§47 · Lane 8 — Agent Infrastructure Standards & Toolchain
IETF Internet-Draft — AI Agent Authentication and Authorization integration with AU enterprise identity stacks
Kasselman et al. (2026) · draft-klrc-aiagent-auth-01
Bibliographic data
- Title
- IETF Internet-Draft — AI Agent Authentication and Authorization (draft-klrc-aiagent-auth-01)
- Authors / Issuing body
- Pieter Kasselman (Defakto Security), Jeff Lombardo (AWS), Yaroslav Rosomakho (Zscaler), Brian Campbell (Ping Identity), Nick Steele (OpenAI)
- Venue / Publisher
- Internet Engineering Task Force (IETF) — individual Internet-Draft (not WG-adopted)
- Year
- 2026
- Designation
- Internet-Draft
- Licence
- IETF Trust LP — refer to publisher for full licence terms.
How to cite
Kasselman et al. (2026). IETF Internet-Draft — AI Agent Authentication and Authorization (draft-klrc-aiagent-auth-01). Internet Engineering Task Force (IETF) — individual Internet-Draft (not WG-adopted). https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/.
IETF draft setting out authentication and authorisation considerations for AI agents acting on behalf of users, building on OAuth 2.0 and related token mechanisms.
Why it matters for NETEVO
This draft is the most current published treatment of how to authenticate and authorise AI agents acting on behalf of users. The author list signals industry coverage: Defakto Security, AWS, Zscaler, Ping Identity and OpenAI. Its subject matter bears directly on two engineering surfaces: agent identity and scoping, and policy-as-code authorisation.
The draft references the OAuth 2.0 family RFCs (9068, 9700, 7523, 6749, 7591, 9728, 8414, 8693, 7662) and HTTP Message Signatures (RFC 9421). Organisations with established OAuth investments can extend existing infrastructure rather than replace it; that is the path the draft articulates.
This is an individual submission, not Working-Group-adopted, so it carries no formal IETF standing. The klrc tag encodes the author surnames Kasselman, Lombardo, Rosomakho and Campbell; Steele is the fifth author. Adoption by an IETF Working Group would be the first step towards formal standing.
Where NETEVO applies this
- Agent Infrastructure Whitepaper — load-bearing — Dimensions 1 and 2 (identity scoping plus policy-as-code)