Context Graph vs Agent Identity: Access vs Decision Authority

Q: What is the difference between agent identity and a context graph?

Agent identity identifies which AI agent is acting, who sponsors it, which credentials it can use, and which resources it may access. A context graph validates whether a specific proposed action is applicable, scoped, current, policy-compliant, and traceable before execution.

Q: Does agentic IAM replace pre-execution enforcement?

No. Agentic IAM can issue credentials, enforce conditional access, expire permissions, and record identity events. Pre-execution enforcement requires a decision context graph that evaluates business semantics: policy version, customer state, workflow state, scope, temporal validity, exceptions, provenance, and causal trace requirements.

Q: Do production agents need both agent identity and context graphs?

Yes. Agent identity governs who the agent is and what resources it may reach. A context graph governs whether this use of that access is valid now.

Patrick Joubert; Patrick Joubert

Context Graph vs Agent Identity

Access Is Not Decision Authority

Agent identity is becoming a core enterprise control. Platforms now assign agents their own identities, sponsors, credentials, access packages, delegated permissions, and lifecycle state.

That shift is necessary. It still answers the access question, not the decision question.

Agent identity proves which agent is acting and what resource it may reach. A context graph proves whether this use of that access is applicable, scoped, current, policy-compliant, and traceable before execution.

The Core Distinction

Identity systems govern actors and entitlements. Decision context graphs govern actions and applicability.

The difference matters because valid access can still produce invalid side effects. A known, sponsored, least-privilege agent can still approve the wrong refund, write to the wrong tenant, use an expired policy, or act without enough provenance.

Side-by-Side Comparison

Dimension	Agent Identity	Context Graph
Core question	Which agent is acting, who sponsors it, and what access can it receive?	Is this proposed action valid now, in this scope, under these rules?
Control point	Authentication, authorization, credential issuance, access packages, identity lifecycle	Per-action decision boundary before execution
Primary artifact	Agent ID, token, credential, entitlement, sponsor, access log, expiry event	Applicability result, allow or block decision, causal decision trace
Governance role	Controls who can reach which systems under which access conditions	Controls whether this specific use of access is legitimate
Failure caught	Unknown agent, overprivileged token, expired access, missing sponsor, unmanaged credential	Invalid refund, wrong tenant scope, stale policy, unlawful data use, missing provenance

What Agent Identity Does Well

Identity control	Good at	Does not prove
Agent ID	Uniquely identifying an agent across systems	Whether the current action is valid for the target entity and policy state
Credential management	Issuing, rotating, and revoking tokens or workload credentials	Whether this credential should be used for this business action
Delegated access	Letting an agent act on behalf of a user or service	Whether the delegation applies to this customer, workflow, and time window
Conditional access	Evaluating sign-in, risk, network, and resource conditions	Applicability, exception hierarchy, temporal validity, and causal trace requirements
Sponsor ownership	Assigning a responsible human for agent lifecycle and access	Whether the sponsor has enough decision context to approve the action

Why Identity Is Not Applicability Logic

Access control can prove that an agent may call a tool. Applicability logic determines whether this tool use is valid for the customer, contract, workflow state, policy version, jurisdiction, and exception hierarchy.

Delegated access can prove that an agent is acting on behalf of a user. Scope isolation determines whether that delegation applies to this record, tenant, time window, and downstream side effect.

Identity logs can show that an agent acted. A causal decision trace explains why the action was authorized or blocked, which context was consulted, and which rules made the result accountable.

Production Scenarios

Customer refund

Agent identity: The agent identity proves that the support agent is known, sponsored, and allowed to request the refund API under delegated access.

Context graph: The decision context graph validates entitlement, purchase state, refund window, fraud flags, customer tier, jurisdiction, active exceptions, and policy version before the refund executes.

CRM write

Agent identity: The identity layer confirms the sales agent can access Salesforce and write to approved fields for accounts in its assigned territory.

Context graph: The context graph checks account ownership, consent, current opportunity stage, contract state, suppression status, and source authority before the field update is allowed.

Cloud remediation

Agent identity: The agent identity receives short-lived access to an AWS or Azure resource group during an incident response workflow.

Context graph: The context graph determines whether this remediation is in scope for the active incident, compliant with the current change window, and supported by a rollback path and causal decision trace.

Where This Fits in the Agent Stack

Agent identity is the foundation for accountable access. Enterprises need agent IDs, workload credentials, delegated authorization, least privilege, lifecycle expiry, and responsible sponsors.

Decision context graphs are the foundation for accountable action. They encode the business semantics an identity layer cannot infer from a token alone: which policy applies, which exception overrides it, which facts are current, which source has authority, and whether the action can be replayed as a causal decision trace.

The strongest architecture uses both: agent identity for access governance, and a context graph for governed action.