<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Segoe UI Emoji";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Wingdings 2";
panose-1:5 2 1 2 1 5 7 7 7 7;}
@font-face
{font-family:"Amazon Ember Heavy";
panose-1:2 11 8 3 2 2 4 2 2 4;}
@font-face
{font-family:"Amazon Ember Light";
panose-1:2 11 4 3 2 2 4 2 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Roboto;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:13.5pt;
font-family:"Aptos",sans-serif;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Aptos",sans-serif;
color:#0F4761;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:272171300;
mso-list-template-ids:-923774826;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1016345743;
mso-list-type:hybrid;
mso-list-template-ids:-665536100 1429009844 202113027 202113029 202113025 202113027 202113029 202113025 202113027 202113029;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:Aptos;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR-CA" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Accountability does not only come from the potential human in the loop but also from:<br>
<br>
<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The training process., and therefore humans and techniques involved into it<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The development of the agent, and therefore humans and techniques involved into It<o:p></o:p></span></li><ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">It is a self dev on a napkin, an enterprise product, an enterprise product by the resource owner<o:p></o:p></span></li></ul>
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo2"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">The operating model, and therefore humans and techniques into it<o:p></o:p></span></li><ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo2"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">Is it local, remote, SaaS<o:p></o:p></span></li></ul>
</ul>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US">That is why I like the idea of AI Agent Assurance levels inspired by Eve.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Amazon Ember Heavy",sans-serif;mso-ligatures:standardcontextual">Jean-François “<span style="color:#E97132">Jeff</span>” Lombardo</span></b><span style="mso-ligatures:standardcontextual"> </span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;mso-ligatures:standardcontextual">|<span style="color:gray">
</span><span style="color:#E97132">Amazon Web Services</span></span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#E97132"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Architecte Principal de Solutions, Spécialiste de Sécurité<br>
Principal Solution Architect, Security Specialist<br>
Montréal, Canada<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-CA" style="font-size:13.5pt;font-family:"Wingdings 2";mso-ligatures:standardcontextual">(</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">
</span><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">+1 514 778 5565<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Commentaires à propos de notre échange?
</span></i><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Exprimez-vous
</span></i><span style="mso-ligatures:standardcontextual"><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886">ici</span></i></a></span><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:4.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">Thoughts on our interaction? Provide feedback
</span></i><span style="mso-ligatures:standardcontextual"><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:#467886">here</span></i></a></span><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Amazon Ember Light",sans-serif;color:gray;mso-ligatures:standardcontextual">.<o:p></o:p></span></i></p>
</div>
<p class="MsoNormal"><span lang="EN-CA" style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-aiim <openid-aiim-bounces@lists.openid.net>
<b>On Behalf Of </b>Pavindu Lakshan via Openid-aiim<br>
<b>Sent:</b> July 24, 2025 6:30 AM<br>
<b>To:</b> Eleanor Meritt <ehmeritt@gmail.com><br>
<b>Cc:</b> openid-aiim@lists.openid.net<br>
<b>Subject:</b> RE: [EXT] [Openid-aiim] IAM needs for Agentic AI and Path Forward<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span style="color:black;background:#FFFF99">: This email originated from outside of the organization. Do not click links or open attachments unless
you can confirm the sender and know the content is safe.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">AVERTISSEMENT</span></strong><span style="color:black;background:#FFFF99">: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez
aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="1123" valign="top" style="width:842.35pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span style="color:black;background:#FFFF99">: This email originated from outside of the organization. Do not click links or open attachments unless
you can confirm the sender and know the content is safe.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">Hi Alex, <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Accountability is tricky... you can't have a human in the loop for every action an agent takes (I wouldn't want to be that poor human having to approve 1000's of daily Agent actions), but indeed the organization putting an Agent online
should be liable for its actions... I think that's a different matter though, prob out-of-scope for us here, isn't it?<o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Accountability doesn't have to always mean humans should always be in the loop, does it? It also can be thought of as closer to a "manager" role. A manager doesn't always get in the way of employees. Instead they set the policies/procedures
and interfere only when it is necessary, yet they take the responsibility for the team they manage.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, Jul 23, 2025 at 11:27<span style="font-family:"Arial",sans-serif"> </span>PM Eleanor Meritt via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Some thoughts:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Standards must support a capability for human accountability. Almost all business use cases will require this with the use of Agentic AI. The NIST AI RMF does say that mechanisms for accountability and documentation should be in place. <o:p></o:p></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Logging and monitoring frameworks should also be supported by standards. Whether or not an AI Agent makes use of them is not something that can be generally controlled. However, I am willing to bet that regulated industries and governments will require them.
While logging captures after the fact events, it's going to be essential to detect insidious behaviors, and prevent future failures or breaches.<o:p></o:p></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Whether or not humans need to be involved in signing off on Agentic AI activities is really an implementation decision on behalf of the "developer" of an AI Agent. We should not worry about approval fatigue as part of this committee.<o:p></o:p></li></ul>
</div>
<div>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
My own opinion is that AI Agents should have their own distinct IAM entity. They are not workforce, or consumers or partners. Categorizing them as workloads also seems too broad as classic SaaS applications are also workload based. We need to be able to detect
AI Agents and apply specific management capabilities. We also need to worry about more subtle forms of security breaches, like manipulation of LLM / RAG training data. <o:p></o:p></li></ul>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">-Eleanor.<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="m_5023671613936720584divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Openid-aiim <<a href="mailto:openid-aiim-bounces@lists.openid.net" target="_blank">openid-aiim-bounces@lists.openid.net</a>>
on behalf of Alex Babeanu via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>><br>
<b>Sent:</b> Wednesday, July 23, 2025 10:02 AM<br>
<b>To:</b> Shahar Tal <<a href="mailto:shahar@cyata.ai" target="_blank">shahar@cyata.ai</a>><br>
<b>Cc:</b> <a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a> <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>><br>
<b>Subject:</b> Re: [Openid-aiim] IAM needs for Agentic AI and Path Forward</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">Accountability is tricky... you can't have a human in the loop for every action an agent takes (I wouldn't want to be that poor human having to approve 1000's of daily Agent actions), but indeed the organization putting an Agent online
should be liable for its actions... I think that's a different matter though, prob out-of-scope for us here, isn't it?
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">AI Identity: Agents and Models are trained on human data. They WILL reproduce human behaviour, including lying and scheming (research already shows this behaviour), therefore issuing human-like identities makes sense. Nevertheless, informing
actual humans they are communicating with an AI seems also important, therefore Agents need human-like identities that can nevertheless be distinguishable from humans. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For my part, I think the work done within the OID4VC group is highly relevant... Issuing VCs to agents makes complete sense: VCs check all the checkboxes of our common doc here. You can tie them back to their orgs (the issuing, end hence
responsible party), establish trust between Agent creators (issuers) and in general authenticate the holder (the Agent). Once authenticated this way, agents could then still be issued regular OAuth tokens, or even transaction tokens (TRaTs) , or in general
follow any existing OAuth spec... no conflict there. Coexist.<br>
<br>
Also claims in those VCs could clearly identify the Holder as an AI entity. Pb solved.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">[Note that VCs are not so different (conceptually) than Spiffe ID Documents: cryptographically provable identities that can be tied back to an issuer...]<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">./\.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, Jul 23, 2025 at 1:04<span style="font-family:"Arial",sans-serif"> </span>AM Shahar Tal via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p><span style="font-size:11.0pt;color:#4472C4">Absolutely agree, Ayesha </span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">-</span><span style="font-size:11.0pt;color:#4472C4"> human accountability is a key pillar in any viable model for agent
identity. Whether it’s an individual owner, an organizational function, or a subject matter expert, the essential element is that
<i>someone</i> must ultimately be accountable. And as you noted, this doesn’t always mean the agent is acting
<i>on behalf of</i> that person </span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">-</span><span style="font-size:11.0pt;color:#4472C4"> accountability and delegation are often distinct.</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;color:#4472C4"> </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;color:#4472C4">Also very glad to see more and more voices acknowledging that agentic identities deserve their own category, not just a bucket under NHIs. In many ways, agents are more human than NHIs
</span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">-</span><span style="font-size:11.0pt;color:#4472C4"> and sometimes more human than humans themselves. They replicate human intent, amplify decision-making,</span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">
mistake-making,</span><span style="font-size:11.0pt;color:#4472C4"> and introduce new risks at unprecedented speed and scale. That demands a new conceptual and technical foundation, and we’re glad to
</span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">take part and </span>
<span style="font-size:11.0pt;color:#4472C4">see this group moving the conversation forward.</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;color:#4472C4"> </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;color:#4472C4">And a quick apology </span><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">-</span><span style="font-size:11.0pt;color:#4472C4"> we refreshed our website yesterday and the blog link was briefly unavailable.
It’s fully accessible again now <a href="https://www.cyata.ai/blog/many-faces-of-agentic-identities" target="_blank">
https://www.cyata.ai/blog/many-faces-of-agentic-identities</a>. Appreciate you referencing it!</span><o:p></o:p></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#4472C4"> </span><o:p></o:p></p>
<p><span lang="EN-US" style="font-size:11.0pt;color:#4472C4">Shahar</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;color:#4472C4"> </span><o:p></o:p></p>
<div id="m_5023671613936720584x_m_-6304507829244651622mail-editor-reference-message-container">
<div>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<b><span style="color:black">From: </span></b><span style="color:black">Openid-aiim <<a href="mailto:openid-aiim-bounces@lists.openid.net" target="_blank">openid-aiim-bounces@lists.openid.net</a>> on behalf of Ayesha Dissanayaka via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>><br>
<b>Date: </b>Tuesday, 22 July 2025 at 18:26<br>
<b>To: </b><a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a> <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>><br>
<b>Subject: </b>Re: [Openid-aiim] IAM needs for Agentic AI and Path Forward</span><o:p></o:p></p>
</div>
<div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Tue, Jul 22, 2025 at 10:29<span style="font-family:"Arial",sans-serif"> </span>PM Ayesha Dissanayaka <<a href="mailto:ayshsandu@gmail.com" target="_blank">ayshsandu@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Hi everyone, Thank you for your comments and suggestions. Please keep them coming. I see that there have been some interesting discussions on the thread while I was away. <o:p></o:p></p>
<div>
<p style="margin-left:36.0pt">The purpose of this brainstorming document is exactly to identify and commonly agree on what areas we should be focusing on from an identity and access management point of view when it comes to agentic AI, how to adopt and apply
existing concepts and standards, and where we need extensions or innovations. <o:p></o:p></p>
<div>
<p style="margin-left:36.0pt"><br>
I recently came across this nice article about <a href="https://cyata.ai/blog/many-faces-of-agentic-identities" target="_blank">many faces of agentic identities</a>, which discusses a behavioral classification of agents with real-world examples.<o:p></o:p></p>
<p style="margin-left:72.0pt">1.<span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span>Agents acting as human counterparts <o:p></o:p></p>
<p style="margin-left:72.0pt">2.<span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span>Agents acting on behalf of users<o:p></o:p></p>
<p style="margin-left:72.0pt">3.<span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span>Agents acting hybrid of both above types<o:p></o:p></p>
</div>
<div>
<div>
<p style="margin-left:36.0pt">I agree that non-deterministic and completely autonomous agents add lots of complexity to the existing infrastructure, but I don't think we can stop agents getting there with the latest technological advancements, and without having
strict low enforcement for building and deploying such agents. <o:p></o:p></p>
</div>
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
However, I do believe there needs to be a responsible party (a human/an organization or some legally bound entity) who is ultimately responsible for the agent, its actions, and side-effects. The party that the agent acts on behalf of can be different from the
party who employs the agent.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">As some of you mentioned above, agent's identity can be a choice of a service account, an application, a workload, something else, or something completely new. I don't like to ground agent identity to this or that yet. But believe
Agents should have some identity to uniquely identify the agent, credentials (s) to prove their identity, and a responsible party.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<p style="margin-left:36.0pt">As Eve suggested, I completely agree that we could start with agents acting upon human delegators' command, which is the most common case today. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Also, as Jeff suggested, I'm happy to improve this brainstorming document with the community feedback and collaboration so that we have a commonly agreeable base for what problems we should be solving for agent IAM, and what directions
we should take. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">And of course, we can start a new document on agent assurance levels, which can be one of the many recommendations/guidelines that come out of AIIM-CG. <o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">P.S. Please don't hesitate to edit the <a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0" target="_blank">document</a> with your suggestions. It's open to community text collaboration. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Tue, Jul 22, 2025 at 5:45<span style="font-family:"Arial",sans-serif"> </span>PM Richard Bird via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Operational issues and considerations:<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">1. If an agent isn’t fully autonomous, does it have agency or is it an only policy bound entity? Is partial agency, agency at all? <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">2. How long post-broad acceptance of agentic AI until “human in the loop” is an unsustainable transactional control model (several people in the industry- example Rock Lambros - believe that answer is almost instantly. That human
in the loop is fundamentally unachievable except for possibly only the highest risk transactions.)<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">3. A log isn’t a control mechanism, it is a post-incident investigative tool. Logs are lagging indicators, not leading indicators. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">4. What control mechanisms can or will be used when agents begin to delegate to other agents? Authorization mechanisms have never been controlled by identity and devops have associated authorization calls with apps and app functions
- not with identities and roles - either human or agentic. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">5. An immutable record of agentic actions, delegations and changes could be created using blockchain - but even then the abberant or errant behavior of an agent would need to generate and action or trigger as a response or mitigation
to that agent’s behavior - otherwise the immutable ledger is just another tool for post event/incident research. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">6. 90 plus percent of all AI exposure is external to our organizations (and it seems that this percentage will remain well above 50% for the foreseeable future). What does key assignment, identity ascription and identity control
look like for a huge class of entities that we do not have direct control over? This issue is why most OEM software companies are assigning service accounts to their agents instead of identities. It eliminates the overhead associated with identity management
and control, completely. And it allows them to bypass T&C notification requirements for code changes (I.e. retraining)<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Sorry for the ad hoc drive-by on this thread. Wasn't entirely sure what the best way to engage was but have found this thread very interesting. Not now nor have ever been a standards type - I’m an old grubby operator by experience.
But obviously this topic is hugely important for the future and I’ve been eyeballs deep in operationalized AI for a few years now. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Kindest,<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Richard Bird <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Rb<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Mon, Jul 21, 2025 at 11:52<span style="font-family:"Arial",sans-serif"> </span>PM Sachin Mamoru via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Hi Eleanor and Tom,<o:p></o:p></p>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Can't we use AI to govern the AI? I mean, one aspect of governing could be to track the Agent's behaviour through logs. Periodical scans of these logs using AI can help us understand when the Agent malfunctions (i.e., when it does
not perform the intended behaviour), and then rectify it.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Having full autonomy in Agents will be difficult to achieve, especially since, ultimately, IAM is zero trust. In the chain of command, there should always be at least one human being to oversee this.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Sachin.<o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Mon, 21 Jul 2025 at 10:49, Tom Jones via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt">interesting question - is there ever any reason what-so-ever for a full autonomous agent. I hope the short term answer is no.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">What is important is that a message sent from the agent must be clear.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Let's try to start with the assumption that any message from any agent must include at least one delegation of authority if an action is to be undertaken.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#38761D;background:#F2F2F2">Peace ..tom jones</span><o:p></o:p></p>
</div>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Sun, Jul 20, 2025 at 7:26<span style="font-family:"Arial",sans-serif"> </span>PM Eleanor Meritt <<a href="mailto:ehmeritt@gmail.com" target="_blank">ehmeritt@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">At the most fundamental level we need to agree on what autonomy means for AI agents. Does that mean there is no logging of their behaviors? No monitoring? No failure handling? No intervention if “something goes wrong”? My gut feeling
is that AI agents should always be monitored by humans as - and Ayesha said it - there is no guarantee that they will behave in the same way twice for the same requests. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Then - getting philosophical - can we agree that every AI agent should always have an ultimately responsible human owner? <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Until we agree on fundamentals like this one, we won’t get very far on defining AIIM standards. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Eleanor. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Sun, Jul 20, 2025 at 1:44<span style="font-family:"Arial",sans-serif"> </span>PM Lombardo, Jeff via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt">I think we can thank Ayesha for putting forward the idea of baes that can define the relation in between an human and an agent, an agent and a resource.</span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt">There is space for improvement on this first Draft for sure, Ayesha candidly opened her text and requested feedback from this group.</span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt">Maybe the best approach is to propose new formulation for the mental model and text description of it, with at heart to remind that this Community Group is here to expose and document
the current state and what needs to be done for the best state with whatever exist today or need to be created tomorrow.</span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt">In this vein (pun intended), I think we should:<br>
- comment wherever needed on Ayesha document to make it more robust<br>
- start a new document on Agentic Assurance Levels</span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<p style="margin-left:36.0pt"><b><span style="font-family:"Arial",sans-serif">Jean-François “<span style="color:#E97132">Jeff</span>” Lombardo</span></b> <span style="font-family:"Arial",sans-serif">|<span style="color:gray">
</span><span style="color:#E97132">Amazon Web Services</span></span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span style="font-size:4.0pt;font-family:"Arial",sans-serif;color:gray"> </span><o:p></o:p></p>
<p style="margin-left:36.0pt"><span style="font-family:"Arial",sans-serif;color:gray">Architecte Principal de Solutions, Spécialiste de Sécurité<br>
Principal Solution Architect, Security Specialist<br>
Montréal, Canada</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<span lang="EN-CA" style="font-size:13.5pt;font-family:"Wingdings 2"">(</span><span lang="EN-CA" style="font-family:"Arial",sans-serif;color:gray">
</span><span style="font-family:"Arial",sans-serif;color:gray">+1 514 778 5565</span><o:p></o:p></p>
<p style="margin-left:36.0pt"><i><span style="font-family:"Arial",sans-serif;color:gray">Commentaires à propos de notre échange?
</span></i><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:gray">Exprimez-vous
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$" target="_blank"><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:#467886">ici</span></i></a><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:gray">.</span></i><o:p></o:p></p>
<p style="margin-left:36.0pt"><span lang="EN-US" style="font-size:4.0pt;font-family:"Arial",sans-serif;color:gray"> </span><o:p></o:p></p>
<p style="margin-left:36.0pt"><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:gray">Thoughts on our interaction? Provide feedback
</span></i><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$" target="_blank"><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:#467886">here</span></i></a><i><span lang="EN-US" style="font-family:"Arial",sans-serif;color:gray">.</span></i><o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"><span lang="EN-CA" style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-aiim <<a href="mailto:openid-aiim-bounces@lists.openid.net" target="_blank">openid-aiim-bounces@lists.openid.net</a>>
<b>On Behalf Of </b>Tom Jones via Openid-aiim<br>
<b>Sent:</b> July 20, 2025 10:29 PM<br>
<b>To:</b> Eve Maler <<a href="mailto:eve@vennfactory.com" target="_blank">eve@vennfactory.com</a>><br>
<b>Cc:</b> Tom Jones <<a href="mailto:thomasclinganjones@gmail.com" target="_blank">thomasclinganjones@gmail.com</a>>;
<a href="mailto:peace@acm.org" target="_blank">peace@acm.org</a>; <a href="mailto:openid-aiim@lists.openid.net" target="_blank">
openid-aiim@lists.openid.net</a><br>
<b>Subject:</b> RE: [EXT] [Openid-aiim] IAM needs for Agentic AI and Path Forward</span><o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="622" style="width:466.5pt;margin-left:36.0pt;border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="622" valign="top" style="width:466.5pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span style="color:black;background:#FFFF99">: This email originated from outside of the organization. Do not click links or open attachments unless
you can confirm the sender and know the content is safe.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="622" style="width:466.5pt;margin-left:36.0pt;border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="622" valign="top" style="width:466.5pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">AVERTISSEMENT</span></strong><span style="color:black;background:#FFFF99">: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez
aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="622" style="width:466.5pt;margin-left:36.0pt;border-collapse:collapse">
<tbody>
<tr style="height:15.25pt">
<td width="622" valign="top" style="width:466.5pt;border:solid #ED7D31 1.5pt;padding:0cm 5.4pt 0cm 5.4pt;height:15.25pt">
<p><strong><span style="font-family:"Aptos",sans-serif;color:black;background:#FFFF99">CAUTION</span></strong><span style="color:black;background:#FFFF99">: This email originated from outside of the organization. Do not click links or open attachments unless
you can confirm the sender and know the content is safe.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<div>
<p style="margin-left:36.0pt">Those ideas are completely broken.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">If an agent, on behalf of a legal person, is allowed to order and pay for goods, then a legal contract was created and satisfied.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Anything else is not agency.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">So the question is, do we have an agent or not?<o:p></o:p></p>
</div>
<table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" style="margin-left:36.0pt">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"></td>
</tr>
</tbody>
</table>
<div>
<p style="margin-left:36.0pt">.<a href="https://www.law.cornell.edu/wex/agent" target="_blank">https://www.law.cornell.edu/wex/agent</a><o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#38761D;background:#F2F2F2">Peace ..tom jones</span><o:p></o:p></p>
</div>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Sun, Jul 20, 2025 at 9:56<span style="font-family:"Arial",sans-serif"> </span>AM Eve Maler <<a href="mailto:eve@vennfactory.com" target="_blank">eve@vennfactory.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt">Feeling philosophical today: Is there room to square this circle?<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">There’s an emerging field of relational AI (vs. transactional — behaviors vs. actions). I’ve been talking to the <a href="https://kaystoner.substack.com" target="_blank">developer</a> of a number of custom GPTs that are aligned
with very precisely drawn personas — and, yes, have also been playing with some of them. The outputs are indeed variable but the behaviors are designed to provide certain kinds of interactive support. Their design also includes some guardrails and some level
of transparency.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Maybe what needs to come first, before we can trust a high-autonomy-level transactional agent, is measurable behavioral alignment with their human delegator (Agentic Assurance Level? :-) ). Perhaps only then can we start to assess
the alignment of any actions that agent takes.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">(Human delegates are not immune to misalignment with their delegator, of course, which is why agency law and the concept of fiduciary duty exist. I doubt AI agents will win humanlike legal status any time soon, but if they are
ever to get anywhere near it, they’ll need to solve these sorts of issues.)<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Eve<o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<img border="0" width="200" height="65" style="width:2.0833in;height:.675in" id="m_5023671613936720584x_m_-6304507829244651622_x005f_x0000_i1030" src="cid:image001.png@01DBFC7B.132D6280"><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:9.0pt;font-family:"Times New Roman",serif;color:#476458">Eve Maler, president and founder</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:9.0pt;font-family:"Times New Roman",serif;color:#476458">Cell and Signal <a href="tel:+1-425-345-6756" target="_blank">+1 (425) 345-6756</a></span><o:p></o:p></p>
</div>
</div>
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">On Jul 19, 2025, at 12:33<span style="font-family:"Arial",sans-serif"> </span>PM, Tom Jones via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<div>
<p style="margin-left:36.0pt">non-deterministic agents do present serious challenges to
<strong><span style="font-family:"Aptos",sans-serif">trust</span></strong>, <strong>
<span style="font-family:"Aptos",sans-serif">security</span></strong>, and <strong>
<span style="font-family:"Aptos",sans-serif">governance</span></strong>. In domains like digital identity, law, finance, and public infrastructure,
<strong><span style="font-family:"Aptos",sans-serif">unpredictability</span></strong> isn't just inconvenient—it’s potentially
<strong><span style="font-family:"Aptos",sans-serif">unacceptable</span></strong>. Let’s break down why:<o:p></o:p></p>
<h3 style="margin-left:36.0pt"><span style="font-family:"Segoe UI Emoji",sans-serif">⚠️</span>
<strong><span style="font-family:"Aptos",sans-serif">Why Non-Determinism Breeds Unacceptability</span></strong><o:p></o:p></h3>
<p style="margin-left:72.0pt"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><strong><span style="font-family:"Aptos",sans-serif">Inconsistent behavior</span></strong>: Agents that act differently under the same conditions can’t be reliably audited or certified.<o:p></o:p></p>
<p style="margin-left:72.0pt"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><strong><span style="font-family:"Aptos",sans-serif">Untraceable outputs</span></strong>: It becomes hard to pinpoint cause, responsibility, or compliance status.<o:p></o:p></p>
<p style="margin-left:72.0pt"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><strong><span style="font-family:"Aptos",sans-serif">Vulnerability to manipulation</span></strong>: Adversaries can exploit probabilistic logic to induce unwanted outcomes.<o:p></o:p></p>
<p style="margin-left:72.0pt"><span style="font-size:10.0pt;font-family:Symbol">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif">
</span><strong><span style="font-family:"Aptos",sans-serif">Loss of control</span></strong>: Especially in systems involving user consent or legal transactions, determinism enables meaningful boundaries.<o:p></o:p></p>
<div>
<p style="margin-left:36.0pt">The above is what a bing bot thinks of this idea. I agree with it.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#38761D;background:#F2F2F2">Peace ..tom jones</span><o:p></o:p></p>
</div>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Sat, Jul 19, 2025 at 10:19<span style="font-family:"Arial",sans-serif"> </span>AM Ayesha Dissanayaka <<a href="mailto:ayshsandu@gmail.com" target="_blank">ayshsandu@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Hi Tom, <o:p></o:p></p>
<div>
<p style="margin-left:36.0pt"><br>
Thank you for your input. Of course, defining an agent is a top priority when considering IAM. It's the very first term in the <a href="https://github.com/openid/cg-ai-identity-management/blob/main/deliverable/taxonomy.md" target="_blank"><span style="font-size:11.0pt;font-family:"Arial",sans-serif">taxonomy
document</span></a> that the CG is constructing. <span style="font-family:"Segoe UI Emoji",sans-serif">😃</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Major AI framework providers have their definitions for AI agents, as I tried to summarize
<a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.1iyru8xdjt9u" target="_blank">
here.</a>. We can draw some inspiration from them when constructing a definition for the AI agents in the context of IAM for Agents. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"><br>
On your suggestion for the agent definition, the term "consistent behavior" might not go well with an agent, as agents are, by design, undeterministic and dynamic. If you ask an agent to do the same thing twice, there is a fair chance that it will do the task
differently, unlike a traditional application or a workload. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Sat, Jul 19, 2025 at 12:19<span style="font-family:"Arial",sans-serif"> </span>AM Tom Jones <<a href="mailto:thomasclinganjones@gmail.com" target="_blank">thomasclinganjones@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt">you talk about giving ai agents and id, but there appears to be no definition of what an agent must be to deserve an ID.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Let's do that - how about this.<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:10.5pt;font-family:Roboto;color:#444746;letter-spacing:.15pt">An agent is a persistent collection of software and language models together in a workload with a consistent behavior (identity) for the duration
of the validity of an assigned Identifier.<br>
An agent can be delegated authority by Entities, that is by named objects.</span><o:p></o:p></p>
</div>
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p style="margin-left:36.0pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#38761D;background:#F2F2F2">Peace ..tom jones</span><o:p></o:p></p>
</div>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Fri, Jul 18, 2025 at 10:49<span style="font-family:"Arial",sans-serif"> </span>AM Ayesha Dissanayaka via Openid-aiim <<a href="mailto:openid-aiim@lists.openid.net" target="_blank">openid-aiim@lists.openid.net</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Hi All, <o:p></o:p></p>
<div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<br>
Thanks, everyone, for your comments on the thoughts on the doc. And I had a great time discussing this during the CG meeting yesterday. Following up on our <a href="https://github.com/openid/cg-ai-identity-management/wiki/20250717-%E2%80%90-Meeting-notes:-July-17,-2025#ayeshas-agent-identity-discussion-iam-need-for-agentic-ai---brainstorming" target="_blank">discussion
i</a>n the last CG meeting, I am moving this conversation to email so that it's easier to comment and gather thoughts from everyone. Please refer to <a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0" target="_blank">this</a><a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0" target="_blank">
documen</a>t for detailed information. <o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">The complexity of AI-native applications, when considering GenAI, has progressed in added stages of complexity :</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:0cm;margin-left:72.0pt;vertical-align:baseline">
<span style="color:#1A1C1E">1.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Task-Specific AI:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Simple applications using LLMs for specific tasks like text generation.</span><o:p></o:p></p>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">2.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">RAG-Enabled AI:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Applications that can access and synthesize external knowledge bases.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">3.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Apps that include Agents:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Applications where agents can make decisions and execute tasks
on a user's behalf.</span><o:p></o:p></p>
</div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:11.0pt;margin-left:72.0pt;vertical-align:baseline">
<span style="color:#1A1C1E">4.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Agent Teammates:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> The current frontier, where agents act on their own accord and collaborate
with humans in shared workflows.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">This evolution presents exciting opportunities, but it also brings a new set of challenges, particularly in how we manage identity and access. To ensure we build a secure and trustworthy
ecosystem for these agents, we need to establish a robust set of IAM best practices.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:14.0pt;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Here are some of the key requirements that we should be thinking about:</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:0cm;margin-left:72.0pt;vertical-align:baseline">
<span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Seamless Integration:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Agents need to interact with existing systems, like those using
OAuth, with minimal disruption.</span><o:p></o:p></p>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Flexible Action:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Agents should be able to act on their own or securely on behalf of
a user or another entity.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Just-in-Time Permissions:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> To mitigate risks from the non-deterministic nature of agents,
we need mechanisms for granting just-enough access, precisely when it's needed.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Clear Accountability:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> There must be a designated responsible party for an agent's actions.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Auditable Traceability:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> All agent actions should be traceable back to their identity
and the delegating authority.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Agent-Specific Controls:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> Resource servers may need to identify and apply specific controls
for actions initiated by agents.</span><o:p></o:p></p>
</div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:11.0pt;margin-left:72.0pt;vertical-align:baseline">
<span style="font-size:10.0pt;font-family:Symbol;color:#1A1C1E">·</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Lifecycle Management:</span></b><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E"> We need clear governance for the entire lifecycle of an agent,
from onboarding to decommissioning.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:14.0pt;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">This is a pivotal moment for us to lead the way in defining the standards and best practices that will shape the future of agentic AI. To get the ball rolling, let's consider a few
key questions:</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:0cm;margin-left:72.0pt;vertical-align:baseline">
<span style="color:#1A1C1E">1.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Where can we apply
<b>existing standards and best practices</b>?</span><o:p></o:p></p>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">2.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">What are the
<b>novel problems</b> that existing solutions can't address?</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">3.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Where do we need to
<b>extend current standards or innovate</b>?</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">4.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">How should an
<b>agent's identity</b> be defined and structured?</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:72.0pt;vertical-align:baseline"><span style="color:#1A1C1E">5.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1A1C1E">Develop a shared vocabulary for scenarios, actors, and challenges.</span><o:p></o:p></p>
</div>
<div>
<p style="margin-left:108.0pt;vertical-align:baseline"><span style="font-size:10.0pt;font-family:"Courier New";color:#1A1C1E">o</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1A1C1E">
</span><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#1A1C1E">Happening at
<a href="https://github.com/openid/cg-ai-identity-management/blob/main/deliverable/taxonomy.md" target="_blank">
https://github.com/openid/cg-ai-identity-management/blob/main/deliverable/taxonomy.md</a> as initiated at AIIM-CG</span><o:p></o:p></p>
</div>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:0cm;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Please share your thoughts, any references, and any ideas you might have on the above.</span><o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:0cm;margin-bottom:14.0pt;margin-left:36.0pt">
<span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:#1A1C1E">Looking forward to continuing the discussion.</span><o:p></o:p></p>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Wed, Jul 9, 2025 at 10:04<span style="font-family:"Arial",sans-serif"> </span>PM Ayesha Dissanayaka <<a href="mailto:ayshsandu@gmail.com" target="_blank">ayshsandu@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt">Thanks, Alex, for the comments. <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Mon, Jul 7, 2025 at 8:41<span style="font-family:"Arial",sans-serif"> </span>PM Alex Babeanu <<a href="mailto:alex.babeanu@indykite.com" target="_blank">alex.babeanu@indykite.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Added some comments to the doc, thanks for sharing Ayesha. This could serve as a starting point for discussion...
<o:p></o:p></p>
<div>
<p style="margin-left:36.0pt">A side question, could we use a common share drive to such docs or material ?<o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p style="margin-left:36.0pt">Sure, if the CG has such a shared space, I can move the doc there. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"><a href="mailto:atul@sgnl.ai" target="_blank"><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#0B4C8C">Athul</span></a>, do we have any such for the AIIM CG?<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Cheers,<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">./\.<o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
<div>
<div>
<p style="margin-left:36.0pt">On Thu, Jul 3, 2025 at 10:56<span style="font-family:"Arial",sans-serif"> </span>AM Ayesha Dissanayaka <<a href="mailto:ayshsandu@gmail.com" target="_blank">ayshsandu@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p style="margin-left:36.0pt">Hi All, <o:p></o:p></p>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">It's great to be part of this exciting community to discuss IAM for the Agentic Era. <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt">Bubbling up a discussion in the Slack channel, I'm sharing this analysis on emerging
<a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0#heading=h.secnaj745bir" target="_blank">
IAM challenges from Agentic AI</a> systems that now function as autonomous workforce members, and how we can approach addressing them.<o:p></o:p></p>
<p style="margin-left:36.0pt">I'd love to hear working groups' thoughts on this, and collaborate to extend this work to commonly identify the IAM problems we need to be solving for agentic AI systems and how.<o:p></o:p></p>
<p style="margin-left:36.0pt">I'm happy to discuss these findings at an upcoming meeting. Till then, let's collaborate on the mailing list and in the
<a href="https://docs.google.com/document/d/1PhWC4KRO00kOPUW113ldG06Vii5dZjW3ljiV1tA0GCc/edit?tab=t.0#heading=h.secnaj745bir" target="_blank">
doc</a> itself.<o:p></o:p></p>
<p style="margin-left:36.0pt">Cheers!<o:p></o:p></p>
<p style="margin-left:36.0pt">- Ayesha<o:p></o:p></p>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
<div>
<p style="margin-left:36.0pt"><br clear="all">
<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt">-- <o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="600" style="width:450.0pt;margin-left:36.0pt">
<tbody>
<tr>
<td width="103" valign="top" style="width:77.4pt;padding:0cm 12.0pt 0cm 12.0pt">
<p><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="71" height="129" style="width:.7416in;height:1.3416in" id="m_5023671613936720584x_m_-6304507829244651622m_-9150848258727478554m_265663060353256450m_5501519320488176161m_-3714394023806664077m_1570458074276552734m_5817149226882384460_x005f_x0000_i1025" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span><o:p></o:p></p>
</td>
<td width="16" style="width:12.0pt;border:none;border-left:solid #D4D4D4 1.0pt;padding:24.0pt 0cm 24.0pt 0cm">
</td>
<td valign="top" style="padding:24.0pt 0cm 24.0pt 0cm">
<p><b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
Alex Babeanu</span></b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif">Lead Product Manager, AI Control Suite</span><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C"><br>
t. +1 604 728 8130<br>
e. <a href="mailto:alex.babeanu@indykite.com" target="_blank"><span style="color:#1155CC">alex.babeanu@indykite.com</span></a> <br>
w. <a href="http://www.indykite.com/" target="_blank"><span style="color:#1155CC">www.indykite.com</span></a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</blockquote>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
<div>
<p style="margin-left:36.0pt"><br clear="all">
<o:p></o:p></p>
</div>
<div>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt">-- <o:p></o:p></p>
<div>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="602" style="width:451.5pt;margin-left:36.0pt;border-collapse:collapse">
<tbody>
<tr style="height:9.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:9.0pt"></td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr style="height:.75pt">
<td valign="top" style="padding:0cm 10.5pt 0cm 0cm;height:.75pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="65" style="width:48.75pt;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 7.5pt 0cm 0cm">
<p><span style="border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="65" height="65" style="width:.675in;height:.675in" id="m_5023671613936720584x_m_-6304507829244651622_x005f_x0000_i1028" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
<td width="0" style="width:.3pt;border:none;border-right:solid #BDBDBD 1.0pt;padding:0cm 0cm 0cm 0cm;height:.75pt">
<p><span style="font-size:1.0pt;font-family:"Arial",sans-serif;color:black"> </span><o:p></o:p></p>
</td>
<td valign="top" style="padding:0cm 0cm 0cm 10.5pt;height:.75pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 9.0pt 0cm">
<p><b><span style="font-family:"Arial",sans-serif;color:#646464">Sachin Mamoru </span>
</b><br>
<b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#646464">Senior Software Engineer, WSO2</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 4.5pt 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p style="line-height:10.5pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="tel:+94771292681" target="_blank"><span style="color:#212121">+94771292681</span></a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
<td style="padding:0cm 0cm 4.5pt 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 3.0pt 0cm 3.0pt">
<p style="line-height:10.5pt"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#212121">|
</span></b><o:p></o:p></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p style="line-height:10.5pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="https://sachinmamoru.me" target="_blank"><span style="color:#212121">sachinmamoru.me </span></a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 4.5pt 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p style="line-height:10.5pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><a href="mailto:sachinmamoru@gmail.com" target="_blank"><span style="color:#212121">sachinmamoru@gmail.com </span></a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding:9.0pt 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:0cm 4.5pt 0cm 0cm">
<p align="center" style="text-align:center"><a href="https://www.linkedin.com/in/sachin-mamoru/" target="_blank"><span style="border:solid windowtext 1.0pt;padding:0cm;text-decoration:none"><img border="0" width="25" height="25" style="width:.2583in;height:.2583in" id="m_5023671613936720584x_m_-6304507829244651622_x005f_x0000_i1027" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span></a><o:p></o:p></p>
</td>
<td style="padding:0cm 4.5pt 0cm 0cm">
<p align="center" style="text-align:center"><a href="https://twitter.com/MamoruSachin" target="_blank"><span style="border:solid windowtext 1.0pt;padding:0cm;text-decoration:none"><img border="0" width="25" height="25" style="width:.2583in;height:.2583in" id="m_5023671613936720584x_m_-6304507829244651622_x005f_x0000_i1026" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span></a><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p> <o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="max-width:450.0pt">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p style="margin-left:36.0pt"> <o:p></o:p></p>
</div>
<p style="margin-left:36.0pt"><span style="border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="100" height="100" style="width:1.0416in;height:1.0416in" id="m_5023671613936720584x_m_-6304507829244651622_x005f_x0000_i1025" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span><o:p></o:p></p>
</div>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
</div>
<p style="margin-left:36.0pt">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</blockquote>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="600" style="width:450.0pt">
<tbody>
<tr>
<td width="44" valign="top" style="width:33.0pt;padding:0cm 12.0pt 0cm 12.0pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black;border:solid windowtext 1.0pt;padding:0cm"><img border="0" width="71" height="129" style="width:.7416in;height:1.3416in" id="Picture_x0020_8" src="cid:~WRD2064.jpg" alt="Image removed by sender."></span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p></o:p></span></p>
</td>
<td width="16" style="width:12.0pt;border:none;border-left:solid #D4D4D4 1.0pt;padding:24.0pt 0cm 24.0pt 0cm">
</td>
<td valign="top" style="padding:24.0pt 0cm 24.0pt 0cm">
<p class="MsoNormal"><b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:black"><br>
Alex Babeanu</span></b><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:black"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">Lead Product Manager, AI Control Suite</span><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:black"><br>
</span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#4C4C4C"><br>
t. +1 604 728 8130<br>
e. <a href="mailto:alex.babeanu@indykite.com" target="_blank"><span style="color:#1155CC">alex.babeanu@indykite.com</span></a> <br>
w. <a href="http://www.indykite.com/" target="_blank"><span style="color:#1155CC">www.indykite.com</span></a></span><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<p class="MsoNormal">-- <br>
Openid-aiim mailing list<br>
<a href="mailto:Openid-aiim@lists.openid.net" target="_blank">Openid-aiim@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-aiim" target="_blank">https://lists.openid.net/mailman/listinfo/openid-aiim</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</body>
</html>