Today agents gain access to services through a human: a pasted API key, a borrowed OAuth token, or a shared service account. We need ways to generate credentials for agents without human intervention. We'll cover how new standards solve this problem.
The new ID-JAG (Identity Assertion JWT Authorization Grant) spec enables an IdP or agent platform to assert a user's identity to a downstream service, allowing an agent to get scoped access on the user's behalf without requiring user action. We'll explore two applications of ID-JAGs: Cross-App Access for services federated with your IdP, and auth.mdthat lets any agent register when an IDP isn't involved. You'll leave knowing how to make your own service discoverable to any agent, how to issue assertions so a user's agent carries real identity into every API it touches, and how IT retains control.
Session Presented by: