Background: The rapid emergence of agentic artificial intelligence (AI) systems—autonomous software agents that perform tasks across distributed environments—poses novel identity, authentication, and access-control challenges that traditional human-centric identity systems were not designed to handle. Centralized identity models, weak provenance guarantees, and static access decisions create exploitable gaps when agents act autonomously and at scale. The literature indicates converging proposals: decentralized identifiers (DIDs), SPIFFE/SPIRE workload identity, intent-aware identity models, and zero-trust principles adapted for machine agents. However, an integrative, publication-ready architecture that unifies these elements into a rigorously specified, implementable framework that addresses agent intent, risk-driven policy, provenance, and lifecycle security is still absent. (W3C, 2023; Hasan, 2024; Achanta, 2025; CNCF, 2024).

 Objective: To design, justify, and evaluate a comprehensive, publication-quality framework—Intent-Aware Decentralized Identity and Zero-Trust Framework (IADIZ)—that combines DIDs, workload identity primitives, intent modeling, and risk-driven policy enforcement to secure agentic AI workloads across heterogeneous infrastructures. The framework must be theoretically grounded, map to existing standards and best practices, and provide operational guidance for threat modeling, lifecycle management, and auditing.

 Methods: IADIZ is constructed through an interdisciplinary synthesis of the referenced works and established security principles. The methodology uses conceptual design, threat modeling aligned with OWASP’s AI and multi-agent guides, mapping to SPIFFE workload identity primitives and DID specifications, and articulates policy evaluation pipelines that incorporate intent signals and risk scores. The framework’s properties are analyzed in depth with scenario-driven descriptive evaluations: identity issuance and binding, agent onboarding, delegation, proof-of-intent, policy arbitration, provenance telemetry, and compromise recovery. Each component is examined for security properties, failure modes, and countermeasures, with practical implementation notes referencing recent research and operational advisories. (Kumar, 2023; OWASP, 2024; Syros et al., 2025).

 Results: The framework yields a layered architecture where cryptographically anchored DIDs provide long-lived decentralized identity; SPIFFE-like workload identity provides ephemeral workload credentials; intent attestation tokens represent current goals and permitted action classes; a risk engine ingests provenance telemetry, behavioral signals, and contextual data to produce dynamic policy decisions; and immutable audit trails enable post-hoc analysis. The descriptive evaluation demonstrates increased resilience against common attack vectors such as identity spoofing, credential theft, lateral movement, supply-chain compromise, and intent-manipulation attacks when compared conceptually to non-intent-aware or centralized identity models (Hasan, 2024; Achanta, 2025; Syros et al., 2025; Huang et al., 2025).

 Conclusions: IADIZ offers an actionable design for institutions deploying agentic AI. By integrating decentralized identifiers, workload identity, intent attestation, and dynamic zero-trust control, the architecture addresses gaps in provenance, policy expressiveness, and adaptivity to agent behavior. The paper presents detailed operational recommendations, threat mitigations, and an agenda for empirical validation. The framework aligns with governmental and industry guidance on cybersecurity and zero-trust and is suitable for adoption within critical sectors where autonomous agents exert significant control. (W3C, 2023; White House, 2021; NIST, 2024; HIMSS, 2023).