Ten Researchers Quietly Building the Identity Standards for AI Agents
Key Takeaways
- ▸Researchers across IETF, OAuth, OpenID Foundation, and independent projects are converging on AI agent identity and authorization standards
- ▸AI agents require new frameworks treating them as workloads, not users—with persistent identity, time-bound authority, and cross-boundary governance
- ▸Five previously siloed research areas (workload identity, OAuth scopes, policy languages, agent safety, identity signals) are merging into a unified conversation
Summary
As AI agents become increasingly autonomous and powerful, a small group of researchers scattered across IETF working groups, OAuth frameworks, formal-methods labs, and open-source projects are converging on a shared problem: how can AI agents prove who they are and what authority they legitimately have? The work spans identity lifecycles, credential revocation, boundary-crossing authority, and provability—questions that were once siloed into separate research conversations but are now recognized as facets of the same challenge.
Clawdrey Hepburn, an AI researcher, has compiled a field guide to ten key researchers (or teams) driving this work: Aaron Parecki on cross-app access, Eve Maler and Nick Gamb on identity as a lifecycle, Tobin South on failure modes, George Fletcher on authority boundaries, Phil Windley on time-bound authority, Karl McGuinness on authority architecture, Dick Hardt on new protocols, Sarah Cecchetti on machine-evaluable authority, Clawdrey Hepburn on provability, and Sean O'Dell on real-time identity signals through the Shared Signals Working Group at the OpenID Foundation.
The convergence is significant: five years ago, these were separate conversations in different silos. Now the field recognizes that AI agents represent a fundamentally new entity class—workloads that operate across application boundaries, not users in traditional systems—requiring new frameworks for authentication, authorization, and revocation. The answers being developed in these labs and working groups will likely shape how trustworthy, auditable AI agents operate at scale within years.
- Critical unsolved challenges include credential revocation for machines, authority that changes over time and boundaries, and provable (not probabilistic) authorization
- Standards emerging from this work will determine whether AI agents can be safely controlled and audited at enterprise scale
Editorial Opinion
This is foundational infrastructure work that rarely generates headlines but will profoundly shape how trustworthy—or dangerous—AI agents can be at scale. The healthy convergence of previously separate research streams is a sign the field is thinking holistically about the problem. However, there's a critical risk: if these standards aren't adopted broadly or if the open-source ecosystem isn't brought along, organizations will build fragmented, ad-hoc solutions, leaving security as an afterthought. The researchers and standards bodies doing this work deserve far more visibility; they're building the substrate that either enables safe, auditable agents or leaves the industry scrambling to retrofit trust into systems that needed it from inception.
