Skip to main content

Agent identity

As soon as agents act autonomously, they need identities of their own — not shared human credentials. Splyntra gives every agent a first-class identity so you can issue scoped credentials, decide which agents to trust, and, in Enterprise, federate identity across organizations.

info

Agent identity is part of Splyntra Enterprise and Cloud. Federation is an Enterprise capability.

Registered agents

An agent is a registered principal with a stable identifier, metadata (owner, project, environment), and a lifecycle (active, suspended, retired). Registration means every trace, finding, and authorization decision can be attributed to a specific agent — and that agent can be governed by policies.

Scoped credentials

Instead of a broad, long-lived key, each agent gets scoped credentials:

  • Least privilege — limited to specific projects, tools, or actions.
  • Time-boxed — short lifetimes with rotation.
  • Revocable — cut off a compromised agent immediately; the revocation lands in the audit ledger.

Because credentials are per-agent and scoped, a leaked key blast radius is contained to what that one agent was allowed to do.

Trust policies

Trust policies decide which agents (and which issuers) are accepted for a given resource or interaction. For example, only accept handoffs from agents in the same project, or only trust agents whose credentials were issued by an approved issuer. Trust decisions are evaluated alongside authorization and recorded in the ledger.

Federation (Enterprise)

Federation extends trust across organizational boundaries. When two organizations — or two business units running separate Splyntra deployments — need their agents to interoperate, federation lets each side accept identities issued by the other under an explicit trust relationship, without sharing raw credentials.

{
"trust": {
"issuer": "org:acme-corp",
"accepted_for": ["project:shared-support"],
"constraints": { "max_credential_ttl": "15m" }
}
}
note

Federation is configured deliberately per relationship and is fully audited — no implicit cross-org trust is ever granted.

Next steps

  • Governance — the policies that act on agent identities.
  • Security — detection over what agents send and receive.