AI 智能体是新型主体,不是独立系统AI agents are new principals, not a standalone system
在传统系统中主体主要是人;在 AI 时代,主体扩展到自动化流程、LLM Agent、API 调度程序、RPA 和自治服务。它们都必须纳入同一身份治理规则。Traditional systems focus on human principals. In the AI era, principals include automations, LLM agents, API schedulers, RPA, and autonomous services, all governed by the same identity rules.
关键定义Core Definition
AI 时代新增主体New AI-era Principal Types
自动化流程Automated Workflows
CI/CD、任务编排与后台工作流。CI/CD pipelines, orchestrations, and backend workflows.
LLM AgentLLM Agents
具备工具调用能力的智能体执行单元。Agent execution units with tool-use capability.
API 调度程序API Schedulers
跨系统调用编排与批量任务运行主体。Cross-system orchestration and batch execution principals.
RPA 机器人RPA Bots
流程自动化机器人及其任务上下文。Process automation bots and task contexts.
自治服务Autonomous Services
具备自主决策和执行能力的服务主体。Services with autonomous decision and execution behavior.
机器身份Machine Identity
Token、Service Account 与短期凭证治理。Token, service account, and short-lived credential governance.
| 治理问题Governance Question | Smallsoft 处理方式Smallsoft Control |
|---|---|
| 这些非人主体如何被认证?How are non-human principals authenticated? | 任务级短时凭证、签名验证与身份上下文绑定Task-scoped short-lived credentials and signed identity context |
| 它们如何被授权?How are they authorized? | RBAC/ABAC + Policy Engine 动态策略执行RBAC/ABAC plus dynamic policy engine enforcement |
| 如何被审计追责?How are they audited? | Prompt Attribution + 动作链路审计 + 事件回放Prompt attribution, action trails, and replayable events |
| 如何被撤销与止损?How are they revoked and contained? | 实时吊销、降权策略、风险触发自动中止Real-time revocation, downgrade policy, and risk-triggered stop |
战略提醒Strategic Reminder
正确表达是:我们提供统一身份架构,AI 智能体只是被纳入治理的主体之一。The right positioning: we provide unified identity architecture, and AI agents are one of the governed principal types.
三者极简表达Three-part Summary
身份定义信任,架构运行信任,AI 智能体扩展信任对象。Identity defines trust, architecture runs trust, AI agents expand trust objects.