Re: Agent-Native Auth and Id: auth.md as a Signal of Emerging Standards Gaps from Aaron Parecki on 2026-05-25 (public-agentprotocol@w3.org from May 2026)

From: Aaron Parecki <aaron@parecki.com>
Date: Mon, 25 May 2026 07:27:34 -0700
To: paoladimaio10@googlemail.com
Cc: public-agentprotocol <public-agentprotocol@w3.org>, public-webagents <public-webagents@w3.org>, W3C AIKR CG <public-aikr@w3.org>
Message-ID: <CAGBSGjp6hEyu2uWKnT07oxCuwRSpUZh19XwpcB1JZ6LeoJk1MA@mail.gmail.com>

This is based on this OAuth draft:

https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/




On Mon, May 25, 2026 at 7:22 AM Paola Di Maio <paola.dimaio@gmail.com>
wrote:

> Greetings everyone
>
> I am simply keeping an eye out on thiings and have come across this
> https://github.com/workos/auth.md
>
> I wonder, how does this relate to everything else we are
> discussing/doing/observing in this space?
>
> My understanding is that  this is an emerging protocol proposal that may
> be relevant to ongoing discussions around federated identity, delegated
> authorization, verifiable credentials, and autonomous software agents  but
> not a W3C thing
> Please feel free to share with related CGs
>
> brief analysis:
>
>  “auth.md”, an OAuth-based agent registration and authorization approach
> intended for autonomous AI agents operating without traditional
> browser-mediated consent flows.
>
> What makes this notable is not necessarily the specific proposal itself,
> but the architectural gap it exposes:
>
> Current OAuth/OIDC assumptions are heavily browser- and human-centric:
>
>    -
>
>    redirect-based consent
>    -
>
>    interactive authorization
>    -
>
>    session-oriented mediation
>    -
>
>    user-present trust boundaries
>
> Autonomous agents introduce different requirements:
>
>    -
>
>    long-lived delegated authority
>    -
>
>    non-interactive authorization
>    -
>
>    machine-verifiable delegation chains
>    -
>
>    portable trust assertions
>    -
>
>    agent-scoped identity distinct from user identity
>    -
>
>    policy-constrained autonomous execution
>
> The proposal appears to combine:
>
>    -
>
>    OAuth Protected Resource Metadata
>    -
>
>    signed identity assertions
>    -
>
>    machine-readable discovery metadata
>    -
>
>    delegated authorization semantics for agents
>
> This seems highly adjacent to:
>
>    -
>
>    FedID discussions around federated assertions and browser mediation
>    -
>
>    VC/DID work on portable cryptographic identity
>    -
>
>    emerging “agent identity” and “agent authorization” efforts across
>    OpenID, DIF, and IETF communities
>
> One particularly interesting aspect is the use of discoverable metadata
> (“auth.md”) as a capability advertisement layer for agent onboarding and
> authorization.
>
> I suspect we are beginning to see a broader standards gap emerge between:
>
>    -
>
>    “users using software”
>    and
>    -
>
>    “software acting autonomously under delegated authority”
>
> Questions I think may be worth discussing:
>
>    -
>
>    Are OAuth/OIDC extensions sufficient for agent-native delegation?
>    -
>
>    Should agent identity be modeled independently from user identity?
>    -
>
>    What role should VC/DID infrastructure play in portable agent trust?
>    -
>
>    How should revocation and policy constraints operate for long-lived
>    autonomous agents?
>    -
>
>    Do we need standardized discovery metadata for agent authorization
>    capabilities?
>
> Relevant references:
>
>    -
>
>    https://workos.com/auth-md
>    -
>
>    https://workos.com/blog/agent-registration-with-auth-md
>    -
>
>    https://www.w3.org/groups/wg/fedid/
>    -
>
>    https://www.w3.org/community/credentials/
>
> Curious whether others see this as:
>
>    -
>
>    an implementation detail,
>    -
>
>    an OAuth extension opportunity,
>    or
>    -
>
>    the beginning of a broader agent identity/authz standardization
>    problem.
>
>
>

Received on Monday, 25 May 2026 14:28:06 UTC