Episode 134 - GluuFederation/identerati-office-hours GitHub Wiki
Title: OIDC-A: Securing AI Agent Identity
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Subramanya Nagabhushanaradhya, Machine Learning Engineer Dylog
- Guest: Tobin South, Research Fellow, Stanford University
Channels
Description
Traditional OAuth and OpenID Connect protocols are inadequate to secure AI agents acting on behalf of users across complex organizational boundaries. The OpenID Connect for Agents (OIDC-A) draft introduces cryptographic attestation of agent integrity, standardized representation of delegation relationships, and attribute-based authorization. OIDC-A represents a fundamental shift from treating AI agents as simple applications to recognizing them as distinct entities requiring purpose-built identity and access management solutions.
Homework
- OIDC A Proposal
- Strata Blog on Agentic Identity
- Blog on OIDC A
- Authenticated Delegation of Authority for AI Agents, video of talk by Tobin South.
Takeaways
-
⚡ Given the chaotic sprawl of the AI identity landscape, the OpenID Artificial Intelligence Identity Management Community Group is trying to identify patterns and best practices. Here are a few they'll have to look for:
-
⚡ Agentic Identity: Is an AI agent uniquely identified by a URI, DID, URN or something else?
-
⚡ Agentic Authentication: Should agents use Dynamic Client Registration, Attestation Based Client Authentication ("ABC Authn"), or something else--see DCR skeptic Dick Hardt's recent suggestion: https://gluu.co/no-dcr ?
-
⚡ Agentic Federation: What will "Delegation Credentials" look like? How can domains encode obligations and restrictions, not just access? What's the trust model to scale not just the tools but the rules?
-
⚡ Agentic Authorization: JWTs are input to policies which unlock capabilities. But how do you even make policies about tokens in multiple domains? See: https://gluu.co/multi-token-authz
Livestream Audio Archive
Claude Generated Questions
1. Fundamental Identity Model
How should OIDC-A differentiate between AI agents and traditional applications in terms of identity representation? What unique attributes or claims should be included in agent tokens that don't exist in standard OIDC tokens?
2. Cryptographic Attestation
What cryptographic mechanisms should OIDC-A employ to attest agent integrity? Should this include hardware-based attestation, code signing verification, or behavioral attestation patterns?
3. Delegation Relationships
How should OIDC-A standardize the representation of delegation relationships between users and AI agents? What metadata is essential to capture the scope, duration, and constraints of delegated authority?
4. Cross-Organizational Boundaries
What challenges arise when AI agents operate across different organizational domains, and how should OIDC-A address trust establishment between organizations that may have different security policies?
5. Attribute-Based Authorization
How should OIDC-A integrate with attribute-based access control (ABAC) systems? What agent-specific attributes should be standardized for authorization decisions?
6. Agent Lifecycle Management
How should OIDC-A handle the lifecycle of AI agents, including provisioning, credential rotation, suspension, and decommissioning? What events should trigger credential updates?
7. Consent and User Control
What mechanisms should OIDC-A provide for users to grant, monitor, and revoke permissions for AI agents acting on their behalf? How granular should these controls be?
8. Multi-Agent Scenarios
How should OIDC-A handle scenarios where multiple AI agents need to collaborate or where one agent delegates to another? What are the security implications of agent-to-agent delegation?
9. Backward Compatibility
To what extent should OIDC-A maintain compatibility with existing OAuth 2.0 and OpenID Connect infrastructure? What migration path should be provided for existing systems?
10. Privacy and Data Minimization
How should OIDC-A ensure that agent tokens contain only the minimum necessary information while still providing sufficient context for authorization decisions? What privacy-preserving techniques should be employed?
11. Audit and Compliance
What audit trails and logging requirements should OIDC-A mandate for AI agent activities? How should the standard support compliance with regulations like GDPR, CCPA, or industry-specific requirements?
12. Implementation Challenges
What are the most significant technical and operational challenges organizations will face when implementing OIDC-A? How can the standard be designed to minimize implementation complexity while maintaining security?
Additional Considerations
- Performance implications of enhanced security measures
- Scalability concerns for large-scale agent deployments
- Integration with existing identity providers and authorization servers
- Standards alignment with other emerging AI governance frameworks