anyone using spicedb for authz on agentic identities? Curious how folks are approaching it from a design / architecture perspective

i haven't talked to anyone doing it, but i can't imagine it'd be much different than any other kind of subject. you'd treat it the same way that you'd treat a service account or other user-adjacent subject.

yeah agreed. was just interested to see if people have started doing it yet

it might be interesting to make various tools and MCPs available to the agentic system / user, based on their permissions. I would think that the permissions of the user / service account would passthrough, such that a user invoking an MCP might have the MCP's context limited to that users accessible resources, even though the MCP itself may have access to all resources so that it can serve multiple users, muti-tenant style