What is Identity Propagation?
Identity propagation is the practice of maintaining and forwarding the identity of the original caller through a chain of API calls or agent actions. In multi-hop scenarios – where an agent calls a capability that calls another capability – identity propagation ensures that every action in the chain is attributable to the originating user or system.
Identity propagation in Naftiko
Naftiko enforces identity propagation across capability chains:
- Token forwarding – Caller tokens are propagated through orchestration steps.
- Identity context – Each capability receives identity context about the original caller, not just the immediate upstream caller.
- Audit attribution – Audit trails record the full identity chain for compliance.
- Policy evaluation – Authorization policies can evaluate against the original caller identity, not just the service account of the intermediate capability.
Why it matters
Without identity propagation, multi-hop architectures lose accountability. If an agent calls five capabilities in sequence, and the third one causes a compliance violation, the organization needs to know who initiated the chain. Identity propagation provides that traceability.
