[Openid-aiim] IAM needs for Agentic AI and Path Forward

Tom Jones thomasclinganjones at gmail.com
Sat Jul 19 17:33:25 UTC 2025 

non-deterministic agents do present serious challenges to *trust*,
*security*, and *governance*. In domains like digital identity, law,
finance, and public infrastructure, *unpredictability* isn't just
inconvenient—it’s potentially *unacceptable*. Let’s break down why:
⚠️ *Why Non-Determinism Breeds Unacceptability*

   -

   *Inconsistent behavior*: Agents that act differently under the same
   conditions can’t be reliably audited or certified.
   -

   *Untraceable outputs*: It becomes hard to pinpoint cause,
   responsibility, or compliance status.
   -

   *Vulnerability to manipulation*: Adversaries can exploit probabilistic
   logic to induce unwanted outcomes.
   -

   *Loss of control*: Especially in systems involving user consent or legal
   transactions, determinism enables meaningful boundaries.

The above is what a bing bot thinks of this idea.  I agree with it.
Peace ..tom jones


On Sat, Jul 19, 2025 at 10:19 AM Ayesha Dissanayaka <ayshsandu at gmail.com>
wrote:

> Hi Tom,
>
> Thank you for your input. Of course, defining an agent is a top priority
> when considering IAM. It's the very first term in the taxonomy document
> <https://github.com/openid/cg-ai-identity-management/blob/main/deliverable/taxonomy.md> that
> the CG is constructing. 😃
>
> Major AI framework providers have their definitions for AI agents, as I
> tried to summarize here.
> <https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.1iyru8xdjt9u>.
> We can draw some inspiration from them when constructing a definition for
> the AI agents in the context of IAM for Agents.
>
> On your suggestion for the agent definition, the term "consistent
> behavior" might not go well with an agent, as agents are, by
> design, undeterministic and dynamic. If you ask an agent to do the same
> thing twice, there is a fair chance that it will do the task differently,
> unlike a traditional application or a workload.
>
>
> On Sat, Jul 19, 2025 at 12:19 AM Tom Jones <thomasclinganjones at gmail.com>
> wrote:
>
>> you talk about giving ai agents and id, but there appears to be no
>> definition of what an agent must be to deserve an ID.
>> Let's do that  - how about this.
>>
>> An agent is a persistent collection of software and language models
>> together in a workload with a consistent behavior (identity) for the
>> duration of the validity of an assigned Identifier.
>> An agent can be delegated authority by Entities, that is by named objects.
>>
>> Peace ..tom jones
>>
>>
>> On Fri, Jul 18, 2025 at 10:49 AM Ayesha Dissanayaka via Openid-aiim <
>> openid-aiim at lists.openid.net> wrote:
>>
>>> Hi All,
>>>
>>> Thanks, everyone, for your comments on the thoughts on the doc. And I
>>> had a great time discussing this during the CG meeting yesterday. Following
>>> up on our discussion i
>>> <https://github.com/openid/cg-ai-identity-management/wiki/20250717-%E2%80%90-Meeting-notes:-July-17,-2025#ayeshas-agent-identity-discussion-iam-need-for-agentic-ai---brainstorming>n
>>> the last CG meeting, I am moving this conversation to email so that it's
>>> easier to comment and gather thoughts from everyone.  Please refer to
>>> this
>>> <https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0>
>>> documen
>>> <https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0>t
>>> for detailed information.
>>>
>>> The complexity of AI-native applications, when considering GenAI,  has
>>> progressed in added stages of complexity :
>>>
>>>    1.
>>>
>>>    Task-Specific AI: Simple applications using LLMs for specific tasks
>>>    like text generation.
>>>    2.
>>>
>>>    RAG-Enabled AI: Applications that can access and synthesize external
>>>    knowledge bases.
>>>    3.
>>>
>>>    Apps that include Agents: Applications where agents can make
>>>    decisions and execute tasks on a user's behalf.
>>>    4.
>>>
>>>    Agent Teammates: The current frontier, where agents act on their own
>>>    accord and collaborate with humans in shared workflows.
>>>
>>> This evolution presents exciting opportunities, but it also brings a new
>>> set of challenges, particularly in how we manage identity and access. To
>>> ensure we build a secure and trustworthy ecosystem for these agents, we
>>> need to establish a robust set of IAM best practices.
>>>
>>> Here are some of the key requirements that we should be thinking about:
>>>
>>>    -
>>>
>>>    Seamless Integration: Agents need to interact with existing systems,
>>>    like those using OAuth, with minimal disruption.
>>>    -
>>>
>>>    Flexible Action: Agents should be able to act on their own or
>>>    securely on behalf of a user or another entity.
>>>    -
>>>
>>>    Just-in-Time Permissions: To mitigate risks from the
>>>    non-deterministic nature of agents, we need mechanisms for granting
>>>    just-enough access, precisely when it's needed.
>>>    -
>>>
>>>    Clear Accountability: There must be a designated responsible party
>>>    for an agent's actions.
>>>    -
>>>
>>>    Auditable Traceability: All agent actions should be traceable back
>>>    to their identity and the delegating authority.
>>>    -
>>>
>>>    Agent-Specific Controls: Resource servers may need to identify and
>>>    apply specific controls for actions initiated by agents.
>>>    -
>>>
>>>    Lifecycle Management: We need clear governance for the entire
>>>    lifecycle of an agent, from onboarding to decommissioning.
>>>
>>> This is a pivotal moment for us to lead the way in defining the
>>> standards and best practices that will shape the future of agentic AI. To
>>> get the ball rolling, let's consider a few key questions:
>>>
>>>    1.
>>>
>>>    Where can we apply existing standards and best practices?
>>>    2.
>>>
>>>    What are the novel problems that existing solutions can't address?
>>>    3.
>>>
>>>    Where do we need to extend current standards or innovate?
>>>    4.
>>>
>>>    How should an agent's identity be defined and structured?
>>>    5.
>>>
>>>    Develop a shared vocabulary for scenarios, actors, and challenges.
>>>    -
>>>
>>>       Happening at
>>>       https://github.com/openid/cg-ai-identity-management/blob/main/deliverable/taxonomy.md
>>>       as initiated at AIIM-CG
>>>
>>> Please share your thoughts, any references, and any ideas you might have
>>> on the above.
>>>
>>> Looking forward to continuing the discussion.
>>>
>>>
>>> On Wed, Jul 9, 2025 at 10:04 PM Ayesha Dissanayaka <ayshsandu at gmail.com>
>>> wrote:
>>>
>>>> Thanks, Alex, for the comments.
>>>>
>>>> On Mon, Jul 7, 2025 at 8:41 PM Alex Babeanu <alex.babeanu at indykite.com>
>>>> wrote:
>>>>
>>>>> Added some comments to the doc, thanks for sharing Ayesha. This could
>>>>> serve as a starting point for discussion...
>>>>> A side question, could we use a common share drive to such docs or
>>>>> material ?
>>>>>
>>>> Sure, if the CG has such a shared space, I can move the doc there.
>>>> Athul <atul at sgnl.ai>, do we have any such for the AIIM CG?
>>>>
>>>>
>>>>> Cheers,
>>>>>
>>>>> ./\.
>>>>>
>>>>> On Thu, Jul 3, 2025 at 10:56 AM Ayesha Dissanayaka <
>>>>> ayshsandu at gmail.com> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> It's great to be part of this exciting community to discuss IAM for
>>>>>> the Agentic Era.
>>>>>>
>>>>>> Bubbling up a discussion in the Slack channel, I'm sharing this
>>>>>> analysis on emerging IAM challenges from Agentic AI
>>>>>> <https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0#heading=h.secnaj745bir>
>>>>>> systems that now function as autonomous workforce members, and how we can
>>>>>> approach addressing them.
>>>>>>
>>>>>> I'd love to hear working groups' thoughts on this, and collaborate to
>>>>>> extend this work to commonly identify the IAM problems we need to be
>>>>>> solving for agentic AI systems and how.
>>>>>>
>>>>>> I'm happy to discuss these findings at an upcoming meeting. Till
>>>>>> then, let's collaborate on the mailing list and in the doc
>>>>>> <https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0#heading=h.secnaj745bir>
>>>>>> itself.
>>>>>>
>>>>>> Cheers!
>>>>>>
>>>>>> - Ayesha
>>>>>>
>>>>>> --
>>>>>> Openid-aiim mailing list
>>>>>> Openid-aiim at lists.openid.net
>>>>>> https://lists.openid.net/mailman/listinfo/openid-aiim
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>> Alex Babeanu
>>>>> Lead Product Manager, AI Control  Suite
>>>>>
>>>>> t. +1 604 728 8130
>>>>> e. alex.babeanu at indykite.com
>>>>> w. www.indykite.com
>>>>>
>>>> --
>>> Openid-aiim mailing list
>>> Openid-aiim at lists.openid.net
>>> https://lists.openid.net/mailman/listinfo/openid-aiim
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-aiim/attachments/20250719/20967f7c/attachment-0001.htm>

More information about the Openid-aiim mailing list