Content

Applicable customers: All customers. New Feature/Specification: EIAM Cloud Identity Service adds machine-to-machine (M2M) permission management, supporting automated authorization between applications without user involvement. Through basic configuration, you can create M2M applications, manage multiple credential types (Client Secret, public/private keys, and federated credentials), and set network access scope and OAuth 2.0/OpenID Connect standard protocol parameters. Authorization management enables fine-grained access control for caller applications, granting precise permissions based on the "resource:operation:condition" model. Permission exposure allows callees to define server-side permissions and attach resource server identity via the audience identifier (aud), ensuring token usage border security. This capability deeply integrates with API Gateway and RAM STS, enabling access to Alibaba Cloud resources without AccessKey pairs. It is applicable to scenarios such as unified API authentication, multicloud collaboration, and secure AI service invocation, providing standardized support for enterprises to build machine identity administration systems under a zero trust architecture.