[Openid-aiim] Meeting notes
Atul Tulshibagwale
atul at sgnl.ai
Thu Oct 16 17:22:36 UTC 2025
Hi all,
The meeting notes for today's call have been uploaded to the AIIM Wiki
<https://github.com/openid/cg-ai-identity-management/wiki/Meeting-on-2025%E2%80%9010%E2%80%9016>.
I"m pasting them below for convenience.
Atul
--
Atul Tulshibagwale
CTO
<https://www.linkedin.com/in/tulshi/> <atul at sgnl.ai>
---
Oct 16, 2025Attendees
Name
Affiliation
Participation Agreement signed?
Atul Tulshibagwale
SGNL
Yes
Tobin South
Stanford / WorkOS
Yes
tomj
ind
Yes
Bertrand Carlier
Yes! finally
Adwait Shinganwade
Independent
Yes
Alex Keisner
Vouched
Yes
Sarah Cecchetti
Beyond Identity
Yes
Alex Babeanu
Indykite
Yes
Steve Venema
Independent
Yes
Rick Burta
Okta
Yes
Gail Hodges
OIDF
N/A
Nick Dawson
Self
Yes
Flemming Andreasen
Cisco Systems
Yes
Vaibhav Narula
Independent
Yes
Stan Bounev
Blue Label Labs
Yes
Apoorva Deshpande
Okta
Yes
Agenda
1.
Tobin South’s weekly updates
Notes
-
(Tobin) OpenAI AgentKit
-
Only has API key and custom headers
-
(Sarah) iFrames terrify me
-
User management is handle by the MCP
-
(Stan) Apps inside ChatGPT have their own login flow, similar to how
AWS Cognito does it.
-
(Tobin) Client ID Metadata is going to be a part of the MCP spec
(approved)
-
It goes a long way to address security risks left unaddressed by DCR
Atul’s profiles SEP has been folded into the concept of MCP extensions. The
profiles SEP outlined how to negotiate between the MCP client and server
which profiles are supported. Extensions do not yet have a way to negotiate
what extensions are supported. That work still needs to be done.
Feedback for whitepaper: flesh out AP2 section (mandates and VCs) and
KYAPay (tokens)
Alex is suggesting a new addition to payment protocols to add some of the
features that exist today in the transaction tokens spec. One of those is
the ability to “roll back” both transactions and permissions.
-
(Tom) I don’t understand the idea of transaction in this space.
-
It morphs during the interchange, so calling it a transaction tries
to take it into a deterministic space, which is conflicting with the
non-deterministic nature of agents.
-
(Alex) You might want to predefine some transactions
-
(Tom) I don’t know if you can predetermine in AI (conceivable but not
likely)
-
(Alex) We have deterministic systems for transactions, so we should
be able to map AI to that
-
(Brian) Despite the name “transaction” in Transaction Tokens, it is
conceptually different from what Alex was talking about. We should not over
apply that to transactions
-
(Alex) I said “something like”, not exactly Transaction Tokens.
Perhaps Macaroons, etc.
-
(Steve) I’m thinking along the same lines as Alex. The end user doesn’t
trust and agent with everything. Macaroons is one of the ideas I’m thinking
about
-
(Steve) We need to work out some use cases to figure out what we’re
going to do about it
-
(Pieter) Context on TraTs. The concept is to have a short-lived token to
prevent people from having to pass access tokens. It’s really just a way to
down-scope and preserve information. It is meant to be used within specific
trust domains. There’s a separate draft for “Cross-domain Identity Chaining
and Authorization”. The Cross-App access draft from Aaron is based on that.
-
(Atul) The first MCP extension is “Enterprise Managed Access”, which
is related to XAA (probably the same)
-
(Tobin) Smithery, which hosts MCP servers. Aaron is trying to work with
them to do XAA for consumer use cases
-
(Tobin) Examples of non-deterministic reasoning
Threat Modeling
-
(Atul) Thread modelling subgroup is a go ahead
-
(Sarah) Looking at known experience from OIDF/identity experts at the
type of attacks we are likely to see (Gail asked if she meant it was like
FAPI 2.0 attacker model, no not exactly)
-
(Tom) W3C already is working on threat modeling
-
(Stan) We can start with the MITRE framework, but also get feedback from
experts
-
(Sarah) We can contribute back to Safe MCP. We might not need to create
something different.
-
(Stan) Implementers need guidance to make their implementations safer
-
(Chirs) On the lines of Safe-MCP: Lowest hanging fruit are coding
hygiene, token hygiene, etc. There are a bunch of “Security 101” things
that need to be watched out for.
Tobin updates:
-
ArXiv paper being published today
-
IIW next week
-
OIDF specific events on Monday and Friday
-
(Sarah) Next meeting can be converted to an IIW session
-
(Gail) Co-chairs have to say “Note Well” applies. Cochairs hosting an
official CG meeting should just flash the usual event Note Well statement
so people realize their feedback is covered by it and make any public
statements with that in mind.
-
People do not need to sign Participation Agreement, though of course
they are all welcome at any time to take part regularly
OIDF workshop Monday 10/20. It is hybrid, and free. Can come in person to
CISCO offices or attend online.
https://openid.net/registration-open-for-openid-foundation-hybrid-workshop-at-cisco-on-mon-20th-october-2025/
DCP WG meeting invites are in notes to DCP WG email thread.
-
10/20 Morning pre-IIW DCP meeting:
https://dcpwg-iiw-20oct25.eventbrite.co.uk/
-
Post-IIW DCP Friday 10/24: https://dcpwg_iiw_24oct25.eventbrite.co.uk/
For WG meetings in person the Contribution agreement applies if you plan to
make comments, since it is an official WG meeting called for that purpose.
But you can also observe and not make comments, at Cochair notice/approval
which is (in my observation) not an issue.
Great coverage on the AIIM CG Whitepaper since announcement on Oct 7th.
Big thanks to Serj @ OIDF for her PR work & coordination with Tobin for
follow-up interviews and podcasts, etc.
Oct 7: New research by OpenID Foundation exposes critical AI agent security
gaps
· Unchecked AI agents could be disastrous for us all - but OpenID
Foundation has a solution | ZDNET
<https://www.zdnet.com/article/unchecked-ai-agents-could-be-disastrous-for-us-all-but-openid-foundation-has-a-solution/>
· OpenID's new AI identity management whitepaper | Security News
<https://www.sourcesecurity.com/news/openid-foundation-ai-whitepaper-identity-management-co-1751867574-ga-co-1751868156-ga.1759487437.html>
· With the US all-in on AI, buzz on AI agents gets louder and need
for trust increases | Biometric Update
<https://www.biometricupdate.com/202510/with-the-us-all-in-on-ai-buzz-on-ai-agents-gets-louder-and-need-for-trust-increases>
· Zero Trust for AI Agents: Implementing Dynamic Authorization in an
Autonomous World - Security Boulevard
<https://securityboulevard.com/2025/10/zero-trust-for-ai-agents-implementing-dynamic-authorization-in-an-autonomous-world/>
· Beyond Chatbots: Why Agent Security Is the Industry's Next Major
Challenge - Security Boulevard
<https://securityboulevard.com/2025/10/beyond-chatbots-why-agent-security-is-the-industrys-next-major-challenge/>
·
https://www.findarticles.com/openid-idea-to-tame-unchecked-ai-agents-at-scale/
· Unchecked AI agents could be disastrous for us all – but OpenID
Foundation has a solution – TechNewsEKB – Engineering Knowledge Base
<https://technews.shvtech.com/2025/10/unchecked-ai-agents-could-be-disastrous-for-us-all-but-openid-foundation-has-a-solution/>
· Beyond Chatbots: Why Agent Security Is the Industry’s Next Major
Challenge <https://www.unsafe.sh/go-367663.html>
· Unchecked AI agents could be disastrous for us all – but OpenID
Foundation has a solution – SysLog.gr
<https://www.syslog.gr/2025/10/07/unchecked-ai-agents-could-be-disastrous-for-us-all-but-openid-foundation-has-a-solution/>
· New whitepaper reveals urgent agentic AI security risks
<https://www.digit.fyi/ai-agent-security/>
· OpenID Foundation whitepaper exposes critical AI agent security
gaps - Identity Week
<https://identityweek.net/openid-foundation-whitepaper-exposes-critical-ai-agent-security-gaps/>
· Amazon Quick Suite Challenges ChatGPT at Work
<https://www.findarticles.com/amazon-quick-suite-challenges-chatgpt-at-work/>
· Amazon takes shots at ChatGPT with Quick Suite - your new AI
'teammate' at work - WireFan - Your Source for Social News and Networking
<https://www.wirefan.com/2025/10/amazon-takes-shots-at-chatgpt-with-quick-suite-your-new-ai-teammate-at-work/>
· Amazon QuickSuite: AI Rival to ChatGPT for Work – Archyde
<https://www.archyde.com/amazon-quicksuite-ai-rival-to-chatgpt-for-work/>
· Amazon takes shots at ChatGPT with Quick Suite – your new AI
'teammate' at work – Metapress
<https://metapress.net/gaming/2025/10/10/amazon-takes-shots-at-chatgpt-with-quick-suite-your-new-ai-teammate-at-work/>
· AWS's new agentic solution is a searchable AI hub for all… –
Unified Networking
<https://unifiedguru.com/awss-new-agentic-solution-is-a-searchable-ai-hub-for-all-your-enterprise-needs/>
· Agentic AI breaks zero trust: Here’s how to fix it | Biometric
Update
<https://www.biometricupdate.com/202510/agentic-ai-breaks-zero-trust-heres-how-to-fix-it>
· AI Agents Expose Critical Gaps in Cybersecurity – Mexican Business
News
<https://mexicobusiness.news/cybersecurity/news/ai-agents-expose-critical-gaps-cybersecurity>
· OpenID Foundation warns of security flaws in AI agent identity |
The Paypers
<https://thepaypers.com/fraud-and-fincrime/news/openid-foundation-warns-of-security-flaws-in-ai-agent-identity>
· Enterprises take nearly a week to grant new hires full access to
critical workflows - Identity Week
<https://identityweek.net/enterprises-take-nearly-a-week-to-grant-new-hires-full-access-to-critical-workflows/>
· Also secured an email interview with iTNews Australia and a guest
slot on Identity at the Center podcast. Links to be shared when ready.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-aiim/attachments/20251016/2a1f2dfd/attachment-0001.htm>
More information about the Openid-aiim
mailing list