OIP is a control-plane companion, not a substitute for IAM.
Use your cloud, payment, health, CRM or internal service as the system of record for permissions. Give the agent a narrow capability—not an administrator credential—and require the action gateway to enforce it. OIP supplies the portable contract, attenuation rules, outcome semantics and receipt lineage around that decision.
A consequential-action pattern
agent proposes refund(60) → gateway authenticates workload → policy checks: refund ≤ 100, account = current tenant, approval = valid → service executes or refuses → telemetry records runtime behavior → OIP receipt binds contract, authority, observed result and trace reference → later repair links to the original attempt
Start with an isolated proof of concept.
- Choose one reversible, low-risk action.
- Remove broad credentials from the agent runtime.
- Define a narrow contract and explicit refusal cases.
- Correlate existing traces with OIP invocation and event identifiers.
- Test expiry, revocation, replay, cross-tenant denial and repair.
- Have an independent security reviewer verify the boundary.