1. What is the nature and description of the request?

AI Agents potentially working with AAP to trigger automation need more levels of access and control than the traditional RBAC that we have. Support for SPIFFE SVIDs

Attribute-based access control would be able to provide a way to limit access by
Time of day/week
Data classification levels the agent is accessing
Rate limits and quotas per agent
Source IP or network zone
Request patterns

In addition to this we can add action scoping to limit what agents could do.

1. Why does the customer need this? (List the business requirements here)

Rbac is great for human control, however AI agents are unpredicatble and operate at a much higher rate. IF we are wanting to allow AI agents to use AAP to trigger their actions - (Consider things like Zero Trust, where we want to maintain the actions are coming from AAP)

1. How would you like to achieve this? (List the functional requirements here)

Agent registration for AAP with unique identifiers (purpose, version etc)
Issue crypto identities with certs/tokens with defined lifespans
support for Credential rotation (or integration with vault)
maintain agent registry/inventory
Throttle or quota for execution

1. List any affected known dependencies: Doc, UI etc..

UI Components would be needed to allow the creation of these limits for agents.

1. Github Link if any