本文结构In This Post
为什么“运行时”比“登录能力”更重要Why Runtime Matters More Than Login
很多系统在采购身份平台时,只关注“能否快速接入登录”。这在短期看起来高效,但长期会带来治理断层:权限管理分散在多个系统里,审计日志不可汇总,风险处置无法联动。Many teams evaluate identity platforms by how fast login can be integrated. It feels efficient short term, but creates long-term governance gaps: fragmented authorization, scattered audit logs, and disconnected risk response.
当身份被作为运行时,目标就会改变:不是“让用户进来”,而是“让每一次访问都在可解释、可验证、可追溯的规则下发生”。When identity is run as runtime, the goal changes from "getting users in" to ensuring every access decision is explainable, verifiable, and traceable.
四个不可拆分的能力层Four Inseparable Capability Layers
- 认证:确认主体是谁。Authentication: establish who the principal is.
- 授权:确认主体可以做什么。Authorization: define what the principal can do.
- 目录:维护主体与组织关系。Directory: maintain principal and organization relationships.
- 审计:保留决策与动作证据链。Audit: preserve decision and action evidence trails.
这四层一旦拆开,企业就会陷入“表面可用、底层失控”的状态。它们必须在同一控制平面上连续运行。If these four layers are separated, organizations end up with surface usability but operational loss of control. They must run continuously on one control plane.
面向 AI 时代的运行模型Operating Model for the AI Era
在 AI 场景下,身份主体不再只有人。Agent、自动化流程和服务账号会参与真实业务动作。身份运行时的价值在于:它能用同一套规则治理不同主体,而不用每接入一个新系统就重写安全逻辑。In AI environments, principals are no longer only humans. Agents, automations, and service accounts perform business actions. The value of identity runtime is one policy system governing all principal types without rewriting security logic for every new integration.