Agent auth draft emerges

The Internet‑Draft was published 2 March 2026 and lists Pieter Kasselman (Defakto Security), Jeff Lombardo (AWS), Yaroslav Rosomakho (Zscaler) and Brian Campbell (Ping Identity) as authors with an Informational status and an expiration date of 3 September [2026 ietf.org]. The text explicitly treats agents as autonomous workloads and catalogs prior art while flagging gaps in delegation, auditing and runtime controls that currently cause organizations to “reinvent the wheel” when building agent orchestration [stacks datatracker.ietf.org]. Slides linked to the draft surface monitoring and remediation as a first‑class concern and point to the Shared Signals Framework / CAEP family as candidate mechanisms for streaming security and session‑state signals between services for real‑time [enforcement datatracker.ietf.org]. On delegation and credential mechanics the draft intentionally defers low‑level protocols, and several independent efforts (for example a credential‑delegation protocol on GitHub) have already been published to fill that operational gap for agent token exchange and bounded [delegation github.com]. Community work has begun to specify richer agent tokens: the Agent Authorization Profile (AAP) documents structured JWT claims for capability scoping, delegation depth and oversight metadata that platform teams can adopt to avoid brittle, ad‑hoc token [formats aap-protocol.org]. Because the draft is an individual Informational I‑D (not an IETF consensus document) that expires 3 September 2026, it creates a six‑month window for implementers and platform teams to prototype interoperability (slides even note the possibility of a future WG), making it a practical launchpad for enterprise GenAI platforms to field test token schemas, continuous signals (SSF/CAEP) and delegation tooling before any formal [standardization datatracker.ietf.org].