Identity & Trust Working Group
Track: Keynote | Ref: 1.3
Overview
The Identity & Trust Working Group is the largest in the Agent AI Foundation with 150 members from 66 organizations. This session covered the core identity challenges facing MCP adoption and the emerging patterns for solving them.
Core Challenges
- Agent identity: How do you identify an autonomous agent versus a human user?
- Human-agent separation: Distinguishing actions taken by a person from actions delegated to an agent
- Cross-app trust: Establishing trust when agents communicate across organizational boundaries
- Multi-tenant auth: Supporting multiple tenants with distinct identity providers and permission models
"This is one of the biggest challenges we're facing right now — autonomous agents need to figure out how we're going to identify them."
OAuth 2.0 Integration
The working group has converged on OAuth 2.1 as the foundation for MCP authentication:
- OAuth 2.1 adoption as the baseline authentication protocol
- Client credentials flows for machine-to-machine agent authentication
- Transaction tokens for propagating identity context across service boundaries
Identity Assertion JWT
A key pattern emerging from the working group:
- App-to-app consent: Agents carry signed assertions proving delegated authority
- IT admin pre-authorization: Enterprise administrators can pre-approve agent access to specific resources, removing the need for per-request user consent
Multi-Tenant Patterns
| Pattern | Description |
|---|---|
| Per-user OAuth consent | Each user explicitly authorizes agent access to their resources |
| Service principal management | Agents operate under managed service identities |
| Federated identity | Cross-organization trust via federated identity providers |
Authentication Architecture
┌──────────────────────────┐
│ Enterprise Identity │
│ Provider (IdP) │
│ (Entra ID, Okta, etc.) │
└───────────┬──────────────┘
│ OAuth 2.1 / OIDC
▼
┌──────────────────────────┐
│ MCP Gateway │
│ (Token validation, │
│ scope enforcement, │
│ audit logging) │
└───────────┬──────────────┘
│ Authenticated context
▼
┌──────────────────────────┐
│ Agent Application │
│ (Identity Assertion JWT,│
│ delegated permissions) │
└──────────────────────────┘
Trust Model Evolution
The working group identified four stages of trust that the ecosystem must address:
- Human-to-App — Traditional user authentication (solved)
- Agent-to-App — Agent acts on behalf of a user with delegated credentials
- Agent-to-Agent — Autonomous agents authenticating to each other
- Cross-Organization — Trust spanning organizational boundaries and identity providers
Related Work
- Aaron Parecki (Okta) — Contributing OAuth expertise and spec alignment
- RFC 9728 — OAuth 2.0 Protected Resource Metadata, relevant to MCP resource server discovery
Key Takeaways
- Identity & Trust is the largest and most active working group (150 members, 66 orgs)
- OAuth 2.1 is the consensus foundation for MCP authentication
- Identity Assertion JWTs enable delegated agent authority with IT admin pre-authorization
- The trust model must evolve from human-to-app all the way to cross-organization agent trust
- Multi-tenant patterns are critical for enterprise adoption