Dear Alex,
Thank you for this clear and well articulated article.
Why do you think agents need to be distinct from OAuth clients? And what does that mean in practical terms?
Will an agent work without an OAuth client? Or be identified as an actor alongside an OAuth client?
If we're talking about the identity of an agent to be unique and prove-able, a trust framework would be required, along the lines of confidential OAuth clients.
What if we were to keep the well established concept of OAuth clients as actors acting on behalf of themselves (client credentials grant) or using access delegated by a resource owner. And reuse the existing trust establishment: Clients can be pre-registered, dynamically registered using RFC7591 and in the future automatically registered through OpenID Federation on the fly establishment of trust.
And then the missing pieces of the puzzle could be supported thru:
- Adding client metadata to identify a client is an AI agent
- Preserving the auditable chain of events as requests traverse trust domains, thru a profile on top of OAuth Identity Chaining which preserves in tokens the full chain of delegation