Skip to content

feat: cross-organizational federation governance model #93

New issue
New issue
Open
Open
feat: cross-organizational federation governance model#93
Labels
enhancementNew feature or request
@imran-siddique

Description

@imran-siddique
imran-siddique
opened on Mar 7, 2026

Problem

A2A bridges and trust handshakes work peer-to-peer, but there's no governance model for agents spanning organizational boundaries. AgentIdentity has organization metadata but it's never used in policy enforcement.

Current model: callee-only enforcement. The receiving agent checks trust scores and capabilities, but there's no mutual enforcement, no org-scoped policy delegation, and no concept of ''org A trusts org B's governance layer.''

Gap

When a Microsoft-governed agent calls a partner org's agent:

  • Who enforces PII policies? Only the callee.
  • Can the caller's org mandate additional constraints? No mechanism.
  • Can orgs establish bilateral policy agreements? No federation protocol.

Proposed Solution

  1. Add OrgPolicy model scoped to organization boundaries
  2. Implement mutual enforcement: caller AND callee both evaluate
  3. Add org-level trust establishment (org-to-org trust, not just agent-to-agent)
  4. Policy delegation: ''org A accepts org B's governance attestation for category X''

/cc @imran-siddique

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions