AIgentic Identity Glossary

A

Actor Attribit-ID Category: The superset of all entities operating within an enterprise system: human, application, or AIgentic. Identity defines the subcategories. Traditional IAM operated on a two-category model (humans and applications); the emergence of autonomous AI agents requires a third: the AIgentic actor.
Actor Identity Lifecycle Attribit-ID Concept: The full lifecycle of an actor's identity: provisioning, scoping, delegation, audit, and revocation. Governing this lifecycle explicitly, rather than allowing identity to be inherited from a human principal by default, is the foundational discipline of AIgentic identity governance.
Agentlet Attribit-ID Noun: A spawned AIgentic actor: subordinate, purpose-specific, and analogous to a thread or daemon in traditional computing. An orchestrator agent that spawns three Agentlets to complete a task creates four distinct principals, each requiring their own identity and explicit scope. Without governance, all four run on inherited permissions from the original human principal.
AIgentic Attribit-ID Adjective: Describes systems, actors, or architectures that operate autonomously using AI agents. Replaces "agentic AI" as the correct adjective across all Attribit-ID writing and usage. An AIgentic actor is an autonomous agent; an AIgentic system is one in which such actors operate; AIgentic governance is the discipline of controlling them.
ABAC NIST Model: Attribute-Based Access Control. An access control model in which authorization decisions are made by evaluating attributes of the subject, the resource, the requested action, and the environment against policy rules. More expressive than RBAC and better suited to the dynamic, context-sensitive access decisions that AIgentic systems require. More complex to administer at scale.
Authentication NIST Concept: The process of verifying that a subject controls the credentials it claims. Authentication answers one question: is this entity who it says it is? It does not determine what the entity is permitted to do; that is authorization.
Authorization NIST Concept: The determination of what an authenticated principal is permitted to do. Authorization policy is where least privilege is enforced and where most AIgentic identity failures occur: agents inherit human authorization rather than operating under explicitly scoped permissions of their own.

C

Credential NIST Noun: The binding between an identity and an authenticator: the object or data a subject presents to prove it holds a claimed identity. A password is a credential. A certificate is a credential. A short-lived workload token is a credential. The security posture of an identity program is only as strong as the credentials it issues and the process by which it issues them.
CAG Industry Concept: Cache-Augmented Generation. An alternative to RAG in which the full knowledge base is pre-loaded into the model's context window and cached, rather than retrieved at query time. Where RAG selects and injects relevant chunks on demand, CAG relies on the model's attention mechanism to locate relevant information within a large, persistent context. Practical for bounded knowledge bases that fit within an extended context window; less suited to dynamic or very large corpora.
Context Window Industry Noun: The maximum amount of text, measured in tokens, that a language model can process in a single interaction. The context window is the model's working memory: everything relevant to a task must fit within it, or be retrieved and injected. Context window size determines how much prior conversation, tool output, and instruction an agent can hold at once.

D

Decentralized Identifier (DID) W3C Standard: A cryptographic identifier that is globally unique, verifiable, and controlled by its subject rather than by a central issuing authority. DIDs are anchored to a distributed ledger or other decentralized system, enabling entities (including AI agents) to prove identity without depending on a central registry. The resolution mechanism varies by DID method; the W3C DID Core specification defines the data model. DIDs are a foundational primitive for cross-organizational agent identity assertion and are referenced in the Attribit-ID four-layer AIgentic architecture framework.
Delegated Trust Chain Attribit-ID Concept: The lineage of identity and authority from a primary actor through delegated relationships to subordinate actors, including Agentlets. A well-governed delegated trust chain is cryptographically signed, explicitly scoped at each link, and auditable end-to-end. An ungoverned trust chain (the default) allows rights to flow down unrestricted from the originating human principal.
Delegation IETF Concept: The process by which a principal grants a defined subset of its access rights to another principal, enabling it to act on the delegating principal's behalf within an explicit scope. Delegation is the mechanism by which AIgentic trust chains form: a human delegates to an agent, which may delegate to Agentlets. Without scope constraints at each link, rights flow down without limit.
Deprovisioning NIST Concept: The removal or restriction of an identity's access rights when they are no longer required: when an employee leaves, a service is retired, or an AIgentic actor completes its task. Failure to deprovision is one of the most persistent sources of unauthorized access in enterprise environments and an unresolved problem in most current AIgentic deployments.

F

Federation NIST Concept: The process by which an identity provider asserts a subject's identity to a relying party without the relying party directly verifying the subject's credentials. Federation decouples authentication from the services that consume it. Common standards include SAML 2.0, OAuth 2.0, and OpenID Connect.

G

Grounding NIST AI RMF Concept: The practice of anchoring a model's outputs to verifiable, external information. Grounding reduces hallucination by constraining what the model can assert: instead of generating from training memory alone, it generates from retrieved or injected facts. Retrieval-Augmented Generation (RAG) is the most common grounding technique.

I

Identity Inheritance Model Attribit-ID Concept: The default pattern in most current AIgentic deployments: AI agents inherit permissions and identity from their human principal rather than holding explicitly provisioned identities of their own. Requires no work to implement, which is why it is universal; carries disproportionate risk because rights flow down the delegation chain (human, agent, Agentlet) without natural limits. The alternative is explicit actor identity.
Identity Lifecycle NIST Concept: The complete arc of a digital identity: enrollment (creating and binding an identity to credentials), maintenance (updating attributes and managing authenticators), recovery (restoring access after credential loss or compromise), and termination (removing the identity when no longer required). Governing the full lifecycle of AIgentic actors, not just human users, is the foundational requirement this practice addresses.

L

LDAP IETF Standard: Lightweight Directory Access Protocol. A client-server protocol for reading and modifying directory services over a network. LDAP is the primary protocol for accessing X.500-compatible directories and remains the foundational standard for enterprise identity stores, including Microsoft Active Directory and OpenLDAP. In most enterprise environments, LDAP directories are the authoritative source of human actor identity records and the starting point for any identity governance program.
Least Privilege NIST Concept: The principle that every subject should operate with the minimum access rights necessary to perform its defined function. Least privilege is not a configuration setting. It is a governance posture that must be actively maintained as roles, agents, and systems change. Applying it to AIgentic actors requires explicit provisioning: agents that inherit human permissions cannot be scoped to least privilege by definition.

M

MCP AAIF Standard: Model Context Protocol. An open wire protocol for structured communication between AI agents and the tools, data sources, and services they invoke. MCP standardizes how agents discover available tools, request their execution, and receive results, enabling interoperable agent-to-tool communication across vendors and platforms. Authentication and identity extensions for MCP are under active development; the identity governance implications of MCP at enterprise scale remain an open problem.
Multi-Agent System Industry Concept: A system in which multiple autonomous agents interact to complete tasks, collaborating, coordinating, or competing as the design requires. In enterprise deployments, multi-agent systems introduce layered principal hierarchies: orchestrators delegate to subagents, each requiring its own identity and scope. Governing the full hierarchy is an open problem in most current AIgentic deployments.

N

Non-human identity control and governance Industry Concept: The discipline of managing identity, access, and audit controls for actors that are not human: service accounts, bots, API keys, and increasingly autonomous AI agents. Non-human identities already outnumber human identities by 45 to 100 to one in many enterprise environments. Governing them requires the same lifecycle rigor applied to human identities, with added complexity from delegation chains and runtime autonomy.
Non-human Identity Industry Noun: A digital identity that represents an automated system, service, or device rather than a human. Service accounts, API keys, certificates, and AI agents are all non-human identities. Non-human identities already significantly outnumber human identities in most enterprise environments and are the fastest-growing identity category.

O

Orchestrator OWASP Noun: The coordinating agent in a multi-agent system. An orchestrator receives a high-level goal, breaks it into subtasks, delegates them to specialized agents or Agentlets, manages data flow between them, and assembles the result. In Attribit-ID's ontology, an orchestrator is a primary AIgentic actor whose delegated trust chain must be explicitly governed.

P

PKI NIST Framework: Public Key Infrastructure. The combination of policies, procedures, hardware, software, and people required to create, manage, distribute, use, store, and revoke digital certificates. PKI provides the cryptographic foundation for workload identity in distributed and AIgentic systems, enabling agents to authenticate to each other and to services using short-lived, cryptographically verifiable credentials rather than shared secrets. SPIFFE and SPIRE implement a PKI model specifically designed for dynamic workload environments.
Principal IETF Noun: The entity whose identity is asserted in a security transaction. A principal may be a human user, a service account, an application, or an AIgentic actor. Every access control decision begins with establishing who or what the principal is, which is why ungoverned AIgentic actors (which hold no defined principal identity of their own) represent a structural gap in enterprise security.
Privileged Access NIST Concept: Access rights granted to accounts with elevated permissions: administrative, root-level, or system-critical. Privileged accounts are the highest-value target in any identity attack. Governing privileged access for AIgentic actors is an unsolved problem in most current deployments, where agents may inherit privileged rights from their human principals without any explicit scoping.
Provisioning NIST Concept: The creation of an identity and assignment of appropriate access rights. Provisioning establishes the identity record, binds it to credentials, and sets permissions. Without explicit provisioning for AIgentic actors, agents inherit access from their human principals by default: the Identity Inheritance Model.
Prompt Injection OWASP Concept: A class of attack in which malicious content in a user prompt or an external data source overrides an AI agent's instructions, causing it to take unintended actions. Prompt injection is the AI analog of command injection. In AIgentic systems with tool access, a successful prompt injection can cause an agent to exfiltrate data, escalate privileges, or take destructive actions on behalf of an attacker.

R

RBAC NIST Model: Role-Based Access Control. An access control model in which permissions are associated with roles and subjects acquire permissions by being assigned to roles. RBAC is the dominant model in enterprise IAM. It simplifies administration but struggles with the fine-grained, context-sensitive permissions that AIgentic actors require: an agent executing a specific task needs narrower permissions than any predefined role is likely to provide.
RAG Industry Concept: Retrieval-Augmented Generation. A technique that improves model accuracy by retrieving relevant information from an external knowledge base and injecting it into the model's context before generation. RAG grounds outputs in specific, current, or proprietary data that was not part of the model's training. It is the primary method for giving agents access to enterprise knowledge without retraining the model.

S

Service Account Industry Noun: A non-human identity used by an application, service, or automated process to authenticate to systems and access resources. Service accounts often carry elevated privileges, are shared across teams, rarely rotated, and infrequently reviewed. They are the closest existing antecedent to AIgentic actor identities in traditional IAM and carry many of the same governance risks.
SPIFFE CNCF Standard: Secure Production Identity Framework for Everyone. A CNCF-hosted open standard for workload identity in cloud-native and distributed systems. SPIFFE defines the SPIFFE Verifiable Identity Document (SVID), a short-lived, cryptographically verifiable credential issued to workloads at runtime. SPIFFE addresses the machine identity problem for microservices and AI agents: instead of static API keys or shared secrets, each workload receives a unique, attestable identity tied to its execution context, not to a human operator.
SPIRE CNCF Framework: SPIFFE Runtime Environment. The CNCF reference implementation of the SPIFFE standard. SPIRE manages the full lifecycle of SVIDs: attesting workload identity at startup, issuing short-lived X.509 or JWT certificates, and rotating them automatically without operator intervention. In AIgentic deployments, SPIRE provides the runtime infrastructure for issuing each agent a cryptographically verifiable identity, replacing static credentials with continuously attested, ephemeral ones.
SVID CNCF Standard: SPIFFE Verifiable Identity Document. The credential format defined by the SPIFFE standard: a short-lived, cryptographically signed document that asserts the identity of a workload at runtime. SVIDs are issued automatically by SPIRE, typically with a one-hour TTL, and rotated without operator intervention. An SVID may be expressed as an X.509 certificate or a JWT token. In AIgentic deployments, each agent instance receives its own SVID, providing a unique, attestable, time-bounded identity without static API keys or shared secrets.
System Prompt Industry Noun: The persistent instruction set that defines an AI agent's role, behavior, constraints, and capabilities for a given deployment. Unlike a user prompt, which varies per interaction, the system prompt is set at deployment time and governs all subsequent behavior. Preventing system prompt override through prompt injection is a primary AIgentic security control.

T

Tool Use OWASP Concept: The capability for an AI agent to invoke external functions, APIs, or services, taking actions beyond text generation. Tool use extends agent agency into the real world: reading files, querying databases, sending messages, calling APIs. An agent with tool access is an actor with real-world consequences; its identity and the scope of its tool permissions must be governed accordingly.

W

Workload Identity CNCF Concept: A cryptographic identity assigned to a software workload (a process, container, microservice, or AI agent) rather than to a human user or a static credential. Workload identity is attested at runtime based on observable characteristics of the execution environment (Kubernetes namespace, container image, service account) and expressed as a short-lived, automatically-rotated credential. SPIFFE is the leading open standard for workload identity; SPIRE is its reference implementation. Workload identity is the technically correct replacement for service accounts and API keys in dynamic, cloud-native environments hosting AIgentic actors.

X

X.500 ITU-T Standard: A series of ITU-T standards defining a distributed directory service model. X.500 established the foundational concepts that underpin all modern enterprise directories: the Directory Information Tree (DIT), distinguished names (DN), and the schema model for representing identity attributes. LDAP was originally developed as a lightweight access protocol for X.500 directories and inherits its data model. Active Directory, OpenLDAP, and most enterprise directory services implement subsets of the X.500 model.

Z

Zero Trust NIST Concept: A security model that eliminates implicit trust based on network location or asset ownership. Under zero trust, every access request is authenticated, authorized, and continuously validated regardless of where it originates. Zero trust is the architectural prerequisite for governing AIgentic actors: agents that call APIs directly from anywhere cannot be trusted on the basis of network position alone.

This glossary is a living document. New terms are added as Attribit-ID's ontology develops and as the broader market converges on vocabulary for AIgentic identity governance. Original coinages are terms introduced by Attribit-ID where no adequate prior term existed. Standard terms are attributed to their originating publication or body.