Khaled Koubaa
AT Worthy has submitted technical comments to the National Institute of Standards and Technology's National Cybersecurity Center of Excellence in response to the draft concept paper on Software and AI Agent Identity and Authorization.
The submission reflects a simple but consequential view. As AI agents begin to operate across enterprise systems, external services, and multi vendor environments, identity cannot be reduced to credentials alone. Before authentication and authorization can function reliably, systems need a coherent way to name, reference, and distinguish the agents themselves.
Our feedback sets out ten practical observations intended to strengthen the discussion at an early stage.
First, the current conversation must distinguish more clearly between internal enterprise identifiers and globally resolvable agent identifiers. Many existing identity systems work well inside organizational boundaries, yet agentic systems are increasingly crossing those boundaries. In that setting, local identifiers are often insufficient.
Second, the naming and identifier layer deserves explicit treatment as a foundational component. Authentication and authorization answer whether an entity can access a resource. They do not, by themselves, solve the prior question of how that entity is named, recognized, and referenced consistently across systems.
Third, agents that operate across multiple trust domains require identities that remain stable even when credentials, tokens, or technical implementations change. A durable identifier creates continuity across platforms, vendors, and lifecycle events. Without that continuity, interoperability becomes fragile and audit trails become harder to interpret.
Fourth, human identities and agent identities should be treated as related but distinct classes. This distinction matters not only for security and accountability, but also for naming conventions, delegation models, and operational clarity at scale. A system that blurs the two will eventually create confusion in governance, compliance, and oversight.
Fifth, hierarchical, human readable, and globally unique naming can materially reduce ambiguity in complex environments. As the number of deployed agents grows, naming becomes more than an administrative detail. It becomes part of the operating infrastructure. Clear naming reduces configuration errors, simplifies troubleshooting, and supports better policy enforcement.
Sixth, our comments propose DNS based identifiers as a neutral and interoperable naming layer that can complement existing identity and access management systems. This approach does not require changes to OAuth, OpenID Connect, or other established authentication flows. It provides a stable reference layer that can sit alongside them.
Seventh, we note that Model Context Protocol interactions can benefit from stable, resolvable agent identifiers shared across tools and platforms. If agents are expected to interact in increasingly modular ecosystems, then consistent naming will matter for trust, discovery, routing, logging, and coordination.
Eighth, the submission recognizes the value of SPIFFE and SPIRE for internal workload identity. These frameworks are strong building blocks for cloud native environments. At the same time, when organizations need to bridge identity across clusters, vendors, and external systems, an additional external naming layer may become necessary.
Ninth, we encourage early consideration of interoperable naming even for deployments that begin as purely internal. Many systems are designed for a narrow present use case and later forced to expand into partner, customer, or public facing environments. If identifier design is postponed, future scaling becomes more difficult and more expensive.
Tenth, we recommend that reference implementations illustrate how a stable agent identifier can connect identity, authorization, logging, delegation, and auditability across systems. This is where architecture becomes operational reality. The strongest concepts are those that can be shown working across real workflows, not only described at an abstract level.
AT Worthy's submission is anchored in a broader conviction. As AI agents move from isolated tools to active participants in enterprise and cross organizational environments, identity architecture must evolve with them. The market does not only need stronger authentication. It also needs a durable way to name agents coherently, distinguish them from human actors, and preserve traceability across systems.
That work should begin now, while standards and implementation patterns are still taking shape.
AT Worthy welcomes continued engagement with NIST, the NCCoE, and the wider technical community on the infrastructure needed to support trustworthy, interoperable, and accountable AI agents.
