[Openid-aiim] Request for feedback: Proposed Identity Addendum to MCP
Lombardo, Jeff
jeffsec at amazon.com
Thu Jul 24 07:14:22 UTC 2025
Thanks Alex, I will review that, and I set you on for July 31st.
Jeff
Jean-François “Jeff” Lombardo | Amazon Web Services
Architecte Principal de Solutions, Spécialiste de Sécurité
Principal Solution Architect, Security Specialist
Montréal, Canada
( +1 514 778 5565
Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.
Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.
From: Openid-aiim <openid-aiim-bounces at lists.openid.net> On Behalf Of Alex Keisner via Openid-aiim
Sent: July 24, 2025 12:22 AM
To: openid-aiim at lists.openid.net
Subject: [EXT] [Openid-aiim] Request for feedback: Proposed Identity Addendum to MCP
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque.
Hi all,
I wanted to share some of the work we've been doing at Vouched, specifically a proposed addendum to MCP<https://modelcontextprotocol-identity.io/introduction> to address the challenge of identity for third-party AI Agents and the users behind them. Our draft is a proposed solution for users engaging third-party AI Agents to take actions on their behalf, and how businesses / services can safely and securely enable those actions. We make proposals for how to:
1. Identify the agent
2. Verify the user / person behind the agent, and
3. Confirm that the user has delegated authority / granted proper permissions to the agent
While this is not intended to be a comprehensive AIIM solution, it does fit well within the scope of what we've been discussing to date in our community group. I would appreciate any and all feedback from this group, and I'm hoping to present it in our session next week on July 31st. Please let me know if you have questions or would like to discuss ahead of time as well.
Alex
--
[Image removed by sender. photo]
Alex Keisner
Head of Know Your Agent
alex.keisner at vouched.id<mailto:alex.keisner at vouched.id> | www.vouched.id<https://www.vouched.id/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-aiim/attachments/20250724/01198a0e/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD0611.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD0611.jpg
URL: <http://lists.openid.net/pipermail/openid-aiim/attachments/20250724/01198a0e/attachment-0001.jpg>
More information about the Openid-aiim
mailing list