In the AI era, governance scope is expanding.
Beyond user accounts, automated workflows, API schedulers, LLM agents, and RPA services also participate in business decisions and execution. These entities must be brought into a unified identity and authorization model to ensure controlled, auditable, and traceable actions. Unified governance is a key step toward enterprise intelligence.
New AI-era Principal Types
Automated Workflows
CI/CD pipelines, orchestrations, and backend workflows.
LLM Agents
Agent execution units with tool-use capability.
API Schedulers
Cross-system orchestration and batch execution principals.
RPA Bots
Process automation bots and task contexts.
Autonomous Services
Services with autonomous decision and execution behavior.
Machine Identity
Token, service account, and short-lived credential governance.
| Governance Question | Smallsoft Control |
|---|---|
| How are non-human principals authenticated? | Task-scoped short-lived credentials and signed identity context |
| How are they authorized? | RBAC/ABAC plus dynamic policy engine enforcement |
| How are they audited? | Prompt attribution, action trails, and replayable events |
| How are they revoked and contained? | Real-time revocation, downgrade policy, and risk-triggered stop |
Strategic Reminder
Smallsoft provides unified identity architecture, and AI agents are one of the governed principal types.
Three-part Summary
Identity defines trust, architecture runs trust, AI agents expand trust objects.