2026-05-29 –, Arena
This talk explains why AI agents should be treated as workloads, not magical new identity subjects. It shows how existing standards such as SPIFFE, WIMSE, OAuth 2.0, and SSF applies to agent systems, while also identifying gaps.
The AI Agent Authentication and Authorization draft was introduced at IETF 125 (https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/). The draft start from the premise that agents are workloads, then build on proven identity and authorization standards rather than inventing bespoke schemes for every new agent framework.
This talk walks through that model and explores what it means in practice. We will examine how agent identifiers, credentials, attestation, provisioning, authentication, authroization and observabily, monitoring and remediation can be mapped onto familiar building blocks such as SPIFFE, WIMSE, OAuth 2.0 and SSF.
We will also discuss where today’s standards are already sufficient, where implementation guidance is still missing, and where future IETF work may be needed.
Attendees will leave with a practical framework for thinking about AI agent aythetnication and authorization, starting with a mental model that agents are workloads that leverage existing, widely deployed, standards.
As a Distinguished Engineer for Ping Identity, Brian aspires to one day know what a Distinguished Engineer actually does for a living. In the meantime, he's tried to make himself useful with little things like designing and building much of PingFederate, the product that put Ping Identity on the map. When not making himself useful, he tries to build his legacy by sneaking his name onto technical documents that few people will ever actually read, including some identity and security standards in the IETF and OpenID Foundation. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.
Pieter Kasselman is an Identity Enthusiast, focused on standards based identity products. Pieter has over 25 years' experience as a technologist and engineer, working on bringing new technologies and business models to market. Pieter's first encounter with identity was his final year project which used neural networks to identify users based on typing patterns. Since then he worked in a number of roles as an information security analyst, software engineer and program manager in industries that include finance, software, silicon and cloud. His diverse background gives him a unique perspective of the importance of identity and the role of identity standards as both a business enabler and the first line of defence for.
Yaroslav Rosomakho is Chief Scientist at Zscaler, where he leads research and strategy across emerging technologies, secure networking, and cryptographic protocols. He is an active contributor to the IETF, member of the Internet Architecture board and chair of SEAT and HPKE working groups. In addition to that he contributes to TLS, QUIC, HTTP, WIMSE and MASQUE. Yaroslav has a background in building large-scale security systems and has held leadership roles at Netskope and Arbor Networks. He is passionate about bridging deep technical insight with practical deployment strategies.