HOLD xxx: Episode 133 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Who Goes There? Web Auth for Bots

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Thibault Meunier , Research Engineer @ Cloudflare
• Guest: Mark Nottingham, Standards Lead @ Cloudflare

Channels

• Linkedin Event
• Youtube Video

Description

Join us for this Identerati Office Hours as we dive into the thorny problem of authenticating bots on the web. From AI agents to RPA scripts, non-human actors are becoming first-class participants in digital workflows—but the web wasn’t designed with them in mind. We’ll explore emerging patterns for bot identity, authentication, and policy enforcement, and what it means for access control and trust. Whether you’re building an LLM assistant or securing APIs, this session is for anyone navigating the evolving landscape of bot auth.

Homework

• Message Signatures are now part of our Verified Bots Program, simplifying bot authentication
• Github Home for web-bot-auth - a full implementation of the Web Bot Authentication protocol (based on draft-meunier specs), with live deployment examples and test suites
• Forget IPs: using cryptography to verify bot and agent traffic Coudflare blog explains the rationale and technical details behind HTTP Message Signatures and mTLS for bot identity
• IETF draft HTTP Message Signatures for automated traffic Architecture Cloudflare blog details developer libraries (Rust/TypeScript) and integration guides for message signatures in their Verified Bots program

Takeaways

TBD

Livestream Audio Archive

Will be Here