Traditional IAM recognizes two principal types: humans who log in with intent, and systems that hold credentials and make predictable calls. Every authorization, audit, and consent model is built around that split.
Agents fit neither. They run autonomously, invoke tools in unplanned combinations, and delegate to other agents, putting several execution steps between the original human intent and the final action. IAM built for direct user-to-systems or system-to-system calls has no model for what happens in between.
This session proposes contextual identity: a single abstraction where every principal, whether human, system, or agent, is represented as who they are, who delegated to them, and what they are currently doing. Authorization evaluates the full chain, not just the caller at the door.
No new principal type. No protocol patches. One abstraction that works across all three.