Identity Working Groups Meeting Notes - 5/7/26 #199
sevansdell
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Meeting recording
Quick Recap
The Identity Working Group meeting focused on demonstrating the token exchange functionality and discussing agent identity frameworks. Ankit and Supreet presented a demo showing how an agent could create an account and access services through Keycloak using KYA tokens, with the process involving dynamic installation of MCP servers and token exchange. Manish then demonstrated an easier-to-use Envoy platform with CLI tools and a built-in MCP gateway that allows local development and collaboration. The group discussed various agent identity approaches including agent badges, public-private key pairs, and potential integration with existing systems like Okta and SIMD. The conversation ended with updates on ongoing work with Okta, including efforts to get a reference application showcased during Okta's launch week in June, and discussions about potential use cases with companies like Anthropic and AWS.
Next Steps
Dick Hart: Present design principles and details of AAuth at the next Identity Working Group meeting (in two weeks).
Ankit or Supreet: Create a GitHub issue/request for documentation, implementation demo, and/or blog content about the token exchange and related developer onboarding, and coordinate with Julu/John for broadcast to the working group.
Julu: Coordinate with John Perello to provide Sarah with a technical overview and onboarding information about agency, including how to get started and how the different modules and work streams fit together.
Manish: Work with Lyft to review their use cases and implement required extensions in Envoy so Lyft can run locally without needing Kubernetes integration.
Julu/Amrita: Continue outreach to Anthropic and AWS for potential flagship use cases for Okta integration, and coordinate with Sarah for a Dell use case once Amrita returns from vacation.
Sarah: Comment on the upcoming GitHub issue about documentation/demos to show broader support and encourage participation from multiple organizations.
Julu: Organize and broadcast information about the Envoy/BOE developer platform to the broader group, including vlog/video content in June to educate the ecosystem.
Sarah: Track and maintain a list of evolving industry standards and initiatives in the identity space, and seek collaboration to keep the document up to date.
Julu/John: Arrange for John Perello to provide Sarah with a technical walkthrough of agency and its components.
All interested parties: Submit and comment on CFPs for AgentCon, MCPcon, and Open Source Summit EU, using the content and demos discussed.
Summary
Identity Working Group Introduction Meeting:
The meeting began with introductions, where Dick Hart, a new participant, shared his extensive background in identity initiatives at Microsoft and Amazon, as well as his work on OpenID Foundation and OAuth2. Sarah, the co-lead of the Identity Working Group, outlined the meeting's structure and encouraged new participants to contribute topics via GitHub discussions. Dick expressed interest in presenting design principles for AAuth, a new identity initiative, at a future meeting, which Sarah confirmed would be valuable. Julu suggested doing a quick intro around the room to facilitate networking among participants.
Token Exchange Feature Discussion:
The meeting began with introductions from participants representing various organizations including Cisco, Dell Technologies, Skyfire, and others. Ankit provided context on the token exchange feature, explaining its purpose as a complementary mechanism to OAuth for authentication and authorization in agent-to-website and potentially agent-to-agent workflows. The group agreed to start the main discussion with a demo of the token exchange, which Supreet was set to present, followed by updates on sub-workgroup activities and other agenda items.
KYA Token-Based Workflow Demonstration:
Supreet Kaur demonstrated a KYA token-based workflow where an agent retrieves data for U.S. automobile sales from Zapier. The agent first connects to Skyfire's directory to find the appropriate seller and dynamically installs Zapier's MCP server. To access specific tools requiring account creation, the agent creates a KYA token with Skyfire, which is then exchanged for a KeyCloak access token to create or log into a Zapier account. Ankit clarified that Skyfire serves as a KYA token issuer and directory, but the protocol is vendor-agnostic and could work with different token issuers and directories in the future.
Agent Authentication and Data Access:
Supreet demonstrated the process of agent authentication and data access using KYA tokens, Keycloak, and Zapier, showing how access and pay tokens are generated and used to retrieve and visualize datasets. Ankit discussed potential interoperability with agent badges and OAuth, including considerations around SIMD and agent identity, noting ongoing discussions with Sri, John, and Manish about these topics. Supreet confirmed that a session was created in Keycloak for the user Bobby during the agent execution.
Agent Token Exchange Framework Discussion:
The team discussed a demo showing how agents can create or log into accounts using custom token exchange. Ankit explained that they are working with various identity providers including GoDaddy's agent naming service, Google's agent badges, and other frameworks like public-private key pairs and VCs/DIDs. Manish raised concerns about working with GoDaddy due to past experiences with Domain Connect, noting their restrictive approach to domain management. The discussion concluded with plans to explore interoperation between different agent frameworks to promote adoption.
Identity Provider Integration Discussion:
The team discussed identity provider integrations, with Ankit explaining that implementing KYA authentication typically requires only 50 lines of code and can be handled by merchants directly. Ankit mentioned ongoing discussions with Okta about token exchange and delegation tracking in multi-agent systems, noting that human identity remains important across different systems. Mike shared that he had facilitated a session at the Internet Identity Workshop to encourage collaboration among identity system builders.
New Envoy Platform Demonstration:
Manish demonstrated a new platform for developing and collaborating on Envoy, highlighting features like a CLI version, MCP gateway, and a reverse tunnel for encrypted service exposure. He showed how developers can now easily access and share MCP servers, run AI inference gateways, and use community-contributed extensions through the BOE (Built-on Envoy) system. The platform aims to address long-standing challenges with Envoy's complexity and collaboration, making it easier for developers to work locally and share resources with collaborators.
Envoy AI Gateway Development Plans:
The team discussed the ease of use and potential of Envoy-based AI gateways, with Manish demonstrating how simple it is to set up using BOE run. Julu proposed creating blog posts and videos in June to educate the broader ecosystem about developer setup and token payments. Sarah suggested submitting content for AgentCon, MCPcon, and the Open Source Summit CFPs. Ankit expressed interest in building real-world demos showing token exchange via Envoy, particularly focusing on inter-domain and intra-domain examples.
GitHub Request and Implementation Planning:
The team discussed submitting a GitHub request for the working group, with Ankit or Supreet tasked to guide the process. Sarah emphasized the importance of diverse participation from different organizations in the GitHub discussions. The group also touched on documentation and implementation demos, with plans to create a GitHub issue for follow-up. Sarah provided an update on a cross-organization initiative, mentioning a proposed white paper on agent credentials and the potential involvement of the OASF schema. She requested more information on the adoption approach of agency, specifically regarding the integration of SLIM and different modules.
Agency Partnership Progress Discussion:
The team discussed next steps for agency engagement, with John Perello identified as the key contact for technical details. They reviewed progress on the Okta partnership, where Okta expressed interest in showcasing their work during June's launch week, though they requested high-profile customer examples like Anthropic or AWS to draw attention. The team is waiting for Anthropic to complete their current pilot before proceeding with that partnership, while also exploring potential opportunities with AWS and Dell.
Beta Was this translation helpful? Give feedback.
All reactions