



Network Working Group                                        B. W. Beyer
Internet-Draft                                               Independent
Intended status: Informational                              1 April 2026
Expires: 3 October 2026


  Problem Statement for Human-Anchored Agent Identity, Delegation, and
                               Provenance
            draft-beyer-agent-identity-problem-statement-00

Abstract

   Software agents now act on behalf of people across communication,
   automation, and decision-making contexts.  These agents increasingly
   initiate actions, delegate tasks, and interact with other agents
   without a clear, durable, or verifiable connection to the human who
   authorized them.  Existing identity systems authenticate software,
   but they do not provide a model for human anchoring, scoped
   delegation, or provenance across agent ecosystems.

   This document describes the problem space for human-anchored agent
   identity.  It outlines the gaps in current identity mechanisms, the
   risks created by uncontrolled replication and impersonation, and the
   need for a consistent architectural model that preserves human
   authority, supports explicit delegation, and maintains verifiable
   provenance across contexts.

   This document does not define a protocol.  It defines the problem
   that an architectural model must address in order to support safe,
   accountable, and interoperable agent ecosystems.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 3 October 2026.




Beyer                    Expires 3 October 2026                 [Page 1]

Internet-Draft      Agent Identity Problem Statement          April 2026


Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Problem Dimensions  . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Lack of Human Anchoring . . . . . . . . . . . . . . . . .   3
     2.2.  Unscoped or Implicit Delegation . . . . . . . . . . . . .   4
     2.3.  Uncontrolled Replication  . . . . . . . . . . . . . . . .   4
     2.4.  Loss of Provenance  . . . . . . . . . . . . . . . . . . .   4
     2.5.  Fragmented Interoperability . . . . . . . . . . . . . . .   4
     2.6.  Resulting Risks . . . . . . . . . . . . . . . . . . . . .   4
   3.  Current Limitations . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Identity Systems Do Not Bind Agents to Humans . . . . . .   5
     3.2.  Delegation Is Implicit, Local, or Application-Specific  .   5
     3.3.  Replication Lacks Lineage or Control  . . . . . . . . . .   5
     3.4.  Provenance Is Not Preserved Across Contexts . . . . . . .   5
     3.5.  Interoperability Is Fragmented  . . . . . . . . . . . . .   6
     3.6.  Security and Accountability Are Incomplete  . . . . . . .   6
   4.  Security and Privacy Considerations . . . . . . . . . . . . .   6
     4.1.  Impersonation and Misrepresentation . . . . . . . . . . .   6
     4.2.  Unauthorized Replication  . . . . . . . . . . . . . . . .   7
     4.3.  Loss of Provenance  . . . . . . . . . . . . . . . . . . .   7
     4.4.  Privacy Risks . . . . . . . . . . . . . . . . . . . . . .   7
     4.5.  Fragmentation Across Ecosystems . . . . . . . . . . . . .   7
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   6.  Normative References  . . . . . . . . . . . . . . . . . . . .   7
   7.  Informative References  . . . . . . . . . . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Software agents now participate directly in communication,
   automation, and decision-making on behalf of people.  These agents
   draft messages, initiate transactions, negotiate with other agents,
   and perform tasks that previously required direct human action.  As
   their capabilities expand, agents increasingly act without continuous
   human supervision, and they interact with other agents across diverse
   platforms and ecosystems.



Beyer                    Expires 3 October 2026                 [Page 2]

Internet-Draft      Agent Identity Problem Statement          April 2026


   Existing identity systems authenticate software components, devices,
   or network endpoints, but they do not provide a consistent way to
   represent the human who authorized an agent, the scope of authority
   granted to that agent, or the provenance of actions taken by that
   agent over time.  As a result, agent-to-agent interactions lack a
   durable, verifiable connection to the human identity that ultimately
   bears responsibility.

   This gap creates risks.  Agents can be replicated without constraint,
   delegated without transparency, or operated without a clear chain of
   accountability.  Without a model for human anchoring, delegation, and
   provenance, ecosystems cannot reliably determine whether an agent is
   acting within its intended authority or whether an action can be
   traced back to a responsible human.

   This document describes the problem space for human-anchored agent
   identity.  It identifies the structural gaps in current identity
   mechanisms, outlines the risks created by uncontrolled agent
   replication and impersonation, and motivates the need for an
   architectural model that preserves human authority while enabling
   safe, interoperable agent ecosystems.

   This document does not define a protocol.  It defines the problem
   that an architectural model must address in order to support
   accountable, verifiable, and human-aligned agent behavior across
   platforms and contexts.

2.  Problem Dimensions

   The challenges of human-anchored agent identity arise from several
   structural gaps in current identity systems.  These gaps are not
   limited to any single platform or ecosystem; they reflect a broader
   absence of a model that connects human authority to autonomous or
   semi-autonomous software behavior.  The following dimensions
   illustrate the scope of the problem.

2.1.  Lack of Human Anchoring

   Most identity systems authenticate software components, devices, or
   network endpoints.  They do not provide a durable representation of
   the human who authorized an agent or the scope of authority granted
   to that agent.  As a result, an agent may act without a verifiable
   link to a responsible human, and ecosystems cannot reliably determine
   whether an action reflects human intent.







Beyer                    Expires 3 October 2026                 [Page 3]

Internet-Draft      Agent Identity Problem Statement          April 2026


2.2.  Unscoped or Implicit Delegation

   Agents frequently act on delegated authority, but current systems do
   not provide a consistent way to express the scope, duration, or
   conditions of that delegation.  Delegation is often implicit,
   inferred from context, or embedded in application-specific logic.
   Without explicit, portable delegation semantics, ecosystems cannot
   determine whether an agent is acting within its intended authority.

2.3.  Uncontrolled Replication

   Agents can be copied, instantiated, or replicated across platforms
   without any mechanism to track their lineage or relationship to the
   human who originally authorized them.  This creates uncertainty about
   which instances are legitimate, which are outdated, and which may
   have been created without consent.  Without a model for controlled
   replication, ecosystems cannot distinguish authorized agents from
   unauthorized copies.

2.4.  Loss of Provenance

   As agents act across contexts, the provenance of their actions is
   often lost.  Systems may record that an action was taken by a
   software component, but not which human authorized the agent, which
   delegation chain applied, or whether the agent was operating within
   its intended scope.  Without durable provenance, accountability
   becomes difficult or impossible.

2.5.  Fragmented Interoperability

   Identity systems vary widely across platforms, and no common model
   exists for representing human anchoring, delegation, or provenance in
   a way that can be understood across ecosystems.  As agents interact
   across organizational and technical boundaries, the absence of a
   shared architectural model leads to inconsistent assumptions,
   incompatible representations, and gaps in accountability.

2.6.  Resulting Risks

   These structural gaps create risks for users, platforms, and
   ecosystems.  Agents may act without clear authority, impersonate
   other agents, or be replicated without consent.  Actions may lack
   verifiable provenance, making it difficult to determine
   responsibility or detect misuse.  Without a model that connects human
   identity to agent behavior, ecosystems cannot ensure that agents act
   in ways that reflect human intent.





Beyer                    Expires 3 October 2026                 [Page 4]

Internet-Draft      Agent Identity Problem Statement          April 2026


3.  Current Limitations

   The structural gaps described in Section 2 manifest across existing
   identity systems in ways that limit their ability to support
   human-anchored agent ecosystems.  These limitations are not the
   result of flaws in any particular technology; rather, they reflect
   the absence of a shared model for connecting human authority, agent
   behavior, and verifiable provenance across contexts.  Existing
   identity systems are not designed to support the emerging reality of
   autonomous and semi-autonomous agents acting on behalf of people, and
   a consistent architectural model is needed to preserve human
   authority, express delegation, and maintain verifiable provenance.

3.1.  Identity Systems Do Not Bind Agents to Humans

   Most identity systems authenticate software components, devices, or
   network endpoints.  They do not provide a durable representation of
   the human who authorized an agent or the scope of authority granted
   to that agent.  As a result, an authenticated agent may act without a
   verifiable link to a responsible human, and ecosystems cannot
   determine whether an action reflects human intent.

3.2.  Delegation Is Implicit, Local, or Application-Specific

   Delegation is often encoded in application logic, embedded in access
   tokens, or inferred from context.  These representations are not
   portable across ecosystems and do not express the scope, duration, or
   conditions of authority.  Without explicit, interoperable delegation
   semantics, systems cannot determine whether an agent is acting within
   its intended authority or whether a delegation chain remains valid.

3.3.  Replication Lacks Lineage or Control

   Agents can be copied, instantiated, or replicated across platforms
   without any mechanism to track their lineage or relationship to the
   human who originally authorized them.  Existing identity systems do
   not distinguish between authorized instances and unauthorized copies,
   nor do they provide a way to express which instances remain valid
   over time.  This creates uncertainty about which agents should be
   trusted.

3.4.  Provenance Is Not Preserved Across Contexts

   Systems may record that an action was taken by a software component,
   but they rarely preserve the delegation chain, the human identity
   root, or the conditions under which the agent was authorized.  As
   agents move across platforms, this provenance is often lost, making
   it difficult to determine responsibility or detect misuse.



Beyer                    Expires 3 October 2026                 [Page 5]

Internet-Draft      Agent Identity Problem Statement          April 2026


3.5.  Interoperability Is Fragmented

   Identity systems vary widely in how they represent software identity,
   authorization, and delegation.  No common architectural model exists
   for expressing human anchoring, delegation semantics, or provenance
   in a way that can be understood across ecosystems.  As agents
   interact across organizational and technical boundaries, these
   inconsistencies lead to gaps in accountability and incompatible
   assumptions about authority.

3.6.  Security and Accountability Are Incomplete

   Without a model that connects human identity to agent behavior,
   ecosystems cannot reliably determine whether an agent is acting
   within its intended authority, whether a delegation chain remains
   valid, or whether an action can be traced back to a responsible
   human.  This limits the ability of platforms to detect impersonation,
   prevent unauthorized replication, or enforce accountability across
   agent interactions.

4.  Security and Privacy Considerations

   The absence of a consistent model for human-anchored agent identity
   creates security and privacy risks across ecosystems.  These risks
   arise not from any single technology, but from the structural gaps
   described in this document.  Without a way to connect agent behavior
   to human authority, systems cannot reliably determine whether an
   agent is legitimate, whether it is acting within its intended scope,
   or whether its actions can be traced to a responsible human.  Current
   identity systems do not provide the security or privacy properties
   needed for autonomous and semi-autonomous agents acting on behalf of
   people; a consistent architectural model is required to preserve
   human authority, express delegation, and maintain verifiable
   provenance while avoiding unnecessary linkability or cross-context
   correlation.

4.1.  Impersonation and Misrepresentation

   Agents may impersonate other agents or present themselves as acting
   on behalf of a human without a verifiable link to that human.
   Existing identity systems authenticate software components but do not
   express the human identity root or the delegation chain that
   authorized the agent.  This makes it difficult to detect
   impersonation or determine whether an agent is acting legitimately.







Beyer                    Expires 3 October 2026                 [Page 6]

Internet-Draft      Agent Identity Problem Statement          April 2026


4.2.  Unauthorized Replication

   Agents can be copied or instantiated without the knowledge or consent
   of the human who originally authorized them.  Without a model for
   lineage or controlled replication, ecosystems cannot distinguish
   authorized instances from unauthorized copies, nor can they determine
   which instances remain valid over time.  This creates opportunities
   for misuse, fraud, or unbounded agent proliferation.

4.3.  Loss of Provenance

   As agents act across platforms, the provenance of their actions is
   often lost.  Systems may record that an action was taken by a
   software component, but not which human authorized the agent, which
   delegation chain applied, or whether the agent was operating within
   its intended scope.  Without durable provenance, accountability
   becomes difficult, and misuse may go undetected.

4.4.  Privacy Risks

   In the absence of a consistent architectural model, ecosystems may
   rely on ad-hoc identifiers, cross-context correlation, or
   platform-specific tracking to infer relationships between humans and
   agents.  These practices can erode privacy, create unnecessary
   linkability, or expose sensitive information about human behavior.  A
   model that preserves human authority must also avoid introducing
   global identifiers or mechanisms that enable cross-context tracking.

4.5.  Fragmentation Across Ecosystems

   Because identity systems vary widely, agents may be interpreted
   differently across platforms, leading to inconsistent assumptions
   about authority, delegation, and provenance.  This fragmentation
   increases the likelihood of security gaps, misconfigurations, or
   unintended privilege escalation as agents move across organizational
   boundaries.

5.  IANA Considerations

   This document has no IANA actions.

6.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.





Beyer                    Expires 3 October 2026                 [Page 7]

Internet-Draft      Agent Identity Problem Statement          April 2026


   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, 2017,
              <https://www.rfc-editor.org/rfc/rfc8174>.

7.  Informative References

   [RFC6749]  Hardt, D., "The OAuth 2.0 Authorization Framework",
              RFC 6749, 2012, <https://www.rfc-editor.org/rfc/rfc6749>.

   [RFC7643]  Hunt, P., Ansari, A., Sanchez, M., and K. McCloghrie,
              "System for Cross-domain Identity Management: Core
              Schema", RFC 7643, 2015,
              <https://www.rfc-editor.org/rfc/rfc7643>.

   [DID-Core] Sporny, M., Longley, D., and C. Allen, "Decentralized
              Identifiers (DIDs) v1.0", W3C Recommendation DID-Core,
              2022, <https://www.w3.org/TR/did-core/>.

Author's Address

   Brandon Wesley Beyer
   Independent
   Email: brandnbyr@icloud.com




























Beyer                    Expires 3 October 2026                 [Page 8]
