The approach draws on its existing work in identity verification, public-key infrastructure, digital certificates and the management of keys and secrets. The company is pitching the program as a response to a governance problem enterprises are already reporting. Initial work will focus on four areas aimed at regulated, compliance-heavy environments. The first is verifiable identity for both people and agents, so every action traces back to a confirmed human principal and a unique agent. Authorization controls keep agents inside approved policies, roles and delegated authority, with a human in the loop for critical decisions. A cryptographic layer protects the keys, certificates and secrets that agents use to authenticate and transact. The fourth, accountability, provides a verifiable record of what an agent did for regulators, customers and internal risk teams.
Source: siliconangle.com