Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents
Authors: Partha Madhira
Summary
This paper proposes a portable authorization standard for autonomous AI agents operating across organizational boundaries. The idea is that identity alone isn't enough—agents need explicit, auditable, revocable authority tokens that specify what they're allowed to do, with constraint algebra and fail-closed semantics. The model separates credential containers (like JWTs or Verifiable Credentials) from the authorization payload itself, enabling consistent enforcement across trust boundaries.
Main takeaways:
- Autonomous enterprise agents need more than identity; they need machine-readable authority scopes that other systems can audit and enforce without human oversight.
- Existing identity standards (OAuth, JWTs) don't cleanly express delegation, attenuation (narrowing permissions when passing authority along), or governed semantic resolution.
- The proposed model uses typed constraint algebra, decision-consistent evaluation, and fail-closed processing, meaning ambiguous or unverifiable requests are denied by default.
- Authority payloads are issuer-authored and portable across different credential formats (JWT, Verifiable Credentials, OAuth RAR).
- Use cases include insurance claims and supply chain, where agents negotiate outcomes and execute workflows across organizational boundaries.
Relevance
Not directly related to my persona/behavioral-installation work. This is about authorization and enterprise governance for agentic systems, not about how behaviors are installed or how personas shape model outputs. Only relevant if I ever need to reason about how persona-installed behaviors interact with external permission boundaries.
Threat model
Potential threat/caveat for clean result "Fine-tuning one persona on a two-marker chunk and another on the start marker plants the end marker at every donor answer's end, not chained to the start (LOW confidence)": this item discusses evaluation.
Abstract
arXiv:2605.11487v1 Announce Type: new Abstract: Enterprise AI is shifting from copilots to autonomous agents capable of executing workflows, negotiating outcomes, and making decisions with limited human oversight. As these systems extend across organizational boundaries, identity alone is insufficient: an agent's authority must also be explicit, constrained, auditable, revocable, and consistently interpretable by independent receivers. This paper analyzes representative enterprise use cases in insurance claims processing and supply chain integrity to surface structural gaps in existing identity and access models. It proposes a portable authorization model for autonomous agents based on issuer-authored authorization payloads, typed constraint algebra, decision-consistent evaluation semantics, delegation attenuation, governed semantic resolution, fail-closed processing, and pre-flight discovery. The model separates credential containers, authorization payload semantics, and enforcement engines, allowing profiles such as JWT/JWS, Verifiable Credentials, OAuth Rich Authorization Requests, or policy-engine bindings to preserve a common authorization meaning across trust boundaries.