# Agent Identity

> A verifiable answer to 'which agent, acting for whom, is making this request?'

_The Agentic Web Lexicon · /glossary/agent-identity · [JSON](/api/glossary/agent-identity) · [all The Agentic Web Lexicon](/glossary)_

- **term:** Agent Identity
- **category:** identity
- **short_def:** A verifiable answer to 'which agent, acting for whom, is making this request?'
- **long_def:** Built from signed requests (Web Bot Auth / RFC 9421), declared user-agents and operator-published verification (IP ranges, reverse DNS). Strong agent identity is the precondition for agent-native access control and commerce.
- **see_also:** web-bot-auth, agentic-commerce
- **etymology_origin:** — (verify-against-primary-at-build)
- **related_to:** web-bot-auth, agentic-commerce, a2a, ai-crawler
- **contrast_with:** Unlike Web Bot Auth, which is the cryptographic mechanism, agent identity is the broader answer it serves — who the agent is AND on whose behalf it acts (the principal), spanning signatures, reverse DNS and Agent Cards.
- **example:** An agent's identity is verified by combining a Web Bot Auth Ed25519 signature (RFC 9421) with operator-published IP ranges and reverse DNS, since user-agent strings alone are spoofable.
- **source:** https://datatracker.ietf.org/doc/html/rfc9421
- **status:** emerging
- **why_it_matters:** Agent identity is the gate before access control and commerce: a site cannot safely grant agents paid or privileged access without first knowing which agent — and which principal — it is dealing with.
- **sameAs:** —
- **bridge_entity:** protocols/identity/web-bot-auth
- **last_verified:** 2026-06-15
- **md_twin:** /glossary/agent-identity.md