2026-06-01 –, Room 2
Authorization models were designed for a world where humans click buttons. Agents don't click buttons — they make thousands of tool calls per session across dozens of APIs, and the question isn't just "is this user allowed to call this tool?" but "is this the right tool call given what this user is actually doing right now?" Static role-based or attribute-based policies can't answer that question. They can tell you someone has access to Jira, but they can't tell you which project to scope the call to without a role-per-project mapping that doesn't scale.
This talk presents a working model for context-aware agent authorization that treats memory — what a user is working on, what tools they typically use, what their agent has been doing in this session — as a first-class input to the policy engine. We'll walk through where RBAC, ABAC, and ReBAC each fall short for agent tool calls, why the missing piece is situational context rather than more roles, and how to build a fast-path authorization system that evaluates dynamic memory-backed predicates alongside static policy — with sub-millisecond decisions, full auditability, and graceful escalation when the system isn't confident enough to auto-approve.
Expect Datalog, expect architecture diagrams, and expect honest discussion of what's still unsolved — including the local authentication problem that nobody wants to talk about.
Robert Chiniquy is an engineer at ConductorOne, where he builds identity governance systems for human and non-human actors. He co-founded ScaleFT, a Zero Trust access platform acquired by Okta in 2018, where he served as Founder in Residence and led Okta's first incubation project. His work spans identity infrastructure, formal verification of distributed systems correctness at scale, and dynamic authorization models for AI agents. He is currently focused on how memory, context, and structured API knowledge can inform real-time policy decisions when thousands of tools are available to autonomous agents.