An Intent-Aware Zero Trust Identity Architecture for Unifying Human and Machine Access

Authors

  • Badal Bhushan Research Scholar
  • Prassanna R Rajgopal
  • Kritika Sharma

DOI:

https://doi.org/10.22399/ijcesen.3886

Keywords:

Zero Trust Architecture, Identity Federation, Context-Aware Access, Context-Aware Access, Machine Identity, Intent-Aware Orchestration, Workload Identity

Abstract

Zero Trust is now the de facto standard to secure cloud-native, distributed, and AI-driven enterprise infrastructures. It's not only crucial to address human identities but also to secure non-human entities such as APIs, software agents, RPA bots, and smart city workloads. As hybrid infrastructures become the new normal and agentic AI systems (e.g., self-driving cars) grow more autonomous, identity remains the most stable and trustworthy security control plane.

This document proposes an intent-aware Zero Trust Identity Architecture designed to consolidate governance, authentication, and access control for human and non-human entities. The architecture consists of decentralized identity provisioning, policy-as-code enforcement, real-time telemetry ingestion, trust scoring, and AI-powered intent detection to provide inputs for continuous verification and least privilege enforcement. Compliant with standards such as NIST SP 800-207, NIST SP 800-63, CISA Zero Trust Maturity Model, and DoD's Zero Trust Strategy, the architecture also aligns with industry developments from Microsoft Entra ID, AWS IAM Identity Center, Google BeyondCorp, SPIFFE/SPIRE, and W3C DIDs.

The whitepaper explores use cases in healthcare, finance, retail, and industrial IoT spaces that are struggling with unique challenges like OT/IT convergence, multi-user devices, and governance of sensitive data access. High-profile attacks such as SolarWinds, MOVEit, and Log4Shell are broken down to highlight weaknesses in legacy IAM architectures and underscore the need for intent-based security. By intersecting behavior, purpose, and identity, this architecture remakes trust in hybrid, edge, and cloud-native settings with a conclusion of actionable paths of mitigation and a vision for intent-based Zero Trust governance

References

[1] NIST. "Zero Trust Architecture," NIST SP 800-207, 2020. https://csrc.nist.gov/publications/detail/sp/800-207/final

[2] Center for Internet Security (CIS). "CIS Controls v8," 2021. https://www.cisecurity.org/controls/cis-controls-list

[3] Microsoft. "Microsoft Zero Trust Principles," 2024. https://www.microsoft.com/security/blog/zero-trust

[4] Amazon Web Services (AWS). "AWS Identity and Access Management (IAM)," 2024. https://aws.amazon.com/iam/

[5] Google Cloud. "BeyondCorp Enterprise," 2024. https://cloud.google.com/beyondcorp

[6] Cloud Security Alliance (CSA). "Zero Trust Advancement Center," 2024. https://cloudsecurityalliance.org/research/ztac/

[7] Cloud Native Computing Foundation (CNCF). "SPIFFE and SPIRE," 2024. https://spiffe.io/

[8] W3C. "Decentralized Identifiers (DIDs) v1.0," 2023. https://www.w3.org/TR/did-core/

[9] The White House. "Fact Sheet: Cybersecurity Executive Order," 2021. https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-improving-the-nations-cybersecurity/

[10] Progress Software. "MOVEit Transfer Vulnerability," 2023. https://www.progress.com/moveit

[11] CVE. "CVE-2021-44228: Apache Log4j Vulnerability," 2021. https://nvd.nist.gov/vuln/detail/CVE-2021-44228

[12] CISA. "SolarWinds and Related Supply Chain Compromise," 2021. https://www.cisa.gov/news-events/alerts/2021/06/03/supply-chain-compromise

[13] OWASP Foundation. "OWASP Top 10 for LLM Applications," 2024. https://owasp.org/www-project-top-10-for-llm-applications/

[14] HIMSS. "Zero Trust in Healthcare: Identity-Centric Security," 2023. https://www.himss.org/resources/zero-trust-healthcare

[15] NIST. "Zero Trust Cybersecurity: Current Research Directions," 2024. https://www.nist.gov/news-events/news/2024/03/nist-launches-new-zero-trust-research

[16] AWS. "IAM Identity Center (formerly AWS SSO)," 2024. https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

[17] Splunk. "Unified Security Operations and Zero Trust," 2024. https://www.splunk.com/en_us/form/unified-security-operations.html

[18] Microsoft. "AI Risk Management Framework (AI RMF)," 2024. https://www.microsoft.com/en-us/security/blog/2024/02/20/framework-for-responsible-ai

[19] Cloud Security Alliance (CSA). "Zero Trust Maturity Model," 2023. https://cloudsecurityalliance.org/artifacts/zero-trust-maturity-model/

[20] Microsoft. "Using TPM and CBA in Entra ID," 2024. https://learn.microsoft.com/en-us/entra/idp/certificate-based-authentication/overview

[21] ISA. "ISA/IEC 62443 Series on Industrial Automation Security," 2024. https://www.isa.org/standards-and-publications/isa-iec-62443-series

[22] Elastic. "SIEM and Zero Trust Integration," 2024. https://www.elastic.co/siem

[23] Open Policy Agent. "Rego Policy-as-Code Language," 2024. https://www.openpolicyagent.org/docs/latest/policy-language/

[24] Google Cloud. "Context-Aware Access Overview," 2024. https://cloud.google.com/access-context-manager/docs/overview

[25] Apple. "Secure Enclave Overview," 2024. https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web

[26] Yubico. "FIDO2 and Passkeys in Retail," 2024. https://www.yubico.com/solutions/retail/

[27] AWS. "WebAssembly on AWS," 2024. https://aws.amazon.com/blogs/opensource/webassembly-on-aws/

[28] CrowdStrike. "Behavioral Analytics for Identity Threat Detection," 2024. https://www.crowdstrike.com/blog/behavioral-analytics-threat-detection/

[29] Ping Identity. "SCIM and Federation Integration," 2024. https://www.pingidentity.com/en/resources/content-library/data-sheets/4563-pingone-davinci.html

[30] HashiCorp. "Vault Identity Secrets Engine," 2024. https://developer.hashicorp.com/vault/docs/secrets/identity

[31] Microsoft. "Microsoft Sentinel Overview," 2024. https://learn.microsoft.com/en-us/azure/sentinel/

[32] Microsoft. "Audit Logging with Azure Monitor," 2024. https://learn.microsoft.com/en-us/azure/azure-monitor/

[33] SailPoint. "Explainable Identity Governance with AI," 2024. https://www.sailpoint.com/solutions/identity-security/

[34] SHAP. "SHapley Additive Explanations," 2024. https://github.com/slundberg/shap

[35] U.S. Department of Defense. "Zero Trust Strategy," 2022. https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-Zero-Trust-Strategy.pdf

[36] NIST. "Annotated Guide to SP 800-207 Implementations," 2024. https://www.nist.gov/publications/annotated-sp800-207

[37] U.S. DoD. "Zero Trust Reference Architecture v2.0," 2024. https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZT-Ref-Arch-v2.pdf

[38] IETF. "Decentralized Policy Interfaces for ZTA," 2024. https://datatracker.ietf.org/wg/zta/documents/

[39] CNCF. "SPIFFE/SPIRE in Kubernetes Production Environments," 2025. https://github.com/spiffe/spire

[40] AWS. "Verified Access with WASM for Policy Evaluation," 2024. https://aws.amazon.com/verified-access/

[41] HIMSS. "HIPAA-Compliant Zero Trust Controls," 2024. https://www.himss.org/resources/hipaa-and-zero-trust

[42] SailPoint. "AI-Oriented Identity Governance Trends," 2024. https://www.sailpoint.com/resources/white-papers/future-of-ai-in-identity-governance/

[43] ACM. "Trustworthy AI Access Models in Financial Systems," 2025. https://dl.acm.org/doi/abs/10.1145/fintrust24

[44] IEEE. "Biometric Authorization in Industrial IoT," 2024. https://ieeexplore.ieee.org/document/biometric-iot2024

[45] Gartner. "Digital Twins for Predictive Access Management," 2025. https://www.gartner.com/en/documents/4567832

[46] Forrester. "Risk Quantification and Explainable Zero Trust," 2024. https://www.forrester.com/report/zerotrust-risk-metrics

[47] IEEE. "Retrofitting Legacy Systems for Zero Trust," 2024. https://ieeexplore.ieee.org/document/zt-legacy-2024

[48] GitHub. "OPA and Cedar Policy Drift Detection," 2024. https://github.com/open-policy-agent/opa/issues/cedar-drift

[49] Springer. "Human-in-the-Loop Access Governance for Autonomous Systems," 2025. https://link.springer.com/article/10.1007/s10844-024-hitl

[50] ACM. "Agent Identity Federation: Trust Taxonomies," 2024. https://dl.acm.org/doi/10.1145/agent-trust2024

[51] MITRE. "AI Model Integrity via Cryptographic Attestation," 2024. https://www.mitre.org/publications/tech-papers/ai-model-attestation

[52] ENISA. "Telemetry-Driven Identity Assurance in ZTA," 2024. https://www.enisa.europa.eu/publications/zt-telemetry

[53] IEEE. "Federated Identity Control for AI-Driven Systems," 2025. https://ieeexplore.ieee.org/document/fid-ai2025

[54] NIST. "Adaptive Security Models in ZTA for AI Workloads," 2024. https://www.nist.gov/publications/adaptive-ai-zta

[55] Springer. "Behavioral Metrics in Identity Fabrics," 2024. https://link.springer.com/article/10.1007/s10844-024-bmetrics

Downloads

Published

2025-09-22

How to Cite

Bhushan, B., Prassanna R Rajgopal, & Kritika Sharma. (2025). An Intent-Aware Zero Trust Identity Architecture for Unifying Human and Machine Access. International Journal of Computational and Experimental Science and Engineering, 11(3). https://doi.org/10.22399/ijcesen.3886

Issue

Vol. 11 No. 3 (2025): IJCESEN

Section

Research Article

License

Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.