身份定义信任规则Identity defines trust rules
身份系统回答三个根本问题:谁可以进入系统,谁拥有什么权限,身份如何被创建、验证、撤销和审计。它是企业信任体系的规则本身。Identity answers three fundamental questions: who can enter, who has what permissions, and how identities are created, verified, revoked, and audited. It is the rule system of enterprise trust.
身份能力范围Identity Capability Scope
认证Authentication
SSO、MFA、Passkey 与联邦认证,定义进入系统的门槛。SSO, MFA, passkeys, and federation define system entry.
授权Authorization
RBAC、ABAC 和策略引擎决定可执行动作与资源边界。RBAC, ABAC, and policy engines determine allowed actions and scope.
目录Directory
统一管理用户、组、组织结构与主体关系。Unify users, groups, org structure, and principal relationships.
生命周期Identity Lifecycle
覆盖入职、离职、角色变更与权限回收。Cover joiner, mover, leaver, and entitlement recertification.
机器身份Machine Identity
治理 API、Service Account、Token 与 Agent Identity。Govern APIs, service accounts, tokens, and agent identities.
统一审计Unified Audit
将认证、授权与管理动作形成可追溯证据链。Generate traceable evidence across auth and admin operations.
一句话定义One-line Definition
身份 = 规则本身。架构 = 规则运行方式。AI 智能体 = 规则治理的新参与者。Identity = rules. Architecture = how rules run. AI agents = new participants governed by those rules.
下一层:架构运行这些规则Next layer: architecture runs these rules
继续查看这些身份能力如何被组织、部署、扩展,并治理人类与机器主体。See how these identity rules are organized, deployed, and scaled across human and machine principals.