Identity Management for Agentic AI: The new frontier of authorization, authentication, and security for an AI agent world

TL;DR

This paper discusses the challenges and future directions of identity management, authentication, and authorization for autonomous AI agents, emphasizing the need for scalable and secure access control mechanisms.

Contribution

It provides a strategic agenda and reviews existing resources for securing AI agents, addressing foundational identity and access management issues for autonomous systems.

Findings

Current protocols like MCP highlight the need for clearer best practices.

Ambitions for autonomous agents raise complex long-term access control questions.

The paper outlines resources and strategies for securing AI agents now and in the future.

Abstract

The rapid rise of AI agents presents urgent challenges in authentication, authorization, and identity management. Current agent-centric protocols (like MCP) highlight the demand for clarified best practices in authentication and authorization. Looking ahead, ambitions for highly autonomous agents raise complex long-term questions regarding scalable access control, agent-centric identities, AI workload differentiation, and delegated authority. This OpenID Foundation whitepaper is for stakeholders at the intersection of AI agents and access management. It outlines the resources already available for securing today's agents and presents a strategic agenda to address the foundational authentication, authorization, and identity problems pivotal for tomorrow's widespread autonomous systems.