" data-id=\"e7196ee\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;sticky&quot;:&quot;top&quot;,&quot;sticky_offset&quot;:100,&quot;sticky_effects_offset&quot;:100,&quot;sticky_anchor_link_offset&quot;:100,&quot;sticky_parent&quot;:&quot;yes&quot;,&quot;sticky_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;,&quot;mobile&quot;]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f9629d7 elementor-widget elementor-widget-text-editor\" data-id=\"f9629d7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#theproblem\"><b>The Problem Is Not New. The Stakes Are.<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a3d24d5 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"a3d24d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e36a782 elementor-widget elementor-widget-text-editor\" data-id=\"e36a782\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layerone\"><b>Layer One<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4e453f5 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"4e453f5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af68e39 elementor-widget elementor-widget-text-editor\" data-id=\"af68e39\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layertwo\"><b>Layer Two<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e162b8e elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e162b8e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-67f3ddc elementor-widget elementor-widget-text-editor\" data-id=\"67f3ddc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layerthree\"><b>Layer Three<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-85ff943 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"85ff943\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d4a2b4 elementor-widget elementor-widget-text-editor\" data-id=\"4d4a2b4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layerfour\"><b>Layer Four<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a3052a elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"1a3052a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-847b503 elementor-widget elementor-widget-text-editor\" data-id=\"847b503\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layerfive\"><b>Layer Five<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d12889 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5d12889\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b4880dc elementor-widget elementor-widget-text-editor\" data-id=\"b4880dc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layersix\"><b>Layer Six<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ac9666 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"6ac9666\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ebc1c2 elementor-widget elementor-widget-text-editor\" data-id=\"8ebc1c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#layerseven\"><b>Layer Seven<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0dcead elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e0dcead\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1fdc42b elementor-widget elementor-widget-text-editor\" data-id=\"1fdc42b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#demonstrates\"><b>What This Demonstrates and Where the Frontier Lies<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e398c83 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e398c83\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-65e7871 elementor-widget elementor-widget-text-editor\" data-id=\"65e7871\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#building\"><b>Building on Standards, Not Around Them<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb7c16d elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"eb7c16d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-408b4f8 elementor-widget elementor-widget-text-editor\" data-id=\"408b4f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"#summary\"><b>Architecture Summary<\/b><\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-944e615 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"944e615\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aafb53d elementor-widget elementor-widget-text-editor\" data-id=\"aafb53d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h6><a href=\"https:\/\/www.indigoconsulting.ca\/contact\/\" target=\"_blank\" rel=\"noopener\">Contact Us<\/a><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a02a06b e-con-full e-flex e-con e-child\" data-id=\"a02a06b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dbe1fc0 elementor-widget elementor-widget-text-editor\" data-id=\"dbe1fc0\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"theday\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/openid.net\/wp-content\/uploads\/2025\/10\/Identity-Management-for-Agentic-AI.pdf\"><span style=\"font-weight: 400;\">Identity Management for Agentic AI, OpenID Foundation (October 2025)<\/span><\/a><\/p><p><span style=\"font-weight: 400;\">The OpenID Foundation&#8217;s whitepaper on Identity Management for Agentic AI opens with a deceptively simple observation: AI agents are fundamentally different from traditional software. They take autonomous actions, adapt in real-time, and operate across sequences of external tool calls, none of which was anticipated when the industry designed its identity infrastructure around human logins and static service accounts.<\/span><\/p><p><span style=\"font-weight: 400;\">What follows from that observation is a challenge that security and platform teams are only beginning to confront: the identity model we inherited from the era of web applications is not adequate for a world of autonomous agents. Agents need identities that are cryptographically attested, short-lived, enterprise-governed, and lifecycle-managed alongside human users, and not bolted on as an afterthought.<\/span><\/p><p><span style=\"font-weight: 400;\">This post describes a proof-of-concept that builds precisely that system. It integrates SPIFFE\/SPIRE workload attestation, OAuth 2.1 Dynamic Client Registration, RFC 8693 token exchange, enterprise scope policy, and a SCIM 2.0 lifecycle API into a single, coherent identity architecture for Model Context Protocol servers. Every design decision maps to a specific recommendation from the foundational research or addresses a gap the authors identified as critical.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-de57f94 elementor-widget elementor-widget-text-editor\" data-id=\"de57f94\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"theproblem\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>The Problem Is Not New. The Stakes Are.<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1d4f500 elementor-widget elementor-widget-text-editor\" data-id=\"1d4f500\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"whytrad\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Every platform engineer who has provisioned a microservice has faced a version of this problem: how does a machine prove who it is? The traditional answer has been a shared secret: an API key, a client secret, a long-lived token stored in an environment variable, or a secrets manager. That answer has always been uncomfortable, but for stateless services with predictable, bounded behavior, the risk was manageable.<\/span><\/p><p><span style=\"font-weight: 400;\">AI agents change the equation in three ways simultaneously:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7418da8 pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"7418da8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAgents act autonomously\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tUnlike a microservice executing a deterministic function, an agent interprets unstructured input and decides what actions to take at inference time. A single user instruction can generate dozens of API calls across multiple downstream systems. The blast radius of a compromised agent identity is not bounded by the service&#8217;s code; it is bounded only by the permissions the agent holds.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAgents act on behalf of users\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tAn agent accessing a company&#8217;s CRM on a sales representative&#8217;s behalf carries both the agent&#8217;s own permissions and a delegated subset of the user&#8217;s authority. When that agent&#8217;s requests appear indistinguishably from direct user requests in audit logs (which is the current state in most implementations), accountability disappears entirely. To frame this directly: agents often act indistinguishably from users, creating accountability gaps and security risks that demand a move to explicit delegated authority.\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAgents have lifecycles\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThey are provisioned, their entitlements change as organizational roles evolve, and they must be decommissioned, often urgently, in response to a security event. None of the incumbent tooling for service accounts handles this lifecycle with the same rigor enterprises apply to human identities.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-962ab32 elementor-widget elementor-widget-text-editor\" data-id=\"962ab32\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">These represent the most pressing near-term challenges, leading to a clear core recommendation: bring agents into the same standards-based identity infrastructure that governs human users, rather than building bespoke, proprietary alternatives that fragment the ecosystem.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c4b8c07 elementor-widget elementor-widget-text-editor\" data-id=\"c4b8c07\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layerone\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer One: Cryptographic Workload Attestation with SPIFFE\/SPIRE<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58af67a elementor-widget elementor-widget-text-editor\" data-id=\"58af67a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The foundational question in any identity architecture is: what does it mean to trust a client&#8217;s identity claim? For human users, trust is established through authentication: a password, a hardware token, a biometric. For workloads, the analogous mechanism is attestation: proving, through properties of the running environment itself, that a process is what it claims to be.<\/span><\/p><p><span style=\"font-weight: 400;\">Industry guidance explicitly names SPIFFE (Secure Production Identity Framework for Everyone) and its runtime environment SPIRE as the model for workload identity for AI agents:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f609a27 elementor-widget elementor-widget-text-editor\" data-id=\"f609a27\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"font-weight: 400;\">&#8220;By integrating with SPIRE, an AI agent could be provisioned with a short-lived, automatically rotated identity that it can use to mutually authenticate with other services, establishing trust without relying on static, shared secrets like API keys.&#8221;<\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c453581 elementor-widget elementor-widget-text-editor\" data-id=\"c453581\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Our implementation instantiates this model end-to-end. Each application container runs an embedded SPIRE Agent that attests itself to the SPIRE Server using x509pop (X.509 Proof of Possession): the agent presents a TLS certificate signed by an internal CA, and the SPIRE Server validates it against the registered certificate chain for that node. There are no join tokens. There are no static secrets. The CA certificate is the only root of trust, and it is established once at infrastructure setup time, not per-workload.<\/span><\/p><p><span style=\"font-weight: 400;\">Once a node agent has its identity, workloads receive SVIDs (SPIFFE Verifiable Identity Documents) through the SPIFFE Workload API via a gRPC. Private key material is delivered directly to process memory and never written to disk or passed through environment variables. Every workload in the system (the MCP Client, MCP Server, Management API, and SCIM Server) receives a SPIFFE ID following a consistent naming convention:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">spiffe:\/\/spire.indigolabs.ca\/workload\/mcp-client<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">spiffe:\/\/spire.indigolabs.ca\/workload\/mcp-server<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">spiffe:\/\/spire.indigolabs.ca\/workload\/management<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">spiffe:\/\/spire.indigolabs.ca\/workload\/scim-server<\/span><\/li><\/ul><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">The SPIRE Server is configured with a 1-hour X.509 SVID TTL and a 5-minute JWT-SVID TTL. These short lifetimes are the mechanism for limiting blast radius: a leaked X.509 SVID expires in at most 60 minutes; a leaked JWT expires in at most 5 minutes. SPIRE rotates the X.509 SVID automatically at approximately 80% of its lifetime (~48 minutes), and the application layer propagates that rotation to the authorization server without a restart, which is a critical property for production environments.<\/span><\/p><p><span style=\"font-weight: 400;\">This is the Enhanced Service Account model identified as the most viable near-term enterprise pattern for agentic workloads: an agent with an identity token enriched with workload-specific metadata (in this case, a SPIFFE ID encoding the service name, trust domain, and path), issued through a standards-based attestation mechanism, not through a human-mediated provisioning workflow.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eddc57d elementor-widget elementor-widget-text-editor\" data-id=\"eddc57d\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layertwo\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Two: Closing the DCR Anonymity Gap<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8200540 elementor-widget elementor-widget-text-editor\" data-id=\"8200540\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">RFC 7591 (OAuth 2.0 Dynamic Client Registration) is the mechanism by which clients register themselves with an authorization server at runtime. This is exactly the kind of autonomous, self-service onboarding that agent architectures need. The MCP specification mandates DCR as the registration mechanism for MCP clients.<\/span><\/p><p><span style=\"font-weight: 400;\">But there is a pointed concern: unauthenticated DCR endpoints create anonymous clients: entities with OAuth credentials but no verifiable link to a real workload, organization, or accountable party. Mass anonymous registration is a denial-of-service vector, and an unattested <\/span><span style=\"font-weight: 400;\">client_id<\/span><span style=\"font-weight: 400;\"> is a weak foundation for an enterprise security model.<\/span><\/p><p><span style=\"font-weight: 400;\">The solution implemented here bridges DCR and SPIRE directly: the software statement field in the DCR request carries a JWT-SVID (a JWT issued by SPIRE, signed with the SPIRE trust domain&#8217;s EC P-256 private key, and containing the workload&#8217;s SPIFFE ID as the <\/span><span style=\"font-weight: 400;\">sub<\/span><span style=\"font-weight: 400;\"> claim). The authorization server (PingAM) validates this software statement by fetching the SPIRE OIDC Provider&#8217;s JWKS endpoint over HTTPS (<\/span><span style=\"font-weight: 400;\">https:\/\/spire-oidc.docker.internal\/keys<\/span><span style=\"font-weight: 400;\">) and verifying the JWT signature.<\/span><\/p><p><span style=\"font-weight: 400;\">The result is that every DCR request is cryptographically linked to a specific, attested workload. PingAM registers the client with <\/span><span style=\"font-weight: 400;\">private_key_jwt<\/span><span style=\"font-weight: 400;\"> authentication, using the EC public key extracted from the workload&#8217;s X.509 SVID as the registered client JWKS. The client can now authenticate to PingAM by signing JWTs with its SPIRE-issued private key. This key was never written to disk, never passed as an environment variable, and expires in 60 minutes.<\/span><\/p><p><span style=\"font-weight: 400;\">This is a direct implementation of the pattern recommended for robust DCR: clients linked to a verifiable identity assertor, rather than anonymous registrations with no accountability chain.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-333d36b elementor-widget elementor-widget-text-editor\" data-id=\"333d36b\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layerthree\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Three: Zero-Downtime Key Rotation as Operational Reality<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed58237 elementor-widget elementor-widget-text-editor\" data-id=\"ed58237\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">One of the underappreciated properties of short-lived credentials is that they are only as secure as the rotation mechanism. If rotating keys requires a human operator, a deployment pipeline, or a service restart, organizations will extend TTLs to reduce operational burden, and the blast radius reduction evaporates.<\/span><\/p><p><span style=\"font-weight: 400;\">The implementation addresses this directly. After DCR, each workload starts a SVID polling loop that checks the certificate fingerprint every 30 seconds. When SPIRE issues a new SVID (at ~48 minutes for a 1-hour TTL), the fingerprint changes. The application detects the change, extracts the new EC public key from the fresh X.509 SVID, fetches a new JWT-SVID for use as a renewed software statement, and issues an RFC 7592 PUT to the <\/span><span style=\"font-weight: 400;\">registration_client_uri<\/span><span style=\"font-weight: 400;\">, all without restarting the process or interrupting in-flight requests.<\/span><\/p><p><span style=\"font-weight: 400;\">This is not a theoretical capability. It has operated continuously throughout the development of this POC, rotating keys dozens of times without a single failed request.<\/span><\/p><p><span style=\"font-weight: 400;\">The properties this delivers align directly with discussions of credential lifecycles in agentic systems:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0afa6bf pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"0afa6bf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNo operator involvement\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe rotation is fully autonomous.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNo secrets ever at rest\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tPrivate key material lives only in process memory for the SVID&#8217;s lifetime.\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tShort, bounded blast radius\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tA compromised key expires within the SVID TTL; the polling loop propagates the revocation to the authorization server within 30 seconds of SPIRE issuing the replacement.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-078f1a6 elementor-widget elementor-widget-text-editor\" data-id=\"078f1a6\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layerfour\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Four: Enterprise Policy at the Authorization Layer<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6241e93 elementor-widget elementor-widget-text-editor\" data-id=\"6241e93\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Significant attention must be dedicated to the principle of least privilege, calling it especially critical when deploying AI agents given their non-deterministic nature. The concern is straightforward: an agent that holds broader permissions than the task requires amplifies the consequences of any misuse or compromise.<\/span><\/p><p><span style=\"font-weight: 400;\">The standard mechanism for scoping agent access is OAuth 2.0 scopes. But scopes are only as meaningful as the policy that governs their issuance. An agent that can request arbitrary scopes and receive them has no effective scope constraint at all.<\/span><\/p><p><span style=\"font-weight: 400;\">This implementation enforces scope policy at the authorization server, not at the client or resource server. PingAM runs an Access Token Modification Script that fires on every token issuance. The script queries PingDS (the LDAP directory) for the user&#8217;s group memberships and strips any MCP scope not earned by those memberships before the token is returned.<\/span><\/p><p><span style=\"font-weight: 400;\">The mapping is explicit and auditable:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c86cb6b pp-table-center elementor-widget elementor-widget-pp-table\" data-id=\"c86cb6b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;table_type&quot;:&quot;responsive&quot;,&quot;scrollable&quot;:&quot;no&quot;}\" data-widget_type=\"pp-table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-table-container\">\n\t\t\t<table \n\t\t\tclass=\"pp-table tablesaw\" data-tablesaw-mode=\"stack\"\t\t\t\t>\n\t\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t\t<col\n\t\t\t\t\tspan=\"1\"\n\t\t\t\t\tclass=\"elementor-repeater-item-9134a79\"\n\t\t\t\t\t\t\t\t\t\t\tstyle=\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\n\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\t<\/colgroup>\n\t\t\t\t\t\t<thead>\n\t\t\t\t<tr class=\"pp-table-row\">\n\t\t\t\t\t<th class=\"pp-table-cell pp-table-cell-e688f37\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">LDAP Group<\/span><\/span><\/th><th class=\"pp-table-cell pp-table-cell-325d6c9\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">MCP Scope Granted<\/span><\/span><\/th>\t\t\t\t<\/tr>\n\t\t\t<\/thead>\n\t\t\t\t\t<tfoot>\n\t\t\t<\/tr>\t\t<\/tfoot>\n\t\t\t\t<tbody>\n\t\t\t<tr ><td class=\"pp-table-cell pp-table-cell-02c685d\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Engineering<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-7fbde87\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">mcp.engineering\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-f00a0e5\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Sales<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b820ca4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">mcp.sales\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e4eb22c\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Leadership<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-e532186\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">mcp.leadership\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e979ad7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">HR\n<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-d4bce3b\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">mcp.hr\n\n\n<\/span><\/span><\/td><\/tr>\t\t<\/tbody>\n\t\t\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f3318f elementor-widget elementor-widget-text-editor\" data-id=\"2f3318f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">A user in the Sales group who requests <\/span><span style=\"font-weight: 400;\">mcp.engineering<\/span><span style=\"font-weight: 400;\"> receives a token with that scope stripped. The client cannot circumvent this, as the filtering happens server-side, inside the authorization server, before the token is issued. This is the separation of the Policy Enforcement Point (PingAM token endpoint) from the business logic that industry experts recommend, referencing NIST SP 800-162 as the architectural model.<\/span><\/p><p><span style=\"font-weight: 400;\">The MCP Server then validates scopes on every incoming request as a second line of defense. The scope enforcement at the authorization server ensures the token cannot carry unauthorized scopes; the enforcement at the resource server ensures the resource cannot be accessed without the correct scope even if somehow a token arrived with unexpected claims.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79ebd11 elementor-widget elementor-widget-text-editor\" data-id=\"79ebd11\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layerfive\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Five: True Delegation Over Impersonation<\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d1b6b83 elementor-widget elementor-widget-text-editor\" data-id=\"d1b6b83\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"Architecture\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">One of the most consequential architectural choices in any agentic system is how the agent represents its authority when acting on behalf of a user. The naive implementation is impersonation: the agent holds the user&#8217;s access token and presents it directly to downstream systems. This is what analysts call the accountability gap where the downstream service cannot distinguish the agent&#8217;s actions from the user&#8217;s.<\/span><\/p><p><span style=\"font-weight: 400;\">The alternative is explicit delegation, and the MCP ext-auth specification provides the protocol mechanism for it. This is framed as the critical shift from a security posture perspective:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-376306a elementor-widget elementor-widget-text-editor\" data-id=\"376306a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"font-weight: 400;\">&#8220;True delegation requires explicit &#8216;on-behalf-of&#8217; flows where agents prove their delegated scope while remaining identifiable as distinct from the user they represent.&#8221;<\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e04168 elementor-widget elementor-widget-text-editor\" data-id=\"2e04168\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The implemented ext-auth flow achieves this through a two-step RFC 8693 token exchange chain:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-12eef17 pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"12eef17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2022\/10\/fingerprint.svg\" alt=\"fingerprint\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tStep 1: Identity Binding. \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe MCP Client presents the user&#8217;s OIDC ID Token to PingAM&#8217;s token endpoint and requests an ID-JAG (Intermediate Agent Grant). Critically, this request is authenticated with a Private Key JWT signed using the SPIRE SVID, the agent&#8217;s cryptographic workload identity. The resulting ID-JAG carries the user&#8217;s identity, but is issued to a client that has proven, through SPIRE attestation, that it is the specific workload authorized to perform this exchange.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/01\/permission-management.png\" alt=\"permission-management\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tStep 2: Scope-Filtered Access Token.\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe MCP Client presents the ID-JAG to request a final MCP Access Token. At this point, PingAM&#8217;s Access Token Modification Script fires, filtering the requested scopes against the user&#8217;s LDAP group membership. The returned token carries both the user&#8217;s identity and the filtered scope set. Neither can be escalated by the client.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2025\/10\/agile.png\" alt=\"agile icon\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tStep 3: Attested Tool Call.\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe MCP Server receives the access token as a Bearer credential, validates it against PingAM&#8217;s JWKS endpoint, and enforces scope-based access control before executing any tool.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a7f300 elementor-widget elementor-widget-text-editor\" data-id=\"1a7f300\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">What makes this delegation rather than impersonation is the audit trail embedded in the token itself. The <\/span><span style=\"font-weight: 400;\">act<\/span><span style=\"font-weight: 400;\"> claim in the final access token records the agent as the acting party, while the <\/span><span style=\"font-weight: 400;\">sub<\/span><span style=\"font-weight: 400;\"> claim carries the user who delegated authority. Any downstream system that logs the token claims gets an unambiguous record of who authorized the action and which agent instance performed it, closing the accountability gap identified as endemic in current agent deployments.<\/span><\/p><p><span style=\"font-weight: 400;\">One practical note on implementation: the ext-auth specification prescribes an RFC 7523 JWT Bearer grant for Step 2. PingAM does not honor the RFC 8693 <\/span><span style=\"font-weight: 400;\">audience<\/span><span style=\"font-weight: 400;\"> parameter during ID token exchange; it sets <\/span><span style=\"font-weight: 400;\">aud=client_id<\/span><span style=\"font-weight: 400;\"> per OIDC conventions rather than <\/span><span style=\"font-weight: 400;\">aud=token_endpoint_url<\/span><span style=\"font-weight: 400;\"> as required by the JWT Bearer validator. We work around this by using a second token exchange rather than a jwt-bearer grant. This is a PingAM-specific constraint; an IdP that correctly implements the <\/span><span style=\"font-weight: 400;\">audience<\/span><span style=\"font-weight: 400;\"> parameter would enable the spec-prescribed flow without client code changes.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-37b5390 elementor-widget elementor-widget-text-editor\" data-id=\"37b5390\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layersix\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Six: SCIM as the Enterprise Governance Layer for Agentic Identities<\/h2><p><span style=\"font-weight: 400;\">A dedicated focus must be placed on SSO and provisioning, with a pointed conclusion:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34db45b elementor-widget elementor-widget-text-editor\" data-id=\"34db45b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"font-weight: 400;\">&#8220;The System for Cross-domain Identity Management (SCIM) protocol is the standard for automating user lifecycle management. This same lifecycle management is equally critical for the agents themselves, which require formal processes for creation, permissioning, and eventual decommissioning.&#8221;<\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b088b3 elementor-widget elementor-widget-text-editor\" data-id=\"5b088b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The experimental SCIM Agentic Identity Schema Draft is highly relevant as the mechanism for bringing agents into the same provisioning model as human users. Our implementation builds a production-pattern SCIM 2.0 server that implements this model concretely.<\/span><\/p><p><span style=\"font-weight: 400;\">The <\/span><span style=\"font-weight: 400;\">AgenticIdentity<\/span><span style=\"font-weight: 400;\"> resource type uses the schema URN <\/span><span style=\"font-weight: 400;\">urn:ietf:params:scim:schemas:core:2.0:AgenticIdentity<\/span><span style=\"font-weight: 400;\">. Its attributes are purpose-built for the unique governance needs of workload identities:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9380c5c pp-table-center elementor-widget elementor-widget-pp-table\" data-id=\"9380c5c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;table_type&quot;:&quot;responsive&quot;,&quot;scrollable&quot;:&quot;no&quot;}\" data-widget_type=\"pp-table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-table-container\">\n\t\t\t<table \n\t\t\tclass=\"pp-table tablesaw\" data-tablesaw-mode=\"stack\"\t\t\t\t>\n\t\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t\t<col\n\t\t\t\t\tspan=\"1\"\n\t\t\t\t\tclass=\"elementor-repeater-item-9134a79\"\n\t\t\t\t\t\t\t\t\t\t\tstyle=\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\n\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\t<\/colgroup>\n\t\t\t\t\t\t<thead>\n\t\t\t\t<tr class=\"pp-table-row\">\n\t\t\t\t\t<th class=\"pp-table-cell pp-table-cell-e688f37\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Attribute<\/span><\/span><\/th><th class=\"pp-table-cell pp-table-cell-325d6c9\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Purpose<\/span><\/span><\/th>\t\t\t\t<\/tr>\n\t\t\t<\/thead>\n\t\t\t\t\t<tfoot>\n\t\t\t<\/tr>\t\t<\/tfoot>\n\t\t\t\t<tbody>\n\t\t\t<tr ><td class=\"pp-table-cell pp-table-cell-02c685d\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">displayName<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-7fbde87\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Human-readable identifier for the agent\n\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-f00a0e5\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">spiffeId<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b820ca4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">SPIFFE URI linking the SCIM record to the SPIRE workload entry\n\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e4eb22c\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">spireEntryId<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-e532186\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Internal SPIRE entry UUID, used for deprovisioning\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-8243b78\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">oAuthClientIdentifiers<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-d4bce3b\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Array of OAuth2 client registrations associated with this identity\n\n\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-bde08f4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">entitlements<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b4963b0\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Scope claims or permission tags governing the agent's access\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e979ad7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">owners<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-14527f4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Human stakeholders accountable for this agent's behavior\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-4429eb7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">active<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-f2878fe\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Whether the agent is currently authorized to operate<\/span><\/span><\/td><\/tr>\t\t<\/tbody>\n\t\t\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd08df5 elementor-widget elementor-widget-text-editor\" data-id=\"cd08df5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The SCIM server implements the full RFC 7644 protocol surface for <\/span><span style=\"font-weight: 400;\">AgenticIdentity<\/span><span style=\"font-weight: 400;\"> resources (list, get, create, patch, and delete) and also proxies standard Users and Groups operations through to the LDAP directory. This gives enterprise administrators a single SCIM endpoint for managing both human and non-human identities, using the same tooling and governance workflows.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2bbda8a elementor-widget elementor-widget-text-editor\" data-id=\"2bbda8a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>Provisioning: One API Call to Create a Workload Identity<\/h3><p><span style=\"font-weight: 400;\">When a <\/span><span style=\"font-weight: 400;\">POST \/scim\/v2\/AgenticIdentities<\/span><span style=\"font-weight: 400;\"> request arrives, the SCIM Server does more than record the data. It calls the SPIRE Server&#8217;s gRPC API directly using the <\/span><span style=\"font-weight: 400;\">BatchCreateEntry<\/span><span style=\"font-weight: 400;\"> method to register a workload entry with a deterministic SPIFFE ID derived from the SCIM record&#8217;s UUID:<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">spiffe:\/\/spire.indigolabs.ca\/workload\/agentic\/{uuid}<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">The response to the API caller includes the assigned <\/span><span style=\"font-weight: 400;\">spiffeId<\/span><span style=\"font-weight: 400;\"> and confirms that the workload is now authorized to receive SVIDs from SPIRE. In a single API call, an operator has provisioned a cryptographic workload identity. There are no manual SPIRE CLI commands, no operator-mediated key generation, and no static secrets to distribute.<\/span><\/p><p><span style=\"font-weight: 400;\">This is the integration described as essential for scalable agentic identity management: SCIM as the provisioning trigger, with downstream identity systems (SPIRE, the OAuth2 provider, the LDAP directory) updated automatically.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e21d44 elementor-widget elementor-widget-text-editor\" data-id=\"2e21d44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>Deprovisioning: The Cascade That Matters<\/h3><p><span style=\"font-weight: 400;\">Deprovisioning is not an afterthought; it is a foundational pillar of safety:<\/span><\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-39ffe1e elementor-widget elementor-widget-text-editor\" data-id=\"39ffe1e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"font-weight: 400;\">&#8220;A compromised agent identity that is merely &#8216;revoked&#8217; may retain its underlying registration and trust relationships, representing a dormant but persistent threat. De-provisioning is the ultimate response to a compromise or end-of-life event.&#8221;<\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-44fdc64 elementor-widget elementor-widget-text-editor\" data-id=\"44fdc64\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The <\/span><span style=\"font-weight: 400;\">DELETE \/scim\/v2\/AgenticIdentities\/:id<\/span><span style=\"font-weight: 400;\"> endpoint implements a full five-step deprovision cascade:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f11b6bc pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"f11b6bc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tSPIRE entry deleted via gRPC BatchDeleteEntry, meaning the workload can no longer attest and cannot receive a new SVID.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tLDAP group memberships removed from PingDS so the scope entitlements derived from group membership are immediately revoked.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tOAuth2 clients deleted from PingAM via the DCR registration endpoint, rendering existing client_id credentials invalid.\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tRecord tombstoned in SQLite (marked deprovisioned=1 with a timestamp; never hard-deleted to preserve the audit trail).\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tAudit log written with the full list of completed actions and an optional reason string.\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-768e1bf elementor-widget elementor-widget-text-editor\" data-id=\"768e1bf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">This cascade triggered by a single SCIM DELETE ensures that deprovisioning an agentic identity is complete, irreversible, and auditable. The SPIRE workload cannot attest. The OAuth2 client cannot authenticate. The scope entitlements are gone. Every action is recorded. This is the formal de-provisioning signal that must propagate across all integrated systems when an agent is decommissioned.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a22b94e elementor-widget elementor-widget-text-editor\" data-id=\"a22b94e\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"layerseven\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Layer Seven: Deterministic Infrastructure with No Operational Escape Hatches<\/h2><p><span style=\"font-weight: 400;\">A thought leadership argument about identity architecture is only credible if the system actually runs without human shortcuts. One of the most common failure modes in zero-trust deployments is the presence of &#8220;escape hatches&#8221; like manual certificate injection, hard-coded bootstrap credentials, or one-time setup scripts that never get cleaned up.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">The entire system runs from a single <\/span><span style=\"font-weight: 400;\">docker compose up<\/span><span style=\"font-weight: 400;\"> command, with no external orchestration, no manual steps, and no operator-provided secrets. Startup ordering is enforced through <\/span><span style=\"font-weight: 400;\">depends_on<\/span><span style=\"font-weight: 400;\"> health checks that are deterministic, not timing-based. The <\/span><span style=\"font-weight: 400;\">cert-init<\/span><span style=\"font-weight: 400;\"> container generates all TLS certificates; <\/span><span style=\"font-weight: 400;\">spire-init<\/span><span style=\"font-weight: 400;\"> registers all node and workload entries; application containers start only after both have completed successfully. The <\/span><span style=\"font-weight: 400;\">certs-data<\/span><span style=\"font-weight: 400;\"> Docker volume is the single root of trust.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">This matters beyond operational convenience. An architecture that requires a human to &#8220;just quickly run this script&#8221; in a specific order has a security model that depends on that sequence being followed correctly every time. The Docker Compose model makes the trust chain explicit, reproducible, and auditable. This is precisely what is meant by automating agent lifecycle management rather than tightly coupling it to human workflow.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">At startup, the SCIM Server also seeds SCIM records for the four pre-configured workloads that SPIRE already knows about: MCP Client, MCP Server, Management API, and SCIM Server itself. This means the Management UI&#8217;s identity management view is accurate from the first request, not populated on demand. Operational state is consistent from boot.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82cd789 elementor-widget elementor-widget-text-editor\" data-id=\"82cd789\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"demonstrates\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>What This Demonstrates and Where the Frontier Lies<\/h2><p><span style=\"font-weight: 400;\">There is a clear line between what existing standards solve well and what remains genuinely unsolved. Understanding where this implementation falls on each side of that line is essential for evaluating its relevance.<\/span><\/p><p>\u00a0<\/p><h5><strong>What This POC Proves Today<\/strong><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e88bb46 pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"e88bb46\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAutonomous bootstrap with no human-touched secrets. \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tFrom infrastructure initialization to a fully authenticated MCP tool call, no human provides a secret to any agent. The SPIFFE\/SPIRE attestation chain is the only authority.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tOAuth 2.1 compliance as a practical floor\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tEvery token operation uses current best practices: PKCE, private_key_jwt client authentication, RFC 8693 token exchange, RFC 9728 Protected Resource Metadata. The call to implement open frameworks like OAuth 2.1 for authentication rather than custom mechanisms is the baseline, not the aspiration.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tTrue delegation with an auditable identity chain\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe ext-auth flow produces tokens where agent and user are distinct, identifiable parties, enabling the audit trail that is foundational for trustworthy autonomous systems.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSCIM-driven lifecycle with cascading deprovision\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tThe agentic identity lifecycle is governed by the same provisioning protocol as human users, with a deprovisioning cascade that propagates across SPIRE, the OAuth2 provider, and the LDAP directory in a single API call.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-icon pp-icon \">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-dot-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tLeast privilege enforced at the authorization server. \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tScope entitlements derive from LDAP group membership and are filtered server-side at every token issuance, not negotiated between the client and the resource.\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b512dd0 elementor-widget elementor-widget-text-editor\" data-id=\"b512dd0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>Where the Research Identifies Unsolved Problems<\/h3><p><span style=\"font-weight: 400;\">Current frameworks, including this implementation, do not yet solve everything:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a3d8a8f pp-info-list-icon-left pp-info-list-icon-vertical-middle elementor-widget elementor-widget-pp-info-list\" data-id=\"a3d8a8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"pp-info-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-info-list-container pp-list-container\">\n\t\t\t<ul class=\"pp-list-items\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2025\/10\/log-in.png\" alt=\"log-in icon\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tScope attenuation in recursive delegation chains\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\t When agents spawn sub-agents across trust domains, OAuth 2.0 Token Exchange provides a centralized mechanism for down-scoping. For truly decentralized, dynamic agent networks, capability-based token formats like Biscuits and Macaroons, tokens that allow offline attenuation without contacting a central authorization server, represent an active research area.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2025\/10\/agile.png\" alt=\"agile icon\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tCross-domain federation.\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tSPIFFE\/SPIRE works within a controlled infrastructure. The SPIFFE\/SPIRE model fundamentally relies on knowledge and control of that infrastructure. When agents must operate across organizational boundaries where no shared infrastructure exists, a different trust fabric is required, such as OpenID Federation, Verifiable Credentials, or the emerging OIDC for Agents proposals.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2025\/09\/Proactive-optimization.svg\" alt=\"Proactive optimization\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tScalable human governance and consent fatigue\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tA looming problem exists of users facing thousands of authorization prompts as agents proliferate. The proposed solution (policy-as-code for agent authorization, risk-based dynamic authorization, CIBA for out-of-band approval) is not implemented in this POC. It is the natural next layer above what we have built.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li class=\"pp-info-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-item-inner\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-icon-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"pp-info-list-image \"><img decoding=\"async\" src=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2025\/09\/Multi-vendor-expertise.svg\" alt=\"Multi-vendor expertise\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-infolist-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAgent behavior identity\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"pp-info-list-description\">\n\t\t\t\t\t\t\t\t\t\t\t\tAgent identity must eventually be enriched with metadata about the underlying model, version, and capabilities to enable risk-based access control; not just what the workload is, but how it behaves. This is beyond the current state of any standard.\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f67e9c building elementor-widget elementor-widget-text-editor\" data-id=\"1f67e9c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Building on Standards, Not Around Them<\/h2><p><span style=\"font-weight: 400;\">The prevailing guidance concludes with a call to action directed at two groups. For developers and architects: build on the secure foundation of existing standards while designing systems with the flexibility to incorporate emerging models of delegated authority. For enterprises: begin treating agents as first-class citizens within IAM infrastructure and establish robust lifecycle management.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">This implementation is a response to both. It demonstrates that the existing standards (SPIFFE\/SPIRE, RFC 7591 DCR, RFC 7592 client management, RFC 8693 token exchange, RFC 7644 SCIM) are sufficient to build a production-pattern identity architecture for AI agents today, within a single trust domain, without any proprietary extensions or vendor lock-in.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">The system is entirely composed of open-source components and IETF\/W3C standards. SPIRE is CNCF-graduated. PingAM and PingDS can be replaced with any OAuth 2.0\/OIDC-compliant authorization server and LDAP directory. The SCIM server is a custom implementation, but it speaks a standard protocol that every major IAM vendor already supports.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-weight: 400;\">The enterprise that begins building agentic identity infrastructure on these standards today is making a durable investment. The enterprise that builds it on a proprietary service account model, or does not build it at all, letting agents run with hardcoded API keys, is accumulating identity debt that will compound with every agent it deploys.<\/span><\/p><p><span style=\"font-weight: 400;\">Agent identity fragmentation is a major risk to avoid: &#8220;Vendors could develop proprietary agentic identity systems, which would reduce developer velocity by forcing repeated one-off integrations and compromise security by creating multiple security models.&#8221; The alternative of convergence on workload attestation, OAuth 2.1 for authorization, and SCIM for lifecycle management is not a future aspiration. It is an architecture that runs today.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ba1f19d elementor-widget elementor-widget-text-editor\" data-id=\"ba1f19d\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"summary\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>Architecture Summary<\/b><\/h2><p><span style=\"font-weight: 400;\">The following table maps each component of the system to the standard it implements and the recommendation it fulfills:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0eadfa pp-table-center elementor-widget elementor-widget-pp-table\" data-id=\"d0eadfa\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;table_type&quot;:&quot;responsive&quot;,&quot;scrollable&quot;:&quot;no&quot;}\" data-widget_type=\"pp-table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"pp-table-container\">\n\t\t\t<table \n\t\t\tclass=\"pp-table tablesaw\" data-tablesaw-mode=\"stack\"\t\t\t\t>\n\t\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t\t<col\n\t\t\t\t\tspan=\"1\"\n\t\t\t\t\tclass=\"elementor-repeater-item-9134a79\"\n\t\t\t\t\t\t\t\t\t\t\tstyle=\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\n\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t\t<\/colgroup>\n\t\t\t\t\t\t<thead>\n\t\t\t\t<tr class=\"pp-table-row\">\n\t\t\t\t\t<th class=\"pp-table-cell pp-table-cell-e688f37\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Component<\/span><\/span><\/th><th class=\"pp-table-cell pp-table-cell-325d6c9\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Standard<\/span><\/span><\/th><th class=\"pp-table-cell pp-table-cell-534c26f\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Recommendation<\/span><\/span><\/th>\t\t\t\t<\/tr>\n\t\t\t<\/thead>\n\t\t\t\t\t<tfoot>\n\t\t\t<\/tr>\t\t<\/tfoot>\n\t\t\t\t<tbody>\n\t\t\t<tr ><td class=\"pp-table-cell pp-table-cell-02c685d\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">SPIRE workload attestation<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-7fbde87\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">SPIFFE \/ x509pop\n\n<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-f5cd996\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Enhanced Service Account model (\u00a73.1)\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-f00a0e5\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">JWT-SVID software statement in DCR<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b820ca4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7591\n\n<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-2400f03\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Close the DCR anonymity gap (\u00a72.5)\n\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e4eb22c\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">private_key_jwt client auth<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-3231a4c\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7523<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-e532186\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Authenticate all agent interactions (\u00a72.14)<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-8243b78\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Automatic SVID key rotation<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-6cc648b\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7592<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-d4bce3b\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Short-lived credentials, automatic rotation (\u00a72.8)\n\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-bde08f4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">PKCE Authorization Code Flow<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-e1feb51\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7636<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b4963b0\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">OAuth 2.1 best practices (\u00a72.4)\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-e979ad7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">ID Token \u2192 ID-JAG \u2192 MCP Access Token\n<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-d7292a6\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 8693<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-14527f4\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">True delegation over impersonation (\u00a73.2)\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-4429eb7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Group-based scope filtering at issuance<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-f2878fe\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">OAuth 2.1 scopes<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-c75b707\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Least privilege enforcement (\u00a72.6)<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-7b120bd\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">act claim in delegated tokens<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-3d0a48e\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 8693 \u00a74.4<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-eb21bff\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Close the auditability gap (\u00a72.11)<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-124348c\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Protected Resource Metadata<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-017faae\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 9728\n\n<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-87e1f06\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Externalizing authorization to a dedicated AS (\u00a72.4)<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-11dc39e\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">SCIM AgenticIdentity lifecycle<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-37e26b8\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7644<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-f8d51c3\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">SCIM for agent provisioning and governance (\u00a72.9)<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-3e27083\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Deprovision cascade (SPIRE + LDAP + OAuth2)<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-1a36a30\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">RFC 7644 DELETE<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-054a631\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Formal de-provisioning signal (\u00a73.2)\n\n<\/span><\/span><\/td><\/tr><tr ><td class=\"pp-table-cell pp-table-cell-23e5b84\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Audit tombstone with actions log<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-b449ca7\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">IGA best practices<\/span><\/span><\/td><td class=\"pp-table-cell pp-table-cell-696351f\"><span class=\"pp-table-cell-content\"><span class=\"pp-table-cell-text\">Maintain clear audit trails (\u00a72.14)<\/span><\/span><\/td><\/tr>\t\t<\/tbody>\n\t\t\t\t\t<\/table>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-41b4031 elementor-widget elementor-widget-text-editor\" data-id=\"41b4031\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>Further Reading<\/b><\/h2><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/openid.net\/wp-content\/uploads\/2025\/10\/Identity-Management-for-Agentic-AI.pdf\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Identity Management for Agentic AI: OpenID Foundation, October 2025<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/spiffe.io\/docs\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">SPIFFE\/SPIRE documentation<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/oauth.net\/ipsie\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Interoperability Profiling for Secure Identity in the Enterprise (IPSIE)<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc7591\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc7592\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc7523\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc8693\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 8693: OAuth 2.0 Token Exchange<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc7644\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 7644: System for Cross-domain Identity Management: Protocol<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc9728\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">RFC 9728: OAuth 2.0 Protected Resource Metadata<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/github.com\/modelcontextprotocol\/ext-auth\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">EXT-Auth: MCP Authorization Extension<\/span><\/a><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-16cdc52 e-con-full e-flex e-con e-child\" data-id=\"16cdc52\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-dff5201 e-con-full e-flex e-con e-child\" data-id=\"dff5201\" data-element_type=\"container\" data-e-type=\"container\" id=\"contactus\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-d2d0934 e-con-full e-flex e-con e-child\" data-id=\"d2d0934\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-92b2d53 e-con-full e-flex e-con e-child\" data-id=\"92b2d53\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-60182eb e-con-full e-flex e-con e-child\" data-id=\"60182eb\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f63e661 elementor-widget elementor-widget-heading\" data-id=\"f63e661\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Indigo Consulting <br>\nBridging the gap between business strategy and Identity security. Global experts in CIAM, IGA, and Agentic Governance.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f198320 elementor-align-center elementor-invisible elementor-widget elementor-widget-button\" data-id=\"f198320\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/www.indigoconsulting.ca\/fr\/agentic-ai-readiness-assessment\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Start Agentic Readiness Assessment<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The Identity industry is not starting from scratch. Existing foundational frameworks provide robust and immediately applicable solutions for securing today&#8217;s agents. <\/p>","protected":false},"author":22,"featured_media":5071,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[117],"tags":[142],"class_list":["post-5070","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-nhd"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.8 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance - Indigo Consulting<\/title>\n<meta name=\"description\" content=\"Agentic AI Security: A Practitioner&#039;s Risk Framework for the Enterprise. A practical guide to managing and mitigating AI risks at scale\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.indigoconsulting.ca\/fr\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance\" \/>\n<meta property=\"og:description\" content=\"Agentic AI Security: A Practitioner&#039;s Risk Framework for the Enterprise. A practical guide to managing and mitigating AI risks at scale.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.indigoconsulting.ca\/fr\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/\" \/>\n<meta property=\"og:site_name\" content=\"Indigo Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-19T15:32:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-20T21:55:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/03\/Agentic-AI-Security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Osagie Evans\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Osagie Evans\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance - Indigo Consulting","description":"Agentic AI Security: A Practitioner's Risk Framework for the Enterprise. A practical guide to managing and mitigating AI risks at scale","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.indigoconsulting.ca\/fr\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/","og_locale":"fr_CA","og_type":"article","og_title":"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance","og_description":"Agentic AI Security: A Practitioner's Risk Framework for the Enterprise. A practical guide to managing and mitigating AI risks at scale.","og_url":"https:\/\/www.indigoconsulting.ca\/fr\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/","og_site_name":"Indigo Consulting","article_published_time":"2026-04-19T15:32:29+00:00","article_modified_time":"2026-04-20T21:55:35+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/03\/Agentic-AI-Security.jpg","type":"image\/jpeg"}],"author":"Osagie Evans","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Osagie Evans","Est. reading time":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#article","isPartOf":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/"},"author":{"name":"Osagie Evans","@id":"https:\/\/www.indigoconsulting.ca\/#\/schema\/person\/55264c1ffe7bf768db7ebf8b8edfcf3e"},"headline":"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance","datePublished":"2026-04-19T15:32:29+00:00","dateModified":"2026-04-20T21:55:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/"},"wordCount":4106,"publisher":{"@id":"https:\/\/www.indigoconsulting.ca\/#organization"},"image":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg","keywords":["nhd"],"articleSection":["Blog"],"inLanguage":"fr-CA"},{"@type":"WebPage","@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/","url":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/","name":"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance - Indigo Consulting","isPartOf":{"@id":"https:\/\/www.indigoconsulting.ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#primaryimage"},"image":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg","datePublished":"2026-04-19T15:32:29+00:00","dateModified":"2026-04-20T21:55:35+00:00","description":"Agentic AI Security: A Practitioner's Risk Framework for the Enterprise. A practical guide to managing and mitigating AI risks at scale","breadcrumb":{"@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/"]}]},{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#primaryimage","url":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg","contentUrl":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2026\/04\/The-Enterprise-Blueprint--scaled.jpeg","width":2560,"height":1350},{"@type":"BreadcrumbList","@id":"https:\/\/www.indigoconsulting.ca\/blog\/the-enterprise-blueprint-for-agentic-identity-workload-attestation-and-lifecycle-governance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.indigoconsulting.ca\/"},{"@type":"ListItem","position":2,"name":"The Enterprise Blueprint for Agentic Identity: Workload Attestation and Lifecycle Governance"}]},{"@type":"WebSite","@id":"https:\/\/www.indigoconsulting.ca\/#website","url":"https:\/\/www.indigoconsulting.ca\/","name":"Indigo Consulting","description":"A Leading IAM, Compliance, &amp; IT Consultant","publisher":{"@id":"https:\/\/www.indigoconsulting.ca\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.indigoconsulting.ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-CA"},{"@type":"Organization","@id":"https:\/\/www.indigoconsulting.ca\/#organization","name":"Indigo Consulting","url":"https:\/\/www.indigoconsulting.ca\/","logo":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.indigoconsulting.ca\/#\/schema\/logo\/image\/","url":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2020\/03\/logo_indigo.png","contentUrl":"https:\/\/www.indigoconsulting.ca\/wp-content\/uploads\/2020\/03\/logo_indigo.png","width":363,"height":109,"caption":"Indigo Consulting"},"image":{"@id":"https:\/\/www.indigoconsulting.ca\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/indigo-technologies-canada-inc.\/"]},{"@type":"Person","@id":"https:\/\/www.indigoconsulting.ca\/#\/schema\/person\/55264c1ffe7bf768db7ebf8b8edfcf3e","name":"Osagie Evans","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/secure.gravatar.com\/avatar\/176a35a0f7d3a60ef36eb8434ac3c12d19c374aa2f5370a0eda5b94eaeca5792?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/176a35a0f7d3a60ef36eb8434ac3c12d19c374aa2f5370a0eda5b94eaeca5792?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/176a35a0f7d3a60ef36eb8434ac3c12d19c374aa2f5370a0eda5b94eaeca5792?s=96&d=mm&r=g","caption":"Osagie Evans"},"url":"https:\/\/www.indigoconsulting.ca\/fr\/author\/eosagieindigoconsulting-ca\/"}]}},"_links":{"self":[{"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/posts\/5070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/comments?post=5070"}],"version-history":[{"count":0,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/posts\/5070\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/media\/5071"}],"wp:attachment":[{"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/media?parent=5070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/categories?post=5070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.indigoconsulting.ca\/fr\/wp-json\/wp\/v2\/tags?post=5070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}