AI

Can Your Agents Prove Their Identity Without a Central Authority

As agents become more autonomous and operate across team and organizational boundaries, **who can talk to whom** becomes a security problem, not a routing problem. This post describes a practical approach using W3C Decentralized Identifiers and Verifiable Credentials

Part-3: Who are you? How client Registration works in the Agentic World

We've spent years making sure applications register with Oauth. Does this model still work in the Agentic world? What if your agents could carry their own digital key and walk straight past it? A look at DCR and CIMD and when each earns its place in your agent architecture.

Part-2: Who Said Yes? Designing User Consent for AI Agents

OAuth consent wasn't built for long-lived agents that accumulate capabilities over time. Per-agent client registration, incremental consent, and the distinction between standing and task-scoped authorization give users real control without requiring approval for every API call.

Part-1: Who Called That API? Why AI Agents Need Delegation, Not Impersonation

When an AI agent acts on behalf of a user, your audit log needs to show both identities, not just one. RFC 8693 token exchange makes that possible with scope-narrowed, audience-restricted delegation tokens.

Understanding OAuth Authentication in Amazon Bedrock AgentCore: A Deep Dive

A comprehensive deep dive into Amazon Bedrock AgentCore's dual authentication pattern

AI for Security and Security for AI

A practical, security-first walkthrough for deploying AI.

© 2026 RameshRajan

About | Contact | RSS