Potential Topics — AIW #2
The agenda will be co-created the day of the event by attendees using Open Space Technology. These are ideas folks have submitted as they register, shared to give perspective on what participants are thinking about discussing.
🌐 Open Space Technology
We use Open Space Technology to co-create the agenda live the morning of the event. Below is the list of what attendees shared with us as they registered about topics they hope to learn about, want to present about and topics to discuss with others at the event. It is important to note this list is not used to "create the agenda" that is done by everyone gathered in person May 1, 2026 beginning at 9am.
We use Open Space Technology to co-create the agenda live the morning of the event. Below is the list of what attendees shared with us as they registered about topics they hope to learn about, want to present about and topics to discuss with others at the event. It is important to note this list is not used to "create the agenda" that is done by everyone gathered in person May 1, 2026 beginning at 9am.
Agent Delegation & Authorization
- Delegated authorization and delegation semantics/chains
- Cryptographic proof of delegation for AI agents
- GNAP vs OAuth patterns for agent authorization
- OAuth 2.1 extensions, SPIFFE/SPIRE hybrid patterns
- Scoped, time- and task-bound agent tokens
- The "4-legged identity problem": User → advisor → agent → resource
- Delegated authentication for multi-party commerce
- Proof of intent with AI agents
- A2A delegation without impersonation
- Privilege delegation
- zcap-ld as local policies
- Monotonic delegation of permissions on agents
- How intent and obligations travel alongside A2A / MCP calls
Agent Identity & Trust Establishment
- AI/agent identity fundamentals
- Key management and wallets for AI agents
- Interoperable standards-based trust establishment
- Non-human agent provenance and accountability (DIDs/KERI)
- Trust boundaries and threat modeling for multi-agent systems
- DID-based agent identity and messaging (AWiki.ai as protocol playground)
- Agent discovery and authentication across organizations
- What does the "relying party" look like when the relying party is an agent, not a human?
- Successors to OpenID Connect in the agentic world
MCP (Model Context Protocol)
- MCP security
- OAuth + MCP integration
- MCP-I and delegation mechanisms
- MCP connector round-trips with consent policy gating
- Differential privacy-wrapped MCP tool servers
- MCP/A2A with identity
Agentic Protocols Landscape
- A2A, AP2, ANP, UCP protocols
- Agentic JWT (IETF draft-goswami-agentic-jwt-00)
- AgenticDNS
- Browser integration with agent protocols
- Which protocols are converging vs. re-fighting the same fight at different SDOs
- W3C DID-based agent identity and encrypted messaging (AWiki.ai)
- How DID-based agents authenticate with Web resources, IoT devices, and other agents
Agent Safety, Governance & Human-in-the-Loop
- Governing agentic AI
- Keeping agents under human control
- Human approval UX, interruption/rollback mechanisms
- Safe defaults and sandbox design
- Policy enforcement location in multi-agent systems
- Alignment and catastrophic risk mitigation
- Agent permissions: allow/ask/deny/escalate
- Standardized audit logs and telemetry for agent actions
- Secure tool invocation (shell, file, network, API/MCP)
Verifiable Credentials & DIDs for Agents
- Agent identity using VCs and DIDs
- OpenID4VP / EUDI wallet architecture extended to agent-to-agent flows
- Trust frameworks for autonomous agents
- Proof of Control and verified credentials for personal agents
- Cross-body standards convergence (IETF, W3C, OIDF, ToIP, DIF)
- User-controlled agents / OpenVTC
- Cryptogram-based delegation
Privacy & Compliance in Multi-Agent Systems
- Differential privacy budget composition across agent protocol chains
- Auditability, consent propagation, data minimization
- What breaks when MCP + A2A meet compliance regimes (healthcare, finance)
- Multi-agent systems on regulated data
Non-Person Entity Identity
- HomeID: identity for homes, buildings, households
- Multi-party consent across owner/occupant/landlord/utility/insurer
- Extending user-centric identity to non-person entities
Enterprise & Production
- Securing agents in the enterprise
- IAM specifications for agentic AI
- Corporate agentic AI
- What real multi-agent systems (beyond chatbot + one tool) are running in production
- Intelligent approaches to user-signed-in computer use
Creative & Non-Enterprise Use Cases
- Agent protocols for creative/expressive work (design, art, music, games)
- Are current protocol primitives implicitly enterprise-shaped?
- AI and media
Personal Agents & Data
- Personal data, memory, and secure authorization of agents
- Consent-aware edge and embodied agents (robots, sensors)
📚 Recommended Reading
We ask attendees when they register for suggestions. Here are some recommended resources:
We ask attendees when they register for suggestions. Here are some recommended resources:
- A Survey of AI Agent Protocols
- On Being Agentic
- Upgrade or Switch: Do We Need a Next-Gen Trusted Architecture for the Internet of AI Agents?
- HTTP, APIs and identity articles at code.sgo.to
- WS-REST 2014 Keynote
- Collaboration vlog at collab101.org
- Bot or Not? Why Incentives Matter More Than Identity
- Roads, Robots, and Responsibility: Why Agentic AI Needs Identity Infrastructure
- AI Permissions vs. Human Permissions: What Really Changes?
- Articles at gluufederation.medium.com
- Draft OAuth AI Agents on Behalf of User
- The First Person Project White Paper at firstperson.network
- Email Verifications Protocol
💡 Have a Topic to Add?
These topics will be discussed during the agenda creation in the opening circle. If you have additional topics you'd like to explore, bring them to the workshop and propose them during the agenda-setting session.
These topics will be discussed during the agenda creation in the opening circle. If you have additional topics you'd like to explore, bring them to the workshop and propose them during the agenda-setting session.