Identity & Access
One identity model spans people, services, and agents. Authentication federates to your IdP; authorization is enforced centrally with role- and attribute-based rules, and delegated tokens can only ever narrow scope.
Principals & tokens
IIOS treats every actor as a principal with a short-lived, scoped token. Users authenticate through your identity provider; services use workload identity; agents receive delegated tokens derived from — and bounded by — the principal that invoked them.
Federated authentication
Authentication is delegated to your existing IdP over OIDC or SAML, so IIOS never becomes a parallel credential store. Group and attribute claims flow through to the policy engine.
| Method | Protocol | Best for |
|---|---|---|
| SSO | OIDC / SAML 2.0 | Employees and internal apps |
| Workload identity | OIDC federation / mTLS | Service-to-service calls |
| Delegated agent token | Token exchange (RFC 8693) | Autonomous & assisted agents |
Authorization
Access combines role-based assignments with attribute-based constraints (plant, asset, classification). The policy engine evaluates both on every request — there is no path to a resource that bypasses it.
// Every principal — human, service, or agent — gets a scoped token.
// An agent token can never exceed the scope of the principal that created it.
const token = await iios.identity.exchange({
subject: session.userId, // the acting principal
audience: 'graph.read', // what it may call
scopes: ['plant:north', 'asset:pump-*'], // ABAC constraints
ttlSeconds: 300, // short-lived by default
})
// Delegated to an agent — scope can only narrow, never widen:
const agentToken = await iios.identity.delegate(token, {
audience: 'agent.invoke',
scopes: ['asset:pump-*'], // subset of the parent scopes
})Access patterns
Short-lived by default
Tokens expire in minutes and are re-minted on demand, shrinking the blast radius of any leak.
Claims from your IdP
Roles and attributes originate in your directory, so access reviews stay in the tools your security team already audits.
Bounded agent identity
Agents act under delegated, narrowed tokens — never a shared service account.
Everything attributable
Each token carries the originating principal, so every action in the audit ledger traces back to a real identity.
