Modern computing systems can be leveraged to access an array of different functionalities and content, such as for enterprise tasks, interpersonal communication, education, entertainment, and so forth. While such capabilities provide increasing convenience and productivity, they also introduce certain risks. For instance, an enterprise entity typically maintains sensitive data that it uses for its operations, and utilizes various services and accounts to control access to the data. An entity (e.g., a hacker) that gains unauthorized control of a particular identity may utilize the identity to access a particular service or account and thus access the sensitive data. Further, unauthorized access to a service and/or an account enables various malicious actions to be performed that cause harm to the enterprise entity.
Accordingly, different techniques have been developed for controlling access to functionality and data in attempts to prevent unauthorized access. For instance, access to a sensitive data file may be limited to a discrete set of user identities listed in an access control list for the data file. However, if an identity in the access control list becomes compromised, the data file may be exposed to an unauthorized entity. Further, the compromised identity may be used to gain unauthorized access to a particular service or account such that various malicious actions can be performed. With the ever-increasing connectedness of today's networks, tracking identities and enforcing permissions across different networks and domains presents a number of challenges.