Large Language Model (LLM) agents combine the chat interaction capabilities of LLMs with the power to interact with external tools and APIs. This enables them to perform complex tasks and act autonomously to achieve user goals. However, current agent systems operate on an all-or-nothing basis: an agent either has full access to an API's capabilities and a web page's content, or it has no access at all. This coarse-grained approach forces users to trust agents with more capabilities than they actually need for a given task. In this paper, we introduce AC4A, an access control framework for agents. As agents become more capable and autonomous, users need a way to limit what APIs or portions of web pages these agents can access, eliminating the need to trust them with everything an API or web page allows. Our goal with AC4A is to provide a framework for defining permissions that lets agents access only the resources they are authorized to access. AC4A works across both API-based and browser-based agents. It does not prescribe what permissions should be, but offers a flexible way to define and enforce them, making it practical for real-world systems. AC4A works by creating permissions granting access to resources, drawing inspiration from established access control frameworks like the one for the Unix file system. Applications define their resources as hierarchies and provide a way to compute the necessary permissions at runtime needed for successful resource access. We demonstrate the usefulness of AC4A in enforcing permissions over real-world APIs and web pages through case studies. The source code of AC4A is available at https://github.com/reSHARMA/AC4A

翻译：大型语言模型智能体结合了LLM的对话交互能力与外部工具及API的交互能力，使其能够执行复杂任务并自主实现用户目标。然而，当前智能体系统采用"全有或全无"的运行模式：智能体要么能完全访问API功能及网页内容，要么完全无法访问。这种粗粒度机制迫使用户信任智能体，使其拥有超出实际任务需求的权限。本文提出AC4A——面向智能体的访问控制框架。随着智能体能力与自主性的提升，用户需要能限制智能体对API或网页特定部分的访问权限，避免必须授予API或网页所允许的全部权限。AC4A的目标是提供权限定义框架，使智能体仅能访问其授权范围内的资源。该框架适用于基于API和基于浏览器的智能体，不预设具体权限内容，而是提供灵活的权限定义与实施方式，具备实际系统落地能力。AC4A通过创建授权资源访问的权限机制运作，其设计借鉴了Unix文件系统等经典访问控制框架。应用程序将资源定义为层次化结构，并提供运行时计算成功访问资源所需权限的方法。我们通过实际API和网页的权限管控案例验证了AC4A的有效性。AC4A源代码见https://github.com/reSHARMA/AC4A