Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents

TL;DR

This paper proposes a portable authorization model for autonomous enterprise agents, enabling explicit, constrained, auditable, and interpretable authority across organizational boundaries.

Contribution

It introduces a novel authorization framework based on issuer-authored payloads, constraint algebra, and semantic resolution to address identity limitations in autonomous systems.

Findings

Analyzes enterprise use cases highlighting gaps in current identity models.

Proposes a modular authorization architecture with cross-profile compatibility.

Defines semantics for consistent interpretation across trust boundaries.

Abstract

Enterprise AI is shifting from copilots to autonomous agents capable of executing workflows, negotiating outcomes, and making decisions with limited human oversight. As these systems extend across organizational boundaries, identity alone is insufficient: an agent's authority must also be explicit, constrained, auditable, revocable, and consistently interpretable by independent receivers. This paper analyzes representative enterprise use cases in insurance claims processing and supply chain integrity to surface structural gaps in existing identity and access models. It proposes a portable authorization model for autonomous agents based on issuer-authored authorization payloads, typed constraint algebra, decision-consistent evaluation semantics, delegation attenuation, governed semantic resolution, fail-closed processing, and pre-flight discovery. The model separates credential containers, authorization payload semantics, and enforcement engines, allowing profiles such as JWT/JWS, Verifiable Credentials, OAuth Rich Authorization Requests, or policy-engine bindings to preserve a common authorization meaning across trust boundaries.