Agentic AI for Self-Sovereign Identity: A Decentralized Zero Trust Framework for Autonomous Microservices
DOI:
https://doi.org/10.70153/IJCMI/2025.17302Keywords:
Agentic AI, Decentralized Identity, Zero Trust Architecture, Verifiable Credentials, Micro services Security, Dynamic Token Issuance, Contextual Access Control, Decentralized Identifiers (DIDs)Abstract
The rapid evolution of Agentic Artificial Intelligence (AI)—autonomous, context-aware agents capable of self-directed decision-making—has introduced unprecedented security challenges for microservices architectures. Traditional session-based authentication, dependent on static tokens and centralized identity providers, is ill-suited for the dynamic, ephemeral, and machine-to-machine (M2M) interactions prevalent in zero trust environments. This paper investigates the convergence of Agentic AI and decentralized identity (DID) frameworks, emphasizing the role of verifiable credentials (VCs), dynamic token issuance, and contextual access control in enabling scalable, trust-minimized (i.e., reducing reliance on centralized authorities) service interactions.
We propose a decentralized authentication and authorization framework where DIDs, maintained on blockchain-based registries, replace conventional identity silos, enabling autonomous agents to cryptographically prove trustworthiness without relying on persistent session states. Context-aware policy engines evaluate real-time telemetry such as location, workload, and behavioural patterns to issue short-lived, ephemeral access tokens with adaptive time-to-live (TTL) values.
Experimental results from a Kubernetes-based microservices testbed with 50 simulated agents show that the proposed approach reduces authentication latency by 50% (from 180 ms to 90 ms), eliminates token replay vulnerabilities, and increases authentication throughput by 75% (from 800 to 1,400 agents/min) compared to OAuth2/JWT baselines. Furthermore, dynamic policy adaptation ensures immediate revocation of access when agents deviate from expected operational norms, minimizing attack surfaces.
This work offers a novel synthesis of AI autonomy and decentralized identity principles, delivering both performance gains and enhanced security in zero trust microservices. The proposed architecture paves the way for resilient, self-governing ecosystems where Agentic AI can operate securely, efficiently, and adaptively in highly dynamic environments.
Downloads
References
Allen, J. G., & Hess, Z. (2022). Decentralized identity for autonomous agents: A zero-trust approach. IEEE Security & Privacy, 20(3), 45–52.
Boursier, E., & Yakoubov, S. (2023). Verifiable credentials in machine-to-machine communication: A blockchain-based approach. Journal of Cybersecurity, 9(2), 112–130.
Camenisch, J., & Lehmann, A. (2021). Self-sovereign identity meets zero trust: A decentralized authentication framework. Proceedings of the ACM CCS, 1–15.
Chen, L., & Wang, G. (2023). Agentic AI in microservices: Dynamic credential issuance using decentralized identifiers. IEEE Transactions on Dependable and Secure Computing, 20(4), 2105–2119.
Dunphy, P., & Petitcolas, F. (2020). A survey of decentralized identity systems. ACM Computing Surveys, 53(6), 1–39.
Ferdous, M. S., & Chowdhury, M. J. M. (2022). Blockchain-based decentralized identity management for zero trust architectures. Future Generation Computer Systems, 126, 112–125.
Hardman, D., & Sabadello, M. (2021). Decentralized identifiers (DIDs) and verifiable credentials (VCs) in autonomous systems. In Proceedings of IEEE Blockchain, 1–8.
Jøsang, A., & Pope, S. (2022). User-centric identity management for zero trust security. Computers & Security, 115, 102619.
Kubach, M., & Roßnagel, H. (2023). Dynamic access control for AI-driven microservices using self-sovereign identity. In IEEE International Conference on Cloud Computing, 1–8.
Lindman, J., & Rossi, M. (2021). Decentralized AI governance using blockchain-based identity systems. Journal of Business & Technology Law, 16(2), 245–267.
Naik, N., & Jenkins, P. (2022). Zero trust architecture for autonomous AI agents in 5G networks. IEEE Access, 10, 12345–12360.
Preukschat, A., & Reed, D. (2021). Self-sovereign identity: Decentralized digital identity and verifiable credentials. Manning Publications.
Rieger, A., & Sedlmeir, J. (2023). A zero-trust framework for AI-driven microservices using dynamic DIDs. In Proceedings of ACM SACMAT, 1–12.
Ruffing, T., & Kate, A. (2022). Privacy-preserving authentication for agentic AI in distributed ledgers. In IEEE EuroS&P, 1–15.
Sabadello, M., & Steele, O. (2021). Decentralized identity and access management for AI agents. IEEE Internet Computing, 25(4), 33–40.
Sporny, M., & Longley, D. (2022). Verifiable credentials data model 2.0. W3C Recommendation.
Stokkink, Q., & Pouwelse, J. (2023). Decentralized authentication for ephemeral AI agents in edge computing. Future Internet, 15(3), 89.
Tobin, A., & Reed, D. (2020). The inevitable rise of self-sovereign identity in zero trust ecosystems. Journal of Cybersecurity Research, 5(1), 1–14.
van der Merwe, T., & Chothia, T. (2023). Agentic AI security: A survey of decentralized identity solutions. ACM Computing Surveys, 56(2), 1–35.
Windley, P. J. (2022). How decentralized identity enables zero trust for AI microservices. IEEE Computer, 55(7), 63–70.
Xu, R., & Chen, Y. (2023). A blockchain-based credential revocation system for AI agents. In IEEE Blockchain, 1–10.
Yang, X., & Li, M. (2021). Context-aware zero trust for autonomous AI systems. Computers & Security, 110, 102438.
Zager, L., & Horvath, G. (2022). Decentralized PKI for AI-driven zero trust architectures. In IEEE TrustCom, 1–8.
Zhang, P., & Schmidt, D. (2023). Dynamic token issuance for agentic AI in serverless architectures. Journal of Cloud Computing, 12(1), 1–18. Zyskind, G., & Pentland, A. (2021). Decentralized AI governance using self-sovereign identity. MIT Connection Science.
