From 10,000 ACL rules to one geometric comparison—the only IAM that scales to agentic AI
📋
Real-World Scenario: Quarterly PR Release
Context: Sarah Chen's AI agent needs to publish the Q4 press release—meaning it's escalating Team-scope content to Global visibility. The agent carries Sarah's permission grid and self-checks in microseconds. This is NOT symmetric: a VP's agent can broadcast Global→Team (push directives down), but Team→Global (publication) requires different authority. The grid captures this: Cell(Team,Global) encodes "can publish upward" while Cell(Global,Team) encodes "can delegate downward."
🤖 Sarah's AI Agent (Team Scope)↗📁 Publish to Global✓ Team→Global GRANTED (10μs)
🤖
Why This Matters for Agentic AI Systems
An AI agent processing a task makes hundreds of permission decisions per minute. Read this file? Call this API? Spawn a sub-agent? Write to this database? Traditional ACLs require a round-trip per check—400ms × 100 checks = 40 seconds of waiting. The agent stalls. Worse: agents spawn sub-agents, each inheriting and modifying permissions. ACL inheritance becomes exponential. FIM gives the agent a portable permission grid it can self-check in microseconds. No round-trips. No inheritance chains. The agent knows its shape.
⚖️
Why Axes Are Symmetric But Permissions Are Not
The 12 axis points (Sensitivity levels, Domains, Scopes) are the same on X and Y—like latitude and longitude. But Cell(A,B) ≠ Cell(B,A). Writing to a sensitivity level (reclassifying documents) differs from writing at that level. Publishing upward (Team→Global) requires approval authority; broadcasting downward (Global→Team) requires delegation authority. The grid's asymmetry IS the policy.
❌ Traditional ACL/RBAC
Check user's group memberships
Traverse role hierarchy
Evaluate each policy rule sequentially
Cross-reference with resource tags
Check time-based constraints
Log each policy evaluation
O(users × roles × resources × rules)
= O(n²) to O(n³) per decision
🤖 Agentic Breakdown:
Agent makes 100 checks/min × 400ms each
= 40 seconds of blocking per minute
Sub-agents inherit permissions = exponential chains
🤖 Agentic Ready:
100 checks/min × 10μs each = 1ms total
Grid is portable, no server dependency
1
🤖 Agent Grid: Read the Shape at a Glance
The agent carries this grid locally—no server calls, no rule lookups
Look at Sarah's AI agent grid and you can see its authority instantly:
🔥 Hot spots (red P cells): Business row blazes—Marketing domain. Public column lights up—can publish externally. Team→Global cells glow in upper triangle—can escalate content for release.
❄️ Cold spots (gray S cells): Tech column is a desert—the agent can't touch code. Confidential→Public is blocked—can't reclassify sensitive docs without Legal approval. Global row is lukewarm—needs human approval to act at org-wide scope.
The asymmetry tells the story: Upper triangle (escalation rights) differs from lower triangle (delegation rights). The agent can publish Team content to Global (that's PR). It cannot push Global mandates down to Teams (that's executive authority it lacks).
✓ What's Real Today
The 12×12 grid structure and comparison logic work. The math is proven. This visualization runs in your browser right now. The pattern comparison is O(1).
⚠ Enterprise Expansion Needed
Identity provisioning: Real companies need connectors to pull from Active Directory, Okta, or SCIM. Sarah's grid would be auto-generated from her HR profile + role assignments + manager overrides. This is integration work, not algorithm work—well-understood patterns.
★
🔥❄️ What Hot & Cold Spots Reveal
The grid is a diagnostic tool, not just an access control mechanism
Traditional IAM is opaque. Ask "Why can Sarah access this?" and you get: "She's in the Marketing-External-PR-Approvers group which inherits from Marketing-All which has a policy linked to..." Nobody can see the full picture.
FIM grids are transparent. Hot spots and cold spots aren't just visual aids—they're diagnostic signals that reveal organizational reality:
🔥 What Hot Spots Tell You
Expertise: A hot Business row = this person lives in that domain
Trust level: Hot upper triangle = authorized to escalate decisions upward
Scope of influence: Hot Global column = org-wide authority
Permission creep: Grid getting hotter over time? Red flag for audit
❄️ What Cold Spots Tell You
Boundaries: A cold Tech column = "not my job" is enforced
Separation of duties: Cold Conf→Pub cell = can't self-approve reclassification
Least privilege: More gray = tighter security posture
Skill gaps: Cold spots might indicate training opportunities
⚡ The Power Move: Grid Comparison
Put two employees' grids side by side. Instantly see who can cover for whom during vacation. See where your team has single points of failure (only one hot spot in that column). See if a promotion candidate's grid matches the role they're moving into. See if a departing employee's access has been properly transferred. The shape tells the story.
🎯 Anomaly Detection Built In
A developer's grid should have a hot Tech column and cold Finance row. If suddenly their Finance column lights up—that's visible. No log correlation needed. No SIEM query. The grid shape changed. Either they got a legitimate new role, or something's wrong. Security becomes visual.
🤖 Why Granular ACLs Break Agentic Systems
Traditional IAM assumes humans make a few permission checks per session. AI agents make hundreds per minute. Each "can I read this file?" requires a server round-trip, role traversal, policy evaluation. At 400ms per check, the agent spends more time waiting for permission than working.
Worse: sub-agent inheritance. Agent A spawns Agent B with reduced scope. Agent B spawns Agent C. With ACLs, each inheritance requires computing a new effective permission set from intersecting role memberships. With FIM, it's a bitwise AND on two grids—one operation, microseconds, done.
Worst: audit explosion. 100 agents × 100 checks/min × 6 log entries per ACL evaluation = 60,000 log entries per minute. With FIM: 100 agents × 100 checks × 1 grid comparison each = 10,000 compact audit records. The grid diff IS the audit.
2
📁 Resource Grid: The Document's "Wanted Poster"
The press release declares exactly what kind of person can touch it
The Q4 Press Release isn't just a file—it's a regulated financial document. Before FIM, protecting it required: a SharePoint permission group, an approval workflow, a sensitivity label, a retention policy, and probably a custom Power Automate flow. Five different systems, five different admin interfaces, five different failure modes.
The resource grid is mostly cold. That's the point. Most cells are S (no requirement)—the document doesn't care if you have Tech domain access or Confidential clearance. It only "lights up" the cells that matter:
🔥 Hot requirements: Public column (this will be published), Business row (Marketing owns it), Team→Global cells in upper triangle (you need escalation authority to publish externally).
Resource grids can be defined manually or templated. A "Press Release" template would pre-fill the standard requirements. The comparison logic handles sparse grids efficiently.
⚠ Enterprise Expansion Needed
Auto-classification: Real deployment needs ML-assisted classification to suggest grids based on content, location, and metadata. Microsoft Purview, Titus, or custom models could feed into FIM grid generation. Workflow integration: Document lifecycle (draft → review → approved → published) would shift grid requirements at each stage.
3
🔑 The Overlay: Where Hot Meets Cold
Stack the grids. Green = your heat covers their requirements. Red = gap.
At 8:47am, Sarah's AI agent attempts "Publish." It stacks its own grid on top of the document's requirement grid—locally, in microseconds, no server call:
✅ Green (pass): Everywhere the document is cold (S), auto-pass—it didn't require anything there. Everywhere the document is hot and the agent is equally hot or hotter, pass—its authority covers the requirement.
❌ Red (fail): If the document requires P (write) in a cell where the agent only has B (read) or S (nothing), that cell fails. The gap is visible. The reason is obvious. No log correlation needed.
The result grid IS the audit log. Compliance doesn't ask "why was this granted?" They look at the overlay and see: the agent's Business row covered the document's Business requirement. Its Team→Global escalation cells covered the publication requirement. Its Public column was hot where the document needed it. 144 cells. 10 microseconds. The shape explains itself.
✓ What's Real Today
The comparison algorithm is implemented below. You can see it running. The audit output shows exactly which cells passed/failed and why. This IS the policy engine—not a visualization of one.
⚠ Enterprise Expansion Needed
Policy enforcement point: Real systems need a PEP (like a reverse proxy or API gateway) that intercepts requests and calls the FIM comparison. This is standard IAM architecture. Caching strategy: Identity grids change rarely; cache them. Resource grids are more dynamic; cache with appropriate TTL. Federation: Cross-org access needs grid translation protocols.
🛡️ SENSITIVITY
🔐Confidential
🔒Internal
🔓Public
🏢 DOMAIN
📄Data
💻Tech
💼Business
🎯 SCOPE
🌍Global
👥Team
👤Self
P
Write Access
B
Read Access
S
No Access
✓
Requirement Met
✗
Gap (Denied)
🤖 Sarah's AI Agent Grid (Read the Shape)
The agent carries this grid | Hot = can act | Cold = blocked | Tech column (💻) is a desert | Business row (💼) is home
📁 Q4 Press Release Requirements (Asymmetric)
Upper triangle: escalation rights (↗) | Lower triangle: delegation rights (↘) | These differ!
🔑 The Overlay Result: Heat Coverage Map
Green = agent's authority covers requirement | Red = gap (blocked) | All green = GRANTED in 10μs
🎯 Why This Is Different (Not Just Better)
Asymmetry IS Policy
Cell(Team,Global) ≠ Cell(Global,Team). Publishing upward requires approval authority; broadcasting downward requires delegation authority. The grid's asymmetry encodes directional flows that traditional ACLs flatten into symmetric "read/write" bits.
Meta-Access IS Visible
Writing TO a sensitivity level (reclassifying docs) differs from writing AT that level. The grid separates operational access from classification authority. You can see who can change the rules, not just follow them.
Direction IS Audit
When Sarah publishes Team→Global, the grid captures the escalation vector. The comparison result shows not just pass/fail but the direction of the permission flow. Compliance sees the shape of the action, not just the outcome.
🤖 Agents IS Portable
An AI agent carries its grid—no server dependency. Sub-agents inherit via bitwise AND. Permission checks are local, microsecond operations. This is the only IAM model that scales to agentic systems. Traditional ACLs require the agent to phone home for every action. FIM lets agents self-govern within their grid boundaries.