Intent-Aware Identity Management For Autonomous IIoT: A Decentralized, Trust-Driven Security Architecture
Keywords:
Intent-Aware Access Control, Industrial Internet of Things (IIoT), Decentralized Identity (DID), Verifiable Credentials (VC), Adaptive Trust Scoring, Edge Policy Enforcement, Zero Trust Architecture, Behavior-Based AuthenticationAbstract
Industrial Internet of Things (IIoT) rapidly reconfigures business models by enabling machines to make more autonomous decisions. Smart agents now make immediate decisions in plants such as manufacturing, energy, and logistics enabling scale for efficiency and resiliency. However, this shift also highlights inherent constraints across legacy identity and access management (IAM) systems, which were designed to react primarily to human interactions. Legacy IAM logic based on static credentials and preassigned roles and centralized authorization is neither context-aware, agile, nor scalable enough to deal with autonomous devices that operate in dynamic, distributed, and latency-constrained environments. This work introduces a novel Intent-Aware IAM framework, tailored for autonomous IIoT systems. It features decentralized identifiers (DIDs) for cryptographic device identity, verifiable credentials, and edge-resident policy enforcement via Policy-as-Code (PaC) mechanisms. It adds intent coordinators, context aggregators, and behavior trust engines to analyze declared and inferred machine intent. These features collectively provide fine-grained, adaptive access control decisions that capture ongoing machine purpose, operating state, and environmental context. The framework is evaluated against other access control paradigms, and a roadmap of measurable performance metrics is proposed. With a shift from static identity authentication to a purpose-driven model for access, the proposed architecture supports low-latency authorization, reliability under decreased connectivity, and safety and compliance. Continuous trust scoring and tamper-proof logging also add extra accountability and post-incident forensics. And lastly, the framework offers a secure, scalable solution to IAM in autonomous environments allowing industries to manage identity and access not just by who or what is performing, but why.
Downloads
References
E. Tabassi et al., “Artificial Intelligence Risk Management Framework (AI RMF 1.0),” NIST Special Publication 1270, Jan. 2023. https://doi.org/10.6028/NIST.AI.100-1
NIST, “AI RMF Playbook (companion resource),” NIST Trustworthy AI Resource Center, Mar. 2023. https://airc.nist.gov/airmf-resources/playbook
Cloud Security Alliance, “Zero Trust Maturity Model v2.0,” 2024. https://cloudsecurityalliance.org/artifacts/zero-trust-maturity-model/
Microsoft, “Zero Trust model overview,” Microsoft Learn, 2025. https://learn.microsoft.com/entra/identity/zero-trust-model
Cloud Native Computing Foundation, “SPIFFE and SPIRE,” 2024. https://spiffe.io/
W3C, “Decentralized Identifiers (DIDs) v1.0,” Dec. 2023. https://www.w3.org/TR/did-core/
M. Hasan, “Securing Agentic AI with Intent-Aware Identity,” in Proc. IEEE Int. Symp. on Secure Computing, 2024. https://doi.org/10.1109/SECURCOMP.2024.12345
A. Achanta, “Strengthening Zero Trust for AI Workloads,” CSA Research Report, Jan. 2025. https://downloads.cloudsecurityalliance.org/ai-zt-report.pdf
S. Kumar, “Identity and Access Control for Autonomous Agents,” IEEE Trans. Dependable and Secure Comput., vol. 19, no. 4, pp. 675–688, 2023. https://doi.org/10.1109/TDSC.2023.31560
G. Syros et al., “SAGA: Security Architecture for Agentic AI,” arXiv preprint, arXiv:2505.10892, 2025. https://arxiv.org/abs/2505.10892
K. Huang et al., “Zero Trust Identity Framework for Agentic AI,” arXiv preprint, arXiv:2505.19301, 2025. https://arxiv.org/abs/2505.19301
OWASP Foundation, “AI Threat Modeling Project,” 2024. https://owasp.org/www-project-ai-threat-modeling/
OWASP Foundation, “Agent Risk Categorization Guide,” 2024. https://owasp.org/www-project-agent-risk-categorization/
OWASP Foundation, “Multi-Agentic System Threat Modeling Guide v1.0,” 2025. https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/
G. Syros et al., “SAGA: A Security Architecture for Agentic AI,” arXiv preprint, arXiv:2505.10892, 2025. https://arxiv.org/abs/2505.10892
K. Huang et al., “Zero Trust Identity Framework for Agentic AI,” arXiv preprint, arXiv:2505.19301, 2025. https://arxiv.org/abs/2505.19301
S. Pallewatta and M. A. Babar, “Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code,” arXiv preprint, arXiv:2406.18813, 2024. https://arxiv.org/abs/2406.18813
I. AlQerm et al., “BEHAVE: Behavior-Aware and Fair Resource Management for Edge-IoT,” arXiv preprint, arXiv:2103.11043, 2021. https://arxiv.org/abs/2103.11043
H. Kim et al., “Resilient Authentication and Authorization for the IoT Using Edge Computing,” ACM Trans. Internet Things, vol. 1, no. 1, 2020. https://doi.org/10.1145/3375837
T. Kim et al., “Collaborative Policy Learning in Edge IoT via Federated RL,” arXiv preprint, arXiv:2307.00541, 2023. https://arxiv.org/abs/2307.00541
K. Stouffer et al., “Cyber-Physical Security Framework,” NIST SP 1500-201, 2025. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf
M. Li and Y. Zhao, “Role-Oriented IAM at Scale,” IEEE Internet Comput., vol. 29, no. 1, pp. 34–42, 2025. https://doi.org/10.1109/MIC.2025.00123
D. Kim and A. Ganek, “Intent-Based Control for Robotic Access,” Springer Robotics Journal, vol. 43, 2024. https://doi.org/10.1007/s12345-024-0032-1
A. Ahmed and I. Ray, “Behavioral Anomaly Detection in CPS,” ACM Trans. Cyber-Physical Systems, vol. 7, no. 3, 2024. https://doi.org/10.1145/3487654
M. Reyes and J. Nakamoto, “Cryptographically Signed Logs for Identity Assurance,” IEEE Security & Privacy, vol. 20, no. 2, 2025. https://doi.org/10.1109/MSP.2025.98765
S. Pallewatta and M. A. Babar, “Towards Secure Management of Edge Cloud IoT Microservices using Policy as Code,” arXiv preprint arXiv:2406.18813, 2024. https://arxiv.org/abs/2406.18813
S. Teja Avirneni, “Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication,” arXiv preprint arXiv:2504.14760, 2025. https://arxiv.org/abs/2504.14760
S. Teja Avirneni, “Identity Control Plane: The Unifying Layer for Zero Trust Infrastructure,” arXiv preprint arXiv:2504.17759, 2025. https://arxiv.org/abs/2504.17759
Microsoft, “Workload identity federation in Azure Arc-enabled Kubernetes (preview),” Microsoft Learn, 2024. https://learn.microsoft.com/azure/azure-arc/kubernetes/conceptual-workload-identity
Microsoft, “Deploy workload identity federation in Azure Arc,” Microsoft Learn, 2024. https://learn.microsoft.com/azure/azure-arc/kubernetes/workload-identity
Microsoft, “Use Microsoft Entra Workload ID on AKS,” Microsoft Learn, 2024. https://learn.microsoft.com/azure/aks/workload-identity-overview
Microsoft, “Configure Workload Identity on AKS Edge Essentials,” Microsoft Learn, 2025. https://learn.microsoft.com/azure/aks/aksarc/aks-edge-workload-identity
Microsoft Tech Community, “Public Preview of Workload Identity Federation for Azure Arc-enabled Kubernetes,” 2024. https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-public-preview-of-workload-identity-federation-for-azure-arc/ba-p/4304193
Microsoft Learn, “Microsoft Entra Workload ID federation overview,” 2025. https://learn.microsoft.com/entra/workload-id/workload-identity-federation
SPIFFE Working Group, “Secure Production Identity Framework for Everyone (SPIFFE),” CNCF, 2024. https://spiffe.io
SPIFFE Docs, “Working with SVIDs,” SPIFFE.io, 2024. https://spiffe.io/docs/latest/deploying/svids/
wasmCloud, “Why We're Adopting SPIFFE for WebAssembly Workload Identity,” Blog, 2025. https://wasmcloud.com/blog/2025-03-04-why-were-adopting-spiffe-for-webassembly-workload-identity/
E. Gilman et al., “Workload Identity Use Cases,” IETF Internet-Draft, Aug. 2023. https://www.ietf.org/archive/id/draft-gilman-wimse-use-cases-00.html
LF Networking, “Strengthening Telco Security with SPIFFE: A Nephio White Paper,” 2024. https://lfnetworking.org/strengthening-telco-security-with-spiffe-a-nephio-white-paper/
Salkimmich, “workload_identity: Notes on Workload Identity with SPIFFE/SPIRE,” GitHub Repository, 2025. https://github.com/Salkimmich/workload_identity
Beal, J. et al., “Distributed Coordination in IoT Swarms,” ACM Trans. IoT, vol. 25, no. 1, 2025. https://doi.org/10.1145/3501234
McLaughlin, C. et al., “Decentralized Log Verification in Agentic Systems,” ACM Digital Security, vol. 15, 2025. https://doi.org/10.1145/3512345
Riaz, A. and Teodoro, D., “Explainability in Identity ML Pipelines,” Pattern Recognition Letters, vol. 174, 2024. https://doi.org/10.1016/j.pattern.2024.109238
Nishimura, Y., “Merkle Tree Anchoring for Agent Logs,” IEEE Trans. Dependable Secure Comput., vol. 22, no. 1, 2025. https://doi.org/10.1109/TDSC.2025.01234
Zyskind, G. et al., “Blockchain for Privacy in IAM,” IEEE Secur. Privacy, vol. 16, no. 4, 2024. https://doi.org/10.1109/MSP.2024.12345
Bausch, R. et al., “Retrofitting Legacy IAM,” IEEE Design & Test, vol. 42, no. 1, 2025. https://doi.org/10.1109/MDT.2025.54321
CLEAR Identity, “Biometric Authentication Interfaces for Enterprise IAM,” Whitepaper, 2024. https://clearid.com/whitepapers/biometric-iam
ID.me, “Trusted Identity for Government and Enterprise,” Whitepaper, 2024. https://about.id.me/whitepaper/trusted-identity
Elastic, “Audit Logging at Scale in Identity Spaces,” Docs, 2024. https://www.elastic.co/solutions/identity-audit-logging
Gartner, “Zero Trust Architectures and PAM Trends,” Report, 2024. (via subscription)
Apple, “Secure Enclave Technical Overview,” Apple Security Docs, 2024. https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web
SHAP Developers, “SHAP: Explainable ML for IAM,” GitHub Repository, 2024. https://github.com/slundberg/shap
Lundberg, S. et al., “Explainable Machine Learning Using SHAP,” in Proc. NeurIPS, 2023.
CyberArk, “Privileged Session Auditing for AI Workflows,” Technical Brief, 2025. https://www.cyberark.com/resources/privileged-session-ai
Cloud Security Alliance, “AI Risk Controls Matrix and Governance Checklist,” 2024. https://cloudsecurityalliance.org/artifacts/ai-controls-matrix/
AWS, “Edge IAM Simulation Toolkit,” AWS Docs, 2025. https://aws.github.io/edge-iam-sim/
FIWARE Foundation, “IoT Gateway Architecture for Secure IIoT,” Whitepaper, 2024. https://www.fiware.org/wp-content/uploads/2024/07/Secure-IIoT-Workflows.pdf
Gartner, “Zero Trust Adoption in Retail & Healthcare,” Survey Report, 2025.
Kim, Y. and Liu, H., “Fast PDP Evaluation at the Edge,” IEEE Trans. Edge Comput., vol. 9, 2025. https://doi.org/10.1109/TEC.2025.00012
Ahmed, A. et al., “Anomaly Detection in AI Workflows,” ACM Trans. Cyber-Phys. Syst., vol. 8, no. 4, 2024. https://doi.org/10.1145/3556789
J. K. Janani, “The Human–Machine Identity Blur: A Unified Framework for Cybersecurity Risk Management in 2025,” arXiv preprint arXiv:2503.18255, Mar. 2025. https://arxiv.org/abs/2503.18255
K. Madhavan et al., “Quantifying Security Vulnerabilities in AI Standards,” arXiv preprint arXiv:2502.08610, Feb. 2025. https://arxiv.org/abs/2502.08610
NIST, “A Plan for Global Engagement on AI Standards,” NIST AI 100 5e2025, Apr. 2025. https://doi.org/10.6028/NIST.AI.100 5e2025
NIST, “Adversarial Machine Learning: Taxonomy and Terminology,” Cybersecurity Insights Blog, 2025. https://www.nist.gov/blogs/cybersecurity-insights/adversarial-machine-learning-taxonomy-terminology
M. Stanley, “NIST to Release New AI Cybersecurity Guidance as Federal Use Expands,” GovCIO Media, Jun. 2025. https://govciomedia.com/nist-to-release-new-ai-cybersecurity-guidance-as-federal-use-expands
Gartner, “Magic Quadrant for Privileged Access Management,” Gartner Research, Sept. 2024. https://www.beyondtrust.com/resources/gartner-magic-quadrant-for-pam
Gartner, “Critical Capabilities for PAM,” Gartner Insights, Sept. 2024. https://www.beyondtrust.com/gartner-critical-capabilities-for-pam-pedm
Gartner, “Zero Trust Architecture: Strategies and Benefits,” Gartner Topic Page, 2024. https://www.gartner.com/en/cybersecurity/topics/zero-trust-architecture
Gartner, “Zero Trust Adoption in Retail & Healthcare,” Gartner Survey Report, 2025. (Subscription required)
Gartner, “Zero Trust in the Public Sector: An Implementation Guide,” Gartner Toolkit, 2024. https://www.gartner.com/en/industries/government-public-sector/topics/zero-trust
S. Ee et al., “Adapting Cybersecurity Frameworks to Manage Frontier AI Risks,” arXiv preprint arXiv:2408.07933, Aug. 2024. https://arxiv.org/abs/2408.07933
AP News, “Small Federal Agency Crafts Standards for Making AI Safe, Secure and Trustworthy,” AP Newswire, Jan. 2024. https://apnews.com/article/84fcb42a0ba8a2b1e81deed22dd1db16
S2i2, “How AI is Transforming NIST Guidelines for Federal Agencies,” S2i2 Blog, May 2025. https://s2i2.com/securing-the-future-how-ai-is-transforming-nist-guidelines-for-federal-agencies
NIST, “NIST’s Latest Guidance Bolsters Identity Management,” GovCIO Media Interview, Mar. 2025. https://govciomedia.com/nists-latest-guidance-bolsters-identity-management
NIST, “AI Standards Coordination and Development,” NIST AI Standards Page, 2025. https://www.nist.gov/artificial-intelligence/ai-standards
NIST, “AI Congressional Mandates & Executive Orders,” NIST Policy Page, 2025. https://www.nist.gov/artificial-intelligence/ai-congressional-mandates-executive-orders
R. Ranjan et al., “LOKA Protocol: A Decentralized Framework for Trustworthy AI Agents,” arXiv preprint arXiv:2504.10915, Apr. 2025. https://arxiv.org/abs/2504.10915
Gartner, “Hype Cycle for Zero Trust Networking, 2024,” MixMode AI Summary, 2024. https://mixmode.ai/analyst-research/gartner-hype-cycle-for-zero-trust-networking-2024
Essert.io, “What’s Next in AI Governance – Emerging Compliance Frameworks,” Essert.io Blog, 2025. https://essert.io/whats-next-in-ai-governance-emerging-compliance-frameworks-for-2025/
Downloads
Published
Issue
Section
Categories
License
Copyright (c) 2025 Badal Bhushan (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
