[MINUTES] CCG Atlantic Weekly 2025-10-21 from meetings@w3c-ccg.org on 2025-10-21 (public-credentials@w3.org from October 2025)

From: <meetings@w3c-ccg.org>
Date: Tue, 21 Oct 2025 18:12:39 -0400
To: public-credentials@w3.org
Message-ID: <CA+ChqYepVB8UcNipDfZ5-C3mHvh9oBbhz0A-qJ_DMtTHN=ajGQ@mail.gmail.com>
Meeting Summary: CCG Atlantic Weekly - 2025/10/21

*Topics Covered:*

   - Introduction to Agency: Infrastructure for Internet of Agents
   - Agency's approach to identity for agents and tools.
   - Agency's relationship to W3C standards and decentralized identities.
   - Technical details of Agency's Identity Service and architecture.
   - Tool-Based Access Control (TBAC) in Agency.
   - Collaboration opportunities with W3C Community Groups.

*Key Points:*

   - *Agency Overview:* Marcelo Yannuzzi, Jean-Andrei DIACONU, and Herve
   Muyal presented Agency, an infrastructure for the internet of agents,
   focusing on identity, role-based, task-based access control.
   - *Decentralized Identity:* Agency aims to provide open, collision-free,
   and verifiable identities, taking inspiration from W3C standards,
   particularly for verifiable credentials.
   - *DID Methods and Future:* Discussion on the evolution of DID methods
   within Agency, with a focus on potential collaboration with W3C's DID
   working groups and the development of a DID method.
   - *TBAC:* Agency's unique approach to access control, called TBAC, was
   explained.
   - *Collaboration:* A call for collaboration was made, with an email
   exchange proposed to identify common interests.

Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-10-21.md

Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-atlantic-weekly-2025-10-21.mp4
*CCG Atlantic Weekly - 2025/10/21 11:58 EDT - Transcript* *Attendees*

Alex Higuera, Benjamin Young, Fireflies.ai Notetaker Ivan, Greg Bernstein,
Harrison Tang, Herve Muyal, Hiroyuki Sano, Jean-Andrei DIACONU, Jennie
Meier, Leo Sorokin, Lucy (Qixue) Yang, Manu Sporny, Marcelo Yannuzzi,
Michael Herman (Bindloss, Alberta), Parth Bhatt, Rob Padula, Ted Thibodeau
Jr, Vanessa Xu, Will Abramson
*Transcript*

Marcelo Yannuzzi: Hello. Welcome.

Harrison Tang: Hey, Masala. Hey, Jean.

Jean-Andrei DIACONU: Hello son.

Harrison Tang: Hey guys. Thank you for taking the time to join us today.

Jean-Andrei DIACONU: Thank you for the invitation. We cannot hear you.

Harrison Tang: stuff. And now portion

Jean-Andrei DIACONU: I think. Yes.

Manu Sporny: Yeah, Harrison, your audio was dropping in and out. We could
hear you every now and then, but not all the

Harrison Tang: Hello. Can you guys hear me? Okay. Great.

Manu Sporny: Yep.

Harrison Tang: Thank All So, we'll start in about a minute and then I'll go
through some administrative stuff and then the Gina Masalo I'll cue you
around 9:07.

Harrison Tang: All right, we'll start right away and we'll let other people
scroll in. but welcome everyone to this week's W3C CCV call. So today we're
very excited to have Marcelo Jean here to actually present and talk about
their data initiative called agency basically an infrastructure for the
internet agents. but before then just want to quickly go over some
administrative matters. So first of all just a quick reminder on the code
of ethics and the professional conduct.

Harrison Tang: just want to make sure that we hold constructive and
respectful conversations here. a quick note about the intellectual
property. Anyone participate in these calls. however, all substitive
contributions to any CCG work items must be member CCG with full IPR
agreement signed. if you have any questions in regards to getting a W3C
account or the W3C community contributor license agreement please feel free
to reach out to any of the culture. these calls are automatically recorded
and transcribed and we will send it out automatically in the next few
hours. All right. Just want to take a quick moment for the introductions
and reintroductions.

Harrison Tang: If you're new to the community or you haven't been active
and want to engage, please feel free to just, unmute. All right.
announcements and remind Any new announcements reminders? I think this week
is the IW. So, I guess some people probably couldn't get 10 because today
is the first day of I just realized that All Any updates to the work items?

Harrison Tang: Money, please.

Manu Sporny: Yeah,…

Manu Sporny: just a couple of updates. we have so the verifiable credential
working group has adopted two more work items from this group. The re
confidence method. those are being published as official standards to track
documents as first public working drafts. I think next week we are now
regularly meeting to move those specifications forward Wednesdays at 11
a.m. which is the same time as the verifiable credential working group
meeting. It was also the same time as our We have moved the incubation
meeting to Thursdays at 10:00 a.m. Eastern to try and accommodate that.
We've just got so many standards calls happening we had to shuffle some
things around.
00:05:00

Manu Sporny: So that new schedule will take effect after this week. as
Harrison mentioned, internet identity workshops happening right now, which
is where a lot of our folks are currently. the other thing to mention is
that we're working on a new charter for the verifiable credential working
group to bring in even more work items from this group. we discussed those
at the incubation meetings. but just a heads up that I'm going to try to
put together a draft for the charter there. and then finally a reminder
that the W3C technical plenary happens in 3 weeks in Coobe Japan. a number
of us will be meeting there.

Manu Sporny: usually it's always less well attended than the US and EU
meetings but we hope to get some good participation from folks in AsPacific
region in Coobe Japan. that's it for me.

Harrison Tang: Thanks man.

Will Abramson: Yeah, thanks I actually just wanted to mention something
that Pierre just mentioned to me a couple of hours ago just to suggest or
propose. He was exploring, he was saying this group CCG produces a lot of
work items that end up getting adopted as working group rec track
documents. And one thing someone suggested to him, part of the staff was
maybe we could explore using the IPR bot in our repos. I don't need an
answer for this today, but we should think about it. And Pier, just the
initial conversation, he's going to be away for two weeks. Maybe we can
talk about it at TAC as well. But maybe that's useful. It might help this
process be a bit more streamlined. I don't know.

Harrison Tang: Any action items that

Will Abramson: No. I just think about it. I don't really know all what is
involved, but I particularly interested to hear from you, man, if that's
something that you think is worthwhile since you're very involved.

Manu Sporny: Yeah, I don't think it would be difficult to set it up. the
IPR bot just makes sure that any commit to any repository we have has a
promise from the individual committing that they're granting basically us
W3C a license to use their content. It just makes it really clean from the
very beginning. Usually we cover that when we do a final community group
specification publication. I will go through every single person that
committed to the repo, check to see if what they contributed was
substantive, and if it was, I will contact them and tell them that you need
to sign the IPR agreement. most people do it, so we don't typically have an
issue, but it's nice to just do it as we go versus having the editors do it
at the last stage.

Will Abramson: Okay, cool.

Harrison Tang: Any other work item related stuff? Last calls for
introductions, announcements, reminders, work items. All right, let's get
to the main agenda. So today very excited here to have Marcelo, Jean and
Herb here to talk about and be the discussions on agency the infrastructure
for the internet of agents.

Harrison Tang: obviously aentic AI is one of the hottest thing in maybe
even 2024 2025 and I think the problem of identities in regards to agents
it's actually a very important one actually just sharing from my personal
experience we're trying to build some aentic AI at Spokio and I think we
encounter some challenges not challenges but we have to deal with
authorization

Harrison Tang: ations in regards to what tools agents can call and what
tools they cannot call right so permissions authorizations and then also
identifying who the agents are I think that's a very important problem and
issues as we try to automate and build AI agents to automate our workflow
so very excited about this topic and again thanks for Dean Marcelo Herve
for spending your time to come here and lead this discussion. the floor is
yours and if you don't mind just a quick introductions about yourself,…
00:10:00

Harrison Tang: that would be amazing. Thanks. Yes.

Marcelo Yannuzzi: Perfect. Harrison,…

Marcelo Yannuzzi: just to manage the time, how much time do we have is for
the rest 50, minutes or, what do you want to do?

Harrison Tang: And then It would be great…

Marcelo Yannuzzi: Okay. Yeah.

Harrison Tang: if we could leave the last five to 10 minutes for questions.
That would be great. Yeah. Mhm.

Marcelo Yannuzzi: And we can make it interactive during we're going to show
a little bit not only the main elements of what we're building but also the
repos access to demos and so on so forth so we can make it interactive so a
quick intro my name is Marello Yanutzi I'm based in Switzerland I'm a
principal engineer working for Cisco the three of us are part of the
innovation arm of Cisco

Marcelo Yannuzzi: the name is basically think about outshift as everything
that is innovation that is not organically developed by the different or
existing business units. We usually look at much more risky investments in
terms of technology understanding the impact for the company the risking
technology some of us we build a lot of IT patents prototypes and we also
land some of these initiatives internally in the business groups agencies
is our first very large source initiative

Marcelo Yannuzzi: And we will describe in a few minutes what agencies
about. Jean, do you want to go next?

Jean-Andrei DIACONU: Yeah, So, hello everyone. So, I'm part of the team in
Switzerland together with Mas and also in the call. I'm the software lead
working on different agency components. one of them being the identity
service and we also have the identity node that we will show to you today.

Jean-Andrei DIACONU: And nice to meet you all and thank you for the
invitation. Want to go next?

Herve Muyal: Yeah, I'm also part of outshift part of the engineering team
with Ron Marcelo and…

Herve Muyal: feel free to interact with us while we present if you have any
question and so on. We let's make it completely interactive. It's usually
more fun.

Marcelo Yannuzzi: Perfect. So, I don't show the window. let me see.

Harrison Tang: Yes.

Marcelo Yannuzzi: Can you see my screen? It generated a little bit of
chaos. Can you see my screen?

Herve Muyal: Yeah. Yeah. We see your Google Meet screen. Yeah, I don't see
presentation.

Marcelo Yannuzzi: No, but the presentation.

Herve Muyal: No. Yeah,…

Marcelo Yannuzzi: Let me just stop the sharing. Wow, it really went Stop
sharing. Let me Share the screen. Okay.

Marcelo Yannuzzi: Can you see my screen?

Harrison Tang: Yep. Perfect.

Herve Muyal: we see the slide.

Marcelo Yannuzzi: Okay, perfect. So we will try to provide a high level
view what agency is about how we're building this infrastructure for what
we call the internet of agents and especially a look or we would try to
look at things from the angle of identity role based taskbased access
control and a few other things that we have been doing especially

Marcelo Yannuzzi: in the context of some of the new capabilities we're
introducing with tools/task and in the future transaction level base access
control for identic applications agency is more than just identity there
are other initiatives within the open source collective that they are
dealing with things like new protocols new optimized popsup systems for

Marcelo Yannuzzi: or popsup protocols for agentic applications involving
tools and agent to aagent communications. we have specific work that we
have been carrying out with involving A2A protocol. We also have a track on
observability and eval for agents. We also have a dedicated application for
testing and demo purposes which is called the coffee agency. So there's
much more than just the identity part. Today we're going to be mainly
focused on the identity part and the touching points with deeds and W3C the
work that you guys have been leading for years and let's make it completely
interactive.
00:15:00

Marcelo Yannuzzi: so agency has recently been donated to the Linux
Foundation. the technical security committee is basically Cisco, Google
Cloud, Dell, Redhead and Oracle. We have more than 70 plus organizations
that are members and contributors and the list is growing basically on a
weekly basis I would say. you can see them there. So main links to agency
to everything that has to do with verifiable identities and the initial
thoughts about identity.

Marcelo Yannuzzi: And as Jean was mentioning at the beginning, we started
with a first release of an identity node and a few capabilities that we
will talk about and now in the last few months we advanced both with first
an entire identity service with a software as a service solution hosted by
outshift by Cisco and powered by agency. And last month we actually turned
that entire SAS into an open-source release that during September it was
made available to the entire community and I will be talking about the
details on that. also you have the links here for the different working
groups that we have.

Marcelo Yannuzzi: As I mentioned, it's basically the core working group.
Everything that has to do with protocols with agent directory and a few
other elements that you can see in way more detail directly in our website.
We have one on observal. We have the identity working group which the team
here is basically leading and there will be another one it's in the process
of finalizing I think it will be ready this week if it is not ready yet
about the demo app that I mentioned before the coffee agency with regards
to the approach when we started with agency it was quite clear at the

Marcelo Yannuzzi: beginning that there was not going to be u a single
identity or a single approach that will one sizefits-all. That was quite of
an impossible task. And in fact what we observed is that several companies
what they wanted was to have identities for agents and identities for tools
treated very much like they treated they treat today blue badges red badges
in their own companies. and it was a strong demand to actually bring
traditional IDPs into the mix. At the same time, we saw a lot of demand for
making things decentralized, not really depending on any specific
centralized authority for providing identities for agents and the
collateral with tools and so on and so forth.

Marcelo Yannuzzi: So the three main premises that we adopted was they were
basically open collision free and veri the majority of the identities that
we're providing at this stage they are related to agents and MCP servers
but as part of seration initiatives that are going on we are also enabling
the capability of having what we call mass so multi- aent app systems and
each of them having a unique identifier.

Marcelo Yannuzzi: the other thing that was quite important is to have
verifiable credentials and on that topic specifically we talk we took a lot
of inspiration from W3C and you will see in a minute that we support in
fact decentralized identities even though we don't have a fully
decentralized setup yet. but I would say that the majority of the things
that we have been doing are at least from the mentality they are future
proof for deeds. in terms of the verifiable credentials and Jean will walk
you through the details what we have is what I call identity badges and
those identity badges they apply as I mentioned before to agents MCP
servers or multi- aent systems.
00:20:00

Marcelo Yannuzzi: in terms of how did we actually approach the whole thing
it was a mix of conventions and standards. So in terms of conventions we
adopted both identities provided by traditional IDPs and as you will see we
have today integration with octa duo ori and we're in the process of
integrating key clock and we have Microsoft entra in road mapap and we also
have the possibility and Jean will talk about that automatically on board
if you

Marcelo Yannuzzi: have your agent cards at the A2A in well-known URLs, we
can actually take that out and in a fully automated way generate those
badges and verify our credentials for you as part of either of the SAS that
we have that is hosted and maintained by Cisco for the moment powered by
agency or even in the full source release that you can take the code and
start building on top of it. in addition to that we have this W3C
decentralized identities. we have not only deeds but we took a lot of the
design and the methodology around resolvable metadata deep documents and so
on and so forth.

Marcelo Yannuzzi: what we don't have is a sort of distributed ledger or the
decentralized network that enables that capability. initially in agency we
had two parallel programs. One another one was everything that has to do
with identity. we're finalizing the integration between directory and
identity. directory itself is completely distributed.

Marcelo Yannuzzi: behind the scenes we have Cademia and EHTs for making
enabling lookups of different agents at scale and even the possibility to
have connectivity between different agent directories provided by different
entities and I think that if that those capabilities start to roll out and
becoming more widely adopted then there's an interesting possib possibility
to also turn those hosting environments for these directories into identity
nodes that can interplay in a fully decentralized way.

Marcelo Yannuzzi: But just to make sure that everybody understands today
the identity services that we have you can build your own decentralized
network and have that already develop and managed by you in the way you
want by taking the source release that mimic the SAS that we had before or
if you go for the SAS just as a reference implementation and trying to gain
some insights about the art of the possible. For the moment, this is
centralized. I pause here for Any questions before we move into more
details?

Manu Sporny: Yeah, Marcel, this is all wonderful, fantastic stuff. So, when
this announcement first came out to the mailing list, I was really
interested in the work that you were doing and spend a lot of time looking
at your documentation. really neat stuff. and I can already see there are
number of overlaps between work that's happening in other market verticals,
retail, banking, finance, individual identity. I've got some thoughts on so
there are questions around the DID method which one's being used now and
then into the future and I think I'm most interested in finding out from
you is how can we collaborate on this?

Manu Sporny: So what you're building has not total overlap but 60% overlap
with some other projects that we're seeing and I think it would be
beneficial to both to work together and so we're really interested in
trying to figure out how to do that. I guess the core question though is
how do you see the did method evolving over time? So for example to me it
seems like maybe it would be helpful for you to start with did web there is
a who is mechanism that looks like the wellout known identifiers thing that
you're doing here and then eventually transitioning into your cadmia DHT
based DID method and then maybe supporting other DID methods.
00:25:00

Manu Sporny: What's the strategy around how do you see this thing evolving
from what you have today to the DI methods you'd want to use in the future?

Marcelo Yannuzzi: very very good question.

Marcelo Yannuzzi: In fact I would say that I would stage this into two
parts. the beginning we started with u very basic did methods and John will
walk you through what we have today especially for those that are not
familiar with the rep or didn't look at the details so far but I think the
most interesting part is what comes next which is we really would like to
build a leazison between the identity working group and W3C so we can
actually understand

Marcelo Yannuzzi: and cross-pollinate which methods might be a better fit
for some of the use cases that we are seeing and among the things that I
will show you is we have several sub several tracks within the identity
working group and some of those are looking at things like your agent DCRS
they're looking at how do you actually transfer context of different users
in a multi- aent environment or stages where an agent might be invoking
another agent and so on and so forth. we're also having discussions with
octa about cross app and their capabilities that are in draft state today.

Marcelo Yannuzzi: So I see a lot of opportunity but I think what we
probably need to do is try to think about a potentially zone between the
different activities and start with concrete use cases because right now I
would say that we are very open about the potential methods that could be
used and we do not have strong feelings about a specific direction in terms
of deeds as of today.

Manu Sporny: That's very helpful. Thank so the great news is one of the
chairs of the didd working group is here. That's Will Abramson on the call
today. I think maybe some of the other chairs are here. So that's good. I
think that would be wonderful to have that coboration. two thoughts on
that. One of them is we're getting ready to launch a standards track did
methods working group where we will create global standards around a
specific set of DID methods and your requirements I think are really
important to feed into that process so that when we get done you have a DID
method that actually meets your future needs right that would be the ideal
so I think collaboration around that would be wonderful the other thing
that I did not

Manu Sporny: So that's The second thing is the thing I didn't see on this
list is some of the work that we've been doing with DIDs and VCs have to do
with an delegating authorization to a secondary agent where the original
person that delegated might not know about the downstream delegations that
need to happen. We are working on a technology called authorization
capabilities. it's part of the object capabilities work that seems like it
might be useful.

Marcelo Yannuzzi: Nice. Yeah.

Manu Sporny: I don't know, there would be a lot more discussion that would
need to happen. but there's kind of a cryptographic delegated authority use
case in here that I'm kind of hearing you potentially hint at that I wanted
to make sure was on your radar, right? is that in scope for the work that
you're doing beyond identity?

Marcelo Yannuzzi: spot on two things that are important.

Marcelo Yannuzzi: regarding your first comment agency per se is not a
standardization body and I don't think I'm also part of the technical
steering committee I don't think that we're going to go there actually what
we want is to work with different standardization groups to actually push
for what it will be needed and for instance in the next session which is
going to be on Thursday we're going to have people from tales that are
really trying and other companies that are trying to bring this common
vision about UBA requirements use cases and what will be needed as I would
say food thought for standardization bodies.

Marcelo Yannuzzi: So on the first topic fully aligned that it will be great
to start providing inputs to standardization bodies like those in W3C that
can actually take into account the things that we are seeing and providing
also some recommendations for potential specs but not at the level that you
guys have usually work. That is number two, we have been doing a lot of
work around delegated authorization but much more oriented to delegated
authorization with traditional centralized IDPs. So everything that is OIDC
or 2.0.1
00:30:00

Marcelo Yannuzzi: 0.1 Jean has implemented a lot of the stuff that is today
part of taskbased access control and how do you actually exchange those
tokens as part of delegated authorizations and without a human in the loop
but we have not done anything in the space of deeds regarding decentralized
delegated authorization. So it will be very interesting to get potential
hints about direction recommendations on how we should thought about that
in the context of deeds because yes we are it's definitely part of the
charter but so far the only things that we have done in the context of
delegated authorization are much more related to what will be the changes
required for instance for O2 or what type of metadata should be carried to
solve

Marcelo Yannuzzi: some of the problems and octa is actively working on
additional elements of metadata additional talking like ID jacks involving
crossup but will be really good to do this in the context of deeds any
other questions Okay.

Harrison Tang: Let's continue. Yeah.

Marcelo Yannuzzi: So cons considering the time that we have I will speed a
little bit. So here you have direct links both to our SAS the top one here
is the one that I mentioned before and this one you can go there you can
register yourself start using the capabilities offered by our SAS.

Marcelo Yannuzzi: This as I mentioned before is hosted by Cisco by Outshift
and the same capabilities that you have in the SAS you have it available so
you can kickstart your own program with the same capabilities as part of
the source collective and here you have the link to actually get access to
everything including also the good documentation that we have there around
identity service. So what can you do here? then you can start registering
your own IDPS you can bring your own IDP as part of the services that we
offer. You can start registering MCP servers. In terms of agents we support
two types of specs. I will describe that in a moment. you can start
publishing searching and verifying identity badges.

Marcelo Yannuzzi: You can also onboard your own devices for multiffactor
authentication and that will enable what we call typically tback and
without human in the loop. Today we have a reference implementation both in
the SAS and the OSS that is quite elementary…

Marcelo Yannuzzi: but it start Yeah.

Herve Muyal: Marlo,…

Herve Muyal: sorry to interrupt. Are you sharing something?

Marcelo Yannuzzi: Yeah. I am supposed to be sharing my screen.

Herve Muyal: Because we completely lost your screen.

Marcelo Yannuzzi: That's really No,…

Herve Muyal: Maybe when you switch from the slides I guess to the browser
or No. Yeah.

Marcelo Yannuzzi: I didn't touch anything. You see why we need to use WebEx
Allow to share the screen. Very strange. So let's go back.

Harrison Tang: We can reshare it. Yep.

Marcelo Yannuzzi: Can you see the screen?

Herve Muyal: Yeah. It's back.

Marcelo Yannuzzi: very strange I didn't touch anything.

Marcelo Yannuzzi: Anyways, so what I thank you for that one. I will share
the slides afterwards so you have access to everything. and here you can
see of the main features of the SAS that I mentioned before. You have also
available in the open source. And today when it comes to more granular
controls and what we typically call tac the granularity is at the level of
tool per MCP server and we're actively working to actually go much deeper
into that granularity and go into taskbased access control at transaction
level in the future and as I mentioned before with and without human
approval.
00:35:00

Marcelo Yannuzzi: there is a demo application that you can actually use.
and this applies both to the SAS or the open source. Typically what you
will get is there is a financial assistant the chat user interface that is
linked to an agent. this is what we call an agency spec. It uses OA SF
which is the type of data model and the type of agent specification that we
developed as part of agency.

Marcelo Yannuzzi: We also support agents using A2A and there is an MCP
server and Jean will talk about how do we typically see the possibility to
create verifiable budgets and for those MCP servers and also how actually
from a spec on board in the SAS or the open source reference implementation
automatically infer the different tools that are aail available and
automatically render those tools and make it available as part of the
service so that you can start defining policy for those specific tools and
defining access controls. we will walk you a little bit through that.

Marcelo Yannuzzi: as mentioned before today we have support for dua and AI
as well as decentralized identities provided through agency and we are
going to integrate also kicklo in the near future and Microsoft and the
typical you will see in a moment we have very detailed demos that you can
watch with voice over that actually provide multiple different
configurations and capabilities to start testing tabback in the context of
this implementation. And here you have the link in fact this is a almost 18
minute video in YouTube. It is quite detailed. It has several sections.

Marcelo Yannuzzi: It shows you on board and connect your IDP, how to start
registering your identic services including agents and MCP servers. how to
start playing with a financial assistant that has two agents and one MCP
server. it shows also the developer experience including cases where you
might not have an MCP server or an agent that is deployed online and it's
accessible via local host that is also covered as part of the demo. Then
how to start defining policy and on boarding mobile devices for MFA and
then start playing with TBACK in action.

Marcelo Yannuzzi: this is not for seale type of profiles. This is for
developers and identity and access management practitioners. but it's quite
detailed and it shows how to actually get kick started with the entire
service. ideal to go watch then register an account and start playing with
a SAS. if you like it then you can actually go to the open-source
collective and get the software. In terms of the different tracks that we
have as I mentioned before as part of the identity working group we have
several swim lens or subgroups. We have one subgroup that is dealing with
dynamic client registration and know your agent.

Marcelo Yannuzzi: and there are several things that are going on there with
let's say from not so dynamic environments up to fully dynamic environments
and for instance Skyfire Cisco and a few others are involved in that
initiative. We also have tracks around context transfer in that context
transfer that we are particularly involved and there will be more
contributions to the open source from our side and other and other
potential partners in crime here. in that one is where we're looking at
very specific elements of delegated authorizations using claims may act on
behalf of but as I mentioned before everything in the context of more
traditional oath rather than what W3C is conducting.

Marcelo Yannuzzi: So very interested in actually looking at what W3C would
recommend here. cross app multiffactor and several other things. we have
members including Cisco, Dell and others that are actively looking at
potential zones with different groups including other initiatives within
W3C and as part of the technical steering committee. we have people for
instance from Google and Cisco that are both part of A2A and agency and we
are starting to define which are the things that might be pollinating
between the two different initiatives. I think with that if you have any
questions we pause here or I pass the talking to Jean
00:40:00

Harrison Tang: There's a question in the chat do you mind actually clarify
what Tback is and then how is it different from a back rback and…

Harrison Tang: can it be used in combination with a back rback? Yeah.

Marcelo Yannuzzi: Yeah, exactly.

Marcelo Yannuzzi: If you think about it, so rolebased access control in
very simple terms could be seen as a subgroup of Aback attribute-based
access control where the only attribute that you're using is a role. Then
attribute-based access control can be seen as a subgroup of something that
can be more complex which is reback relationship based access control where
the relationships might be entirely based on attributes but of course you
can have relationships that go beyond attributes.

Marcelo Yannuzzi: what we have seen is that typically with rebback those
policies as they can start be becoming quite wild especially for instance
in eback the number of boolean combinations that you may have can become
quite brutal for large companies and also the disse I would say the
disconnect that exists between intense So when you have a workflow agent
that complete might be completely headless and it might be entirely
programmed without a human in the loop or when you have a chat interface
that might interact with an agent and you have human agent interactions at
the end of the day there is an intention that is what the agent should be
doing.

Marcelo Yannuzzi: Then when you go with traditional oc workflows at the end
of the day there is a certain exchange and the agent might require access
to certain tools and when you require access to certain tools there might
be certain scopes defined and there will be a request to access certain
scopes. there is a real disconnect between those two intents. the intent of
what a human might be or a programmer might be asking an agent to do. That
is one intent and the second space of intent is what the agent is asking in
terms of scopes and those two things are completely disconnected today in
industry.

Marcelo Yannuzzi: So TACK is the first attempt to try to bridge this
disconnect in terms of intents and try to add additional metadata that can
reach an outserver so that the out server can actually perform semantic
inspection and start understanding the potential connect between the
original intent and the intent convey as part of the scope requests. so
today we are doing in the reference implementation what we have is
toolbased access control. So the granularity of the controls that you have
is at the tool level and if we think about the sets that I mentioned before
airbback aback and rebback then Tback is actually a set that overlaps with
the three of them but does not contain any of them.

Marcelo Yannuzzi: So TBC is a new approach and for the moment as I
mentioned before it's at the granularity of tool but we plan to go much
deeper into task multitask transactions and so on and so forth. That's
10,000 foot level view of what we're doing.

Harrison Tang: Got it.

Marcelo Yannuzzi: Any other questions?

Harrison Tang: And just to clarify, I think attri attribute based access
control and role based access control. A lot of times we're talking about
which user can have what permission right to what resources.

Harrison Tang: So for the toolbased access control is just about which
agents can access to Is that what it is? Or conceptually? Yeah.
00:45:00

Marcelo Yannuzzi: So in ro attribute relationship there is a lot of
emphasis in the principle and…

Marcelo Yannuzzi: in taskbased access control it's really centered on the
task that is being requested right here right now even with things like one

Marcelo Yannuzzi: time access and that's so the role of that principle
might not be that relevant depending on the use case but of course you can
combine traditional airbag with aback rebback and of course elements of
tback but then the complexity of the policies might be quite high. so
they're not incompatible and…

Harrison Tang: No. Okay.

Marcelo Yannuzzi: they can be implemented in a win scenario.

Marcelo Yannuzzi: John, do you want to show

Ted Thibodeau Jr: Before we jump into that,…

Ted Thibodeau Jr: raised my hand a minute ago. just to be clear, this is
not actually the first effort in this direction. open links rulebook and
request broker technologies in use for decades in our data access and more
recently within virtuoso our flagship product incorporate the application
which is making a connection and the IP address that from which the request
is being made as well as traditional username and password and other
factors in evaluating

Ted Thibodeau Jr: what is allowed. For instance, a given client using
Microsoft Access might be only given 50 rows of any result set because
they're in the sales department and they're expected to jump ship at some
point and we don't want them to take the entire thousands of contacts from
the corporate database into their own personal world.

Ted Thibodeau Jr: Just an example.

Marcelo Yannuzzi: Yeah. it's a good point.

Marcelo Yannuzzi: As far as I understand the majority of this initiatives
what they really lack is two main elements. One is how do you actually
carry in a standardized way additional metadata so that the original intent
actually reaches the out server. And the second one is how do you actually
start empowering this new breed of outs servers with genai capabilities so
that they can actually start understanding semantically speaking the
objective of the task and being able to match that with specific predefined
scopes.

Marcelo Yannuzzi: So that is a complex research area and I have not seen
commercial products at that level yet. the majority of them they end up
dissecting these things into a number of attributes but not really into
that semantic layer but we can take that offline pedals.

Jean-Andrei DIACONU: I guess you can see my screen. so just basically I
will show you the components that we have today in agency and I know that
now we are discussing the Tback and toolbased access control. I will get
there with our SAS and the Tback layer. But just to start at the beginning
so when we created agency one of the things that we wanted to solve first
was agent identity and we were discussing mostly pre-eployment time so not
at runtime but the idea was together with the directory to have a nice way
to provide identities to agents and MCP servers and what we did is actually
we combined IDP so identity providers like octa duo ori that are typically
available in companies

Jean-Andrei DIACONU: in enterprise environment with the badges that Marcelo
presented before and here we took inspiration from W3C verifiable
credential deeds. So thank you for all this work that helped us to reach
this stage. just to present the repository. So the first one is identity
and actually what we created here was and is actually because this is used
in the identity service. I will explain that as well. is where we based on
standards like client credentials and using clients and identity what we
call identity nodes we create the badges and badges being verifiable
credentials.

Jean-Andrei DIACONU: So obviously the issuers of the badges are the
identity providers themselves and basically we combine the client
credentials flow in or with VCs to create this identity CLI and node that
are available in this repository. we have documentation, we have ways to
deploy it. So here there is no user context, there is no users, it's
actually just a CLI connected to an identity node with the idea that at
some point we would actually have a decentralized approach where we'll have
multiple identity nodes and basically some ledger that can help with that.
For the moment it's just simple implementation like a CLI identity node
that works standalone. And here of course the deeds and the methods are
mostly web known exactly what you said before.
00:50:00

Jean-Andrei DIACONU: So this was the initial step. So because we have lots
of components I will just share with you also the documentation. So here we
provide different examples of a fiber credentials for server badges. we
explain how we connect to identity providers and finally we have
implementation of the node and API endpoints. it's things that look very
familiar to you like the VC service where we can publish revoke etc. issuer
service with wellknowns where we can actually link the badges to issuers
and then ways to generate the identifiers and this is actually based on the
identity provider. So B what we do here is actually we take a proof and the
proof comes from the ADP.

Jean-Andrei DIACONU: So it's usually in the form of client credential token
issued component that comes here to actually first generate the issuer but
then secondly generate badges and ids. So this component is actually the
foundation of the next component which is the identity service. So what we
did there is that we automatized a bit the clients. So now the identity
service and the repository is actually here. so the identity service
becomes a SAS. We have a back end and behind the scenes we still use the
identity node. the back end now becomes a client for the node and we
actually provide u easy ways for people to onboard IDPS.

Jean-Andrei DIACONU: And when I say onboard is actually through APIs for
octad or we are working today as you saw in the working groups to add ID
metadata dynamic client registrations to make it even more standardly
available for the moment we support kloe do and octa and also agency ownsh
which is based based n presented before and the identity service itself
actually acts as a client to that node, it onboards The IDP becomes the
issuer. So when I say issuer, it's actually the tenant in the IDP. So
usually it's something like some ID octa.com or dual.com. So it's exactly
let's say the tenant domain of the IDP in a specific company. So in a
tenant you can have only one. It's unique per node of course.

Jean-Andrei DIACONU: And then what we do is we create a services and I can
show you the SAS a bit so you can see how it looks. and you can check that
So in the demo we show end to end how we onboard the issuer issue the
badges of the agentic services and finally we show the runtime with
policies and tbac just to come back to this. so these are the three that we
use So in the repo you will find this sample that is composed of two agents
and one MCP server and we explain a bit how you deploy it how you onboard
it in the platform and how you even explain back just to come back to this
one. if I show you for example and maybe let's take an MCP server because
it's a bit interesting. So you see so at the end of the day what we do is
we create an identity using the IDP.

Jean-Andrei DIACONU: So here is the IDP. so this is actually unique in the
ADP. It's a client ID that is created automatically by the platform and
then when you issue a badge and here something that looks familiar to you.
We are using the issuer which is the tenant IDP in the badge. we have the
ID of the agent that is part of the badge and then depending on the schema
that we use and the MCP is actually part of the tools and we use the tools
and the resources contain something that we can use use cases for example
sometimes verifying a badge before connecting to an MCP server and before
an agent connects to an MCP server and so on.

Jean-Andrei DIACONU: and of course we have different representation of the
badge. We have the ros we can see the claims in a nice way and of course
anyone can come to the platform and verify specific identity to check that
this badge is not revoked and it's still active. yeah so once you actually
onboard the badges on board the agents and issue the badges then you are
ready to for the next step which is actually the runtime and here we use
the tback that Marcelo explained before. So what you need to do is actually
define policies. so for example in the previous example we have different
flows if you check also the demo you will see that we control some of the
flows between those agents and the MCP server and what we actually define
let me take this one because it has more rules.
00:55:00

Jean-Andrei DIACONU: For example, the financial assistant can invoke the
currency exchange MCP server and basically we can choose the tools and
allow the tools that are allowed for these exchanges without human in the
loop. So basically when we use human in the loop we have the possibility to
onboard devices and have notifications when the agent is trying to invoke
those tools or it can be also an agent invoking an agent. So in this case
we have a currency exchange agent which is actually doing the currency
exchange and this can be invoked by the financial assistant can ask a rate
but it cannot exchange itself because it's the currency exchange agent that
does a real grades of currency.

Jean-Andrei DIACONU: so yeah this is the type of policies that we can
define and of course when you have the policy definition part of it is
actually inherited from the badge. So if there's no badge for that service
we will not be seeing these tools here. So when the different services are
changing or updating then the patch needs to be reissue reissued and this
is something that we allow typically by nice APIs or integrated with the
directory which is let's say the part where we could see the agents and
have identities automatically and the identity service acts like the back
end for that directory.

Jean-Andrei DIACONU: in terms of documentation, we also have this portal
here where this is actually the SAS documentation where we explain how you
can connect an identity provider and we have guides for how you actually
create a genic services verifying creating policies and then finally the
same we have the open API clients and protobuffs that you can use and
generate SDKs for the platform. and it was open source I think two weeks
ago but it's also available deployed by agency in a SAS scenario where you
can create a tenant and experiment different things free and there's not
much time so if you have any questions I'm stopping here but we can still
take two minutes of questions

Harrison Tang: Any questions?

Manu Sporny: This was all really great. lots of questions, but I guess what
would be the best way to collaborate concretely? what's the next step?
Should it be an email to the list? Do you want to join the list meeting?
What do you think?

Marcelo Yannuzzi: Yeah, I think it could be birectional. So I think
probably we should have a followup discussion could be via email trying to
identify the things that we see as more relevant. Clearly the delegated
authorization part with deeds is one of them. I also posted a message in
the chat on things that we had this initial idea about the digs resolve the
metadata the badges but it will be great if some of you can try it out and
potentially provide recommendations of feedback about things that we should
consider or improve and then I think it's much more on the specific use
cases that we're seeing and the prioritization that we are observing in the
discussions within

Marcelo Yannuzzi: industry. So, yeah, I would say an email trying to say
maybe these are the lists of things that we see. you can provide feedback
about the list of things that you see and we can find common touching
points.

Manu Sporny: Sounds great. Thank

Harrison Tang: All right,…

Marcelo Yannuzzi: Thank you.

Harrison Tang: any last question? All right, so we're at time. So, Thank
you, Michelle, and…
01:00:00

Harrison Tang: thank you, John, and thank you, Herv, for coming on. And
this is fascinating. So, big thanks.

Marcelo Yannuzzi: Thank you.

Marcelo Yannuzzi: I'll share with you via email the deck.

Herve Muyal: Thanks everyone.

Jean-Andrei DIACONU: much.

Marcelo Yannuzzi: Thank you very much. Bye-bye.

Harrison Tang: Sounds good. Thanks a lot.

Herve Muyal: Bye everyone.
Meeting ended after 01:00:36 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 21 October 2025 22:12:48 UTC