AI 에이전트 인증 및 권한 부여 IETF RFC 초안

AI Agent Authentication and Authorization draft-klrc-aiagent-auth-01 This document is an Internet-Draft (I-D). Anyone may submit an I-D to the IETF. This I-D is not endorsed by the IETF and has no formal standing in the IETF standards process. | Document | Type | Active Internet-Draft (individual) | | |---|---|---|---| | Authors | Pieter Kasselman , Jeff Lombardo , Yaroslav Rosomakho , Brian Campbell , Nick Steele | || | Last updated | 2026-03-30 | || | RFC stream | (None) | || | Intended RFC status | (None) | || | Formats | ||| | Stream | Stream state | (No stream defined) | | | Consensus boilerplate | Unknown | || | RFC Editor Note | (None) | || | IESG | IESG state | I-D Exists | | | Telechat date | (None) | || | Responsible AD | (None) | || | Send notices to | (None) | draft-klrc-aiagent-auth-01 Network Working Group P. Kasselman Internet-Draft Defakto Security Intended status: Informational J. Lombardo Expires: 1 October 2026 AWS Y. Rosomakho Zscaler B. Campbell Ping Identity N. Steele Open AI 30 March 2026 AI Agent Authentication and Authorization draft-klrc-aiagent-auth-01 Abstract This document proposes a model for authentication and authorization of AI agent interactions. It leverages existing standards such as the Workload Identity in Multi-System Environments (WIMSE) architecture and OAuth 2.0 family of specifications. Rather than defining new protocols, this document describes how existing and widely deployed standards can be applied or extended to establish agent authentication and authorization. By doing so, it aims to provide a framework within which to use existing standards, identify gaps and guide future standardization efforts for agent authentication and authorization. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://PieterKas.github.io/agent2agent-auth-framework/draft-klrc- aiagent-auth.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/. Source for this draft and an issue tracker can be found at https://github.com/PieterKas/agent2agent-auth-framework. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Kasselman, et al. Expires 1 October 2026 [Page 1] Internet-Draft AI-Auth March 2026 Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 1 October 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 4 3. Agents are workloads . . . . . . . . . . . . . . . . . . . . 4 4. Agent Identity Management System . . . . . . . . . . . . . . 6 5. Agent Identifier . . . . . . . . . . . . . . . . . . . . . . 7 6. Agent Credentials . . . . . . . . . . . . . . . . . . . . . . 8 7. Agent Attestation . . . . . . . . . . . . . . . . . . . . . . 9 8. Agent Credential Provisioning . . . . . . . . . . . . . . . . 9 9. Agent Authentication . . . . . . . . . . . . . . . . . . . . 10 9.1. Transport Layer Authentication . . . . . . . . . . . . . 10 9.1.1. Limitations . . . . . . . . . . . . . . . . . . . . . 11 9.2. Application Layer Authentication . . . . . . . . . . . . 11 9.2.1. WIMSE Proof Tokens (WPTs) . . . . . . . . . . . . . . 11 9.2.2. HTTP Message Signatures . . . . . . . . . . . . . . . 12 9.2.3. Limitations . . . . . . . . . . . . . . . . . . . . . 12 10. Agent Authorization . . . . . . . . . . . . . . . . . . . . . 13 10.1. Leverage OAuth 2.0 as a Delegation Authorization Framework . . . . . . . . . . . . . . . . . . . . . . . 13 10.2. Use of OAuth 2.0 Access Tokens . . . . . . . . . . . . . 13 10.3. Obtaining an OAuth 2.0 Access Token . . . . . . . . . . 14 Kasselman, et al. Expires 1 October 2026 [Page 2] Internet-Draft AI-Auth March 2026 10.3.1. User Delegates Auth