Authorization Propagation in Multi-Agent AI Systems: Identity Governance as Infrastructure
A new paper on arXiv, identified as 2605.05440, discusses an interesting challenge posed by multi-agent AI systems—specifically, issues related to authorization that go beyond just prompt injection. The authors introduce the concept of 'authorization propagation' at the workflow level and identify three main sub-problems: transitive delegation, aggregation inference, and temporal validity. They outline seven essential requirements for building effective authorization frameworks, highlighting recent developments in capability tokens tied to invocations, task-specific authorization envelopes, policy enforcement through dependency graphs, and revocation based on execution counts. The authors argue that conventional access-control models like RBAC, ABAC, and ReBAC don’t meet the needs of multi-agent environments.
Key facts
- arXiv paper 2605.05440 introduces authorization propagation in multi-agent AI systems.
- The problem is distinct from prompt injection and not addressed by RBAC, ABAC, or ReBAC.
- Three sub-problems identified: transitive delegation, aggregation inference, temporal validity.
- Seven structural requirements for authorization architectures are derived.
- Recent approaches include invocation-bound capability tokens and task-scoped authorization envelopes.
- Dependency-graph policy enforcement and execution-count revocation are also cited.
- The paper focuses on non-human principals retrieving data, delegating tasks, and synthesizing results.
- Classical access-control models are deemed insufficient for multi-agent systems.
Entities
Institutions
- arXiv