Digital Identity for Agentic Systems: Toward a Portable Authorization Standard for Autonomous Agents
For enterprises deploying autonomous agents across organizational boundaries, this work addresses the need for explicit, auditable, and revocable authorization, but the proposal is conceptual without empirical validation.
The paper identifies gaps in current identity and access models for autonomous agents in enterprise settings, and proposes a portable authorization model with features like issuer-authored payloads and constraint algebra to ensure consistent authorization across trust boundaries.
Enterprise AI is shifting from copilots to autonomous agents capable of executing workflows, negotiating outcomes, and making decisions with limited human oversight. As these systems extend across organizational boundaries, identity alone is insufficient: an agent's authority must also be explicit, constrained, auditable, revocable, and consistently interpretable by independent receivers. This paper analyzes representative enterprise use cases in insurance claims processing and supply chain integrity to surface structural gaps in existing identity and access models. It proposes a portable authorization model for autonomous agents based on issuer-authored authorization payloads, typed constraint algebra, decision-consistent evaluation semantics, delegation attenuation, governed semantic resolution, fail-closed processing, and pre-flight discovery. The model separates credential containers, authorization payload semantics, and enforcement engines, allowing profiles such as JWT/JWS, Verifiable Credentials, OAuth Rich Authorization Requests, or policy-engine bindings to preserve a common authorization meaning across trust boundaries.