Agent Identity

A verifiable answer to 'which agent, acting for whom, is making this request?'

term

Agent Identity

category

identity

short_def

A verifiable answer to 'which agent, acting for whom, is making this request?'

long_def

Built from signed requests (Web Bot Auth / RFC 9421), declared user-agents and operator-published verification (IP ranges, reverse DNS). Strong agent identity is the precondition for agent-native access control and commerce.

see_also

web-bot-auth agentic-commerce

etymology_origin

— verify-against-primary-at-build ↗ https://datatracker.ietf.org/doc/html/rfc9421 — 'agent identity' is a composite agentic-web concept (Web Bot Auth + reverse-DNS + Agent Cards) with no single coining spec

related_to

web-bot-auth agentic-commerce a2a ai-crawler

contrast_with

Unlike Web Bot Auth, which is the cryptographic mechanism, agent identity is the broader answer it serves — who the agent is AND on whose behalf it acts (the principal), spanning signatures, reverse DNS and Agent Cards.

example

An agent's identity is verified by combining a Web Bot Auth Ed25519 signature (RFC 9421) with operator-published IP ranges and reverse DNS, since user-agent strings alone are spoofable.

source

https://datatracker.ietf.org/doc/html/rfc9421

status

emerging

why_it_matters

Agent identity is the gate before access control and commerce: a site cannot safely grant agents paid or privileged access without first knowing which agent — and which principal — it is dealing with.

sameAs

—

bridge_entity

protocols/identity/web-bot-auth

last_verified

2026-06-15

md_twin

/glossary/agent-identity.md

← all The Agentic Web Lexicon · .md · JSON