Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Identity Management for Agentic AI: The new frontier of authorization, authentication, and security for an AI agent world

Tobin South, Subramanya Nagabhushanaradhya, Ayesha Dissanayaka, Sarah Cecchetti, George Fletcher, Victor Lu, Aldo Pietropaolo, Dean H. Saxe, Jeff Lombardo, Abhishek Maligehalli Shivalingaiah, Stan Bounev, Alex Keisner, Andor Kesselman, Zack Proser, Ginny Fahs, Andrew Bunyea, Ben Moskowitz, Atul Tulshibagwale, Dazza Greenwood, Jiaxin Pei, Alex Pentland

TL;DR

This paper analyzes the identity, authentication, and authorization challenges posed by autonomous AI agents, arguing that existing frameworks (e.g., OAuth 2.1, MCP, SSO/SCIM) address only single-trust-domain, synchronous scenarios. It advocates a shift toward agent-native identities, explicit delegated authorization, and a decentralized trust fabric to securely enable cross-domain, recursive delegation and durable agent lifecycles. Key contributions include architectural models for agent identity, externalized authorization (PEP/PDP), audit-friendly delegation, guardrails, and cross-domain federation mechanisms, plus practical workflows for dynamic discovery, de-provisioning, and governance. The work highlights practical use cases and forward-looking challenges, emphasizing the need for interoperable standards (IPSIE, AuthZEN, A2A, Web Bot Auth) to unlock scalable, trustworthy agent ecosystems across enterprise and consumer contexts.

Abstract

The rapid rise of AI agents presents urgent challenges in authentication, authorization, and identity management. Current agent-centric protocols (like MCP) highlight the demand for clarified best practices in authentication and authorization. Looking ahead, ambitions for highly autonomous agents raise complex long-term questions regarding scalable access control, agent-centric identities, AI workload differentiation, and delegated authority. This OpenID Foundation whitepaper is for stakeholders at the intersection of AI agents and access management. It outlines the resources already available for securing today's agents and presents a strategic agenda to address the foundational authentication, authorization, and identity problems pivotal for tomorrow's widespread autonomous systems.

Identity Management for Agentic AI: The new frontier of authorization, authentication, and security for an AI agent world

TL;DR

This paper analyzes the identity, authentication, and authorization challenges posed by autonomous AI agents, arguing that existing frameworks (e.g., OAuth 2.1, MCP, SSO/SCIM) address only single-trust-domain, synchronous scenarios. It advocates a shift toward agent-native identities, explicit delegated authorization, and a decentralized trust fabric to securely enable cross-domain, recursive delegation and durable agent lifecycles. Key contributions include architectural models for agent identity, externalized authorization (PEP/PDP), audit-friendly delegation, guardrails, and cross-domain federation mechanisms, plus practical workflows for dynamic discovery, de-provisioning, and governance. The work highlights practical use cases and forward-looking challenges, emphasizing the need for interoperable standards (IPSIE, AuthZEN, A2A, Web Bot Auth) to unlock scalable, trustworthy agent ecosystems across enterprise and consumer contexts.

Abstract

The rapid rise of AI agents presents urgent challenges in authentication, authorization, and identity management. Current agent-centric protocols (like MCP) highlight the demand for clarified best practices in authentication and authorization. Looking ahead, ambitions for highly autonomous agents raise complex long-term questions regarding scalable access control, agent-centric identities, AI workload differentiation, and delegated authority. This OpenID Foundation whitepaper is for stakeholders at the intersection of AI agents and access management. It outlines the resources already available for securing today's agents and presents a strategic agenda to address the foundational authentication, authorization, and identity problems pivotal for tomorrow's widespread autonomous systems.

Paper Structure

This paper contains 35 sections, 2 figures.

Table of Contents

  1. Agents are Different this Time?
  2. Defining AI Agents
  3. Agents Need Specific Authentication and Authorization
  4. Intended Audience
  5. Immediate Solutions to Current Use Cases
  6. Agents and their Resources
  7. Agent Protocols
  8. MCP
  9. Authentication
  10. Dynamic Client Registration
  11. Authorization
  12. Asynchronous Authorization for Agents
  13. Identity for AI Agents
  14. SSO & Provisioning
  15. Operationalizing Agent Identity and Authorization
  16. ...and 20 more sections

Figures (2)

  • Figure 1: An illustrative example of the different types of AI agents and how they use tools, such as the Model Context Protocol (MCP), across increasing levels of autonomy.
  • Figure 2: An illustration of the types of agent to tool (MCP) and agent to agent (A2A) within trust domains (e.g., a single enterprise) and across trust boundaries. Complexity, security risks, observability, and identity challenges all become harder as external communication and delegation increase.