Quick post. I come from an Identity and security background, and still work closely with the Microsoft Identity team, who do a lot of work in standards working groups. There’s currently a lot of new technology emerging for agent identities before new standards have been agreed (this is typically slow work, but there seems to be an urgency to the new efforts for agents). Some of this technology can already begin to address one of the major challenges for agent security: static authorisation grants for dynamic authorisation needs. But obviously everyone would rather this was all founded in standards (IMO nothing has improved web security more than the OAuth 2.0 and OIDC standards, relative to what preceded them).
IMO there are two major authentication and authorisation challenges to address:
Much of the first of these needs can be met with available technologies. For instance, Anthropic document their support for Workload Identity Federation, but frustratingly they don’t seem to mention it in their recent Zero Trust for AI Agents whitepaper (which is broadly welcome, if IMO short of the mark in some areas like this).
Dick Hardt shared an excellent critique of the Anthropic paper. I can’t recommend this highly enough if you want to understand the gulf between AI developers and the Identity field. This critique is also an excellent on-ramp to the needs he’s working on in the AAuth protocol, which shares much in common with some of the wider IETF streams. From what I can gather, those efforts are not a major topic here, so I also wanted to share some of what’s in flight at IETF (this Claude summary shared by George Fletcher gives some idea).
Identity protocols are complex, and were already too complex for many developers to implement well (roll-your-own identity and cryptography are two anti-practices that I hope are mainly avoided today). With agent identity needs, these protocols are only getting more complex, albeit with some great foundations from the standards that exist today. This is one of a few areas where the AI Control field needs to be exceptionally current, as there is a separate hive mind working very hard on these problems.