A service that issues, relays, or negotiates access on behalf of other systems. In hybrid environments this includes Kerberos proxies, authentication gateways, and cloud control-plane components that decide whether a request becomes trusted access.
Expanded Definition
A trust broker is the intermediary that evaluates a request, applies policy, and then issues or relays the trust decision needed for a downstream system to grant access. In NHI environments, that can include Kerberos proxies, authentication gateways, federation services, and cloud control-plane components that sit between an actor and a protected resource.
The key distinction is that a trust broker does not merely authenticate once and step away. It often influences session creation, token exchange, delegation, and the translation of one trust domain into another. That makes it central to how identity assurance is propagated across hybrid infrastructure, especially when service accounts, workload identities, and agentic systems move between platforms. In practice, the term overlaps with federation and access brokering, but usage in the industry is still evolving and no single standard governs this yet. For broader NHI governance context, NHI Management Group’s Ultimate Guide to NHIs frames trust mediation as part of the control surface that determines whether a non-human actor is allowed to proceed. NIST’s NIST Cybersecurity Framework 2.0 is useful for mapping the governance and access-control expectations around such decision points.
The most common misapplication is treating a trust broker as a simple login gateway, which occurs when teams overlook the policy decisions, token exchange, and delegation paths it governs.
Examples and Use Cases
Implementing trust brokering rigorously often introduces latency and policy complexity, requiring organisations to weigh stronger control over cross-domain access against the operational cost of maintaining those decision paths.
- A Kerberos proxy translates enterprise trust into a format that a legacy application can accept without exposing the original credentials.
- A cloud identity gateway issues short-lived tokens to a workload after validating context from an external IdP and internal policy engine.
- A service mesh identity layer brokers trust between microservices so each call is authorized before the request reaches the application.
- An agent platform uses a broker to decide whether an AI agent can invoke a ticketing, code, or finance tool under current policy.
- A federation service relays trust between a partner environment and internal systems while enforcing audience, scope, and expiration checks.
These use cases align closely with the control concerns described in the Ultimate Guide to NHIs, especially where identity lifecycle, privilege scope, and access mediation intersect. For implementation baselines, NIST’s NIST Cybersecurity Framework 2.0 provides a practical lens for tying broker behavior to access governance and protective controls.
Why It Matters in NHI Security
Trust brokers can become high-value compromise points because they sit in the path of authentication, authorization, and delegation. If an attacker alters broker policy, steals its signing key, or abuses a misconfigured token exchange, the result is often broad access across systems that assumed the broker was trustworthy. This is especially dangerous for NHIs because machine identities tend to operate at high speed, with broad reach, and without human intervention.
NHI Management Group notes that 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, which is a strong signal that trust brokering is not just an architecture detail. It is a governance control point for secrets, tokens, scopes, and session issuance. When misunderstood, organisations often focus on endpoint authentication and ignore the broker’s downstream effect on privilege propagation, token lifetime, and cross-boundary trust translation. That is where privilege escalation, lateral movement, and broken revocation paths emerge. Organisations typically encounter the impact only after a broker compromise, token replay, or cross-domain access incident, at which point trust brokering becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Trust brokers mediate NHI auth flows and token exchange paths. |
| NIST CSF 2.0 | PR.AC-4 | Covers access permissions and the control points that grant trust. |
| NIST Zero Trust (SP 800-207) | Zero trust relies on continuous verification at mediation points. |
Inventory brokers, restrict delegated trust, and validate every token issuance path.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 23, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
