身份是企业信任体系的基础Identity is the foundation of enterprise trust.
它定义谁可以访问系统、拥有什么权限,以及如何进行验证、授权和审计。统一的身份规则,是保障业务安全与合规运行的前提。在复杂的系统环境中,清晰的身份治理能够减少风险、提高可控性,并为后续架构扩展奠定基础。It defines who can access systems, what permissions they have, and how verification, authorization, and auditing are performed. Unified identity rules are the prerequisite for secure and compliant operations. In complex environments, clear identity governance reduces risk, improves control, and lays the groundwork for architecture expansion.
身份能力范围Identity Capability Scope
认证Authentication
SSO、MFA、Passkey 与联邦认证,定义进入系统的门槛。SSO, MFA, passkeys, and federation define system entry.
授权Authorization
RBAC、ABAC 和策略引擎决定可执行动作与资源边界。RBAC, ABAC, and policy engines determine allowed actions and scope.
目录Directory
统一管理用户、组、组织结构与主体关系。Unify users, groups, org structure, and principal relationships.
生命周期Identity Lifecycle
覆盖入职、离职、角色变更与权限回收。Cover joiner, mover, leaver, and entitlement recertification.
机器身份Machine Identity
治理 API、Service Account、Token 与 Agent Identity。Govern APIs, service accounts, tokens, and agent identities.
统一审计Unified Audit
将认证、授权与管理动作形成可追溯证据链。Generate traceable evidence across auth and admin operations.
一句话定义One-line Definition
身份 = 规则本身。架构 = 规则运行方式。AI 智能体 = 规则治理的新参与者。Identity = rules. Architecture = how rules run. AI agents = new participants governed by those rules.
下一层:架构运行这些规则Next layer: architecture runs these rules
继续查看这些身份能力如何被组织、部署、扩展,并治理人类与机器主体。See how these identity rules are organized, deployed, and scaled across human and machine principals.