在 AI 时代,治理对象正在扩展In the AI era, governance scope is expanding.
除了人员账户,自动化流程、API 调度、LLM Agent 与 RPA 服务同样参与业务决策与执行。这些实体需要纳入统一的身份与权限管理体系,确保行为可控、可审计、可追溯。统一治理,是企业迈向智能化的关键步骤。Beyond user accounts, automated workflows, API schedulers, LLM agents, and RPA services also participate in business decisions and execution. These entities must be brought into a unified identity and authorization model to ensure controlled, auditable, and traceable actions. Unified governance is a key step toward enterprise intelligence.
AI 时代新增主体New AI-era Principal Types
自动化流程Automated Workflows
CI/CD、任务编排与后台工作流。CI/CD pipelines, orchestrations, and backend workflows.
LLM AgentLLM Agents
具备工具调用能力的智能体执行单元。Agent execution units with tool-use capability.
API 调度程序API Schedulers
跨系统调用编排与批量任务运行主体。Cross-system orchestration and batch execution principals.
RPA 机器人RPA Bots
流程自动化机器人及其任务上下文。Process automation bots and task contexts.
自治服务Autonomous Services
具备自主决策和执行能力的服务主体。Services with autonomous decision and execution behavior.
机器身份Machine Identity
Token、Service Account 与短期凭证治理。Token, service account, and short-lived credential governance.
| 治理问题Governance Question | Smallsoft 处理方式Smallsoft Control |
|---|---|
| 这些非人主体如何被认证?How are non-human principals authenticated? | 任务级短时凭证、签名验证与身份上下文绑定Task-scoped short-lived credentials and signed identity context |
| 它们如何被授权?How are they authorized? | RBAC/ABAC + Policy Engine 动态策略执行RBAC/ABAC plus dynamic policy engine enforcement |
| 如何被审计追责?How are they audited? | Prompt Attribution + 动作链路审计 + 事件回放Prompt attribution, action trails, and replayable events |
| 如何被撤销与止损?How are they revoked and contained? | 实时吊销、降权策略、风险触发自动中止Real-time revocation, downgrade policy, and risk-triggered stop |
战略提醒Strategic Reminder
我们提供统一身份架构,AI 智能体只是被纳入治理的主体之一。We provide unified identity architecture, and AI agents are one of the governed principal types.
三者极简表达Three-part Summary
身份定义信任,架构运行信任,AI 智能体扩展信任对象。Identity defines trust, architecture runs trust, AI agents expand trust objects.