— A weekly publication —
The OpenID Foundation published a whitepaper this week 1 outlining a proposed framework for AI agent identity and delegation — the mechanisms by which a human principal authorises an agent to act on their behalf in commercial transactions. The document proposes extending existing OpenID Connect and OAuth 2.0 flows with agent-specific scope types and delegation tokens.
The whitepaper does not define a formal specification; it presents design considerations and invites public comment. Key questions addressed include how an agent presents credentials to a merchant without exposing the underlying human principal’s identity, and how delegation scope is constrained to specific transaction types, merchants, or spending limits.
Agent identity has been a gap in the agentic commerce infrastructure published to date. Mastercard’s Agent Pay 2 and Stripe’s ACP Instant Checkout 3 each define payment-side flows but defer to downstream systems for agent authorisation. The OpenID proposal addresses the upstream identity layer that those payment systems require but do not specify.
Three bodies — Anthropic (MCP 4), Google (A2A and AP2), and now the OpenID Foundation — published identity-adjacent documents in 2025. No formal interoperability mapping between these frameworks existed as of this week; the whitepaper notes that gap explicitly.
AI Identity Management Community Group paper covers authentication, authorisation, and governance frameworks for autonomous AI agents using existing OAuth 2.0 infrastructure.
OpenID Foundation