Network Working Group K. Yao Internet-Draft P. Liu Intended status: Informational China Mobile Expires: 2 January 2026 1 July 2025 Digital Identity Management for AI Agent Communication Protocols draft-yl-agent-id-requirements-00 Abstract AI agents are rapidly and massively transitioning from cutting-edge technology into real life. The AI agent communication protocol will establishing a critical means to connect agents with different users, tools, and other agents. Among all the features of AI agent communication protocol, digital identity is one of the most important components. Developing a cross-industry, universal, flexible, interoperable, and secure AI agent digital identity protocol is the foundation for achieving communication between agents and other entities in future network. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 2 January 2026. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Yao & Liu Expires 2 January 2026 [Page 1] Internet-Draft Agent Digital Identity Requirements July 2025 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Digital Identity Management Related Use Cases in the Context of AI Agent Communications . . . . . . . . . . . . . . . . . 3 2.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Potential Digital Identity Management Requirements for AI Agent Communication . . . . . . . . . . . . . . . . . . . . . . 5 3.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 5 3.2.1. Global Unique Identifier . . . . . . . . . . . . . . 5 3.2.2. User Binding . . . . . . . . . . . . . . . . . . . . 5 3.3. Attribute . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3.1. Skill . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3.2. Capability . . . . . . . . . . . . . . . . . . . . . 5 3.3.3. Service . . . . . . . . . . . . . . . . . . . . . . . 6 3.3.4. Key Credential . . . . . . . . . . . . . . . . . . . 6 3.4. Security . . . . . . . . . . . . . . . . . . . . . . . . 6 3.4.1. Authentication . . . . . . . . . . . . . . . . . . . 6 3.4.2. Authorization . . . . . . . . . . . . . . . . . . . . 6 3.5. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 7 3.5.1. Intra-domain . . . . . . . . . . . . . . . . . . . . 7 3.5.2. Inter-domain . . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 8. Informative References . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction In recent years, large model-based generative AI is rapidly advancing, paving the way for the arrival of AGI. Technically, the large model has evolved from the single-modal LLMs like ChatGPT to multi-modal Vision-Language Models (VLMs) such as DALL-E, SORA, and GPT-4o. It now evolves to the Vision-Language-Action (VLA) models for robot control, like Google's RT-2 and RT-H. A large number of new intelligent terminals emerge, and embodied AI is poised to become the most valuable application of AI. A plethora of traditional terminals are being upgraded to AI ones through embedded large models and AI agents, for example, AI phones, AI Yao & Liu Expires 2 January 2026 [Page 2] Internet-Draft Agent Digital Identity Requirements July 2025 wearables, and AI PCs. In addition, embodied AI comes in. It refers to intelligent agents that can understand, reason, and interact with the physical world, such as intelligent robots, self-driving cars, and robot dogs. Humanoid robots are one of the core scenarios of embodied AI. According to the prediction of GGII, the global humanoid robot market is projected to grow from USD 1.017 billion in 2024 to USD 15 billion in 2030, increasing at a compound annual growth rate (CAGR) of 56%. The global sales volume of humanoid robots will increase from 11,900 to 605,700. Everyone may have a virtual intelligent assistant. AI agents understand user needs, schedule tasks, and invoke and combine massive applications autonomously. AI agents will revolutionize application- centric development mode and Graphic User Interface (GUI)-based human-machine interaction. This innovation leads to entries for super applications and super traffic. Many relavant use cases have been mentioned in [I-D.rosenberg-ai-protocols]. These AI agents are poised to be the "new citizens" of future network connections, heralding an economic boom and ushering human social life into a new era of collaboration between humans and AI agents, as well as among AI agents themselves. 2. Digital Identity Management Related Use Cases in the Context of AI Agent Communications 2.1. General According to ITU-T [Digital-identity], the digital identity is defined as follows: Digital Identity: The International Telecommunication Union (ITU) defines the concept of identity as a ‘representation of an entity in the form of one or more attributes that allow the entity or entities to be sufficiently distinguished within context’. Building on this definition, we might state that a digital identity is the digital representation of an entity detailed enough to make the individual distinguishable within a digital context. According to 3GPP [TR22.870], an AI agent is defined as follows: Al Agent: an automated intelligent entity capable of e.g. interacting with its environment, acquiring contextual information, reasoning, self-learning, decision-making, executing tasks (autonomously or in collaboration with other Al Agents) to achieve a specific goal. Yao & Liu Expires 2 January 2026 [Page 3] Internet-Draft Agent Digital Identity Requirements July 2025 Thus the digital identity of an AI agent could be defined as “the digital representation of an AI agent detailed enough to make individual distinguishable within an AI agent communication context.” The digital identity contains mainly 3 parts: identifier, attribute and key credential. 2.2. Use Cases According to 3GPP TR 22.870, there are some use cases discussing AI agent that communicate from/to terminal side with the support of digital identity. AI agents communication: - As communication serves as a common mechanism for sharing information, there will be more and more users and their AI agents that need to be supported in a near future. A group could be established for users and their AI agents to communicate with each other. To complete a complex task involving multiple users and triggered by a user, AI agent or application, communication domain for multiple groups could be established, the users and AI agents working for the same task can be explicitly identified by the task request or implicit identified based on location area or relative distance. Communication domain could be dynamically created for users and AI agents from multiple groups to communicate with each other for a specific task during a specific time. Only the AI agents in the same domain can communicate with each other. If authenticated / authorized, users and AI agents could join this group via various access technologies, including the cellular network, Wi-Fi and Ethernet, etc. Intelligent Communication Assistants: - Overall, intelligent communication assistant provided by the operators natively is a customized service. It can interact with end users through voice, text, gesture or other modalities to provide enhanced experience. The assistant can be customized for each particular user by accessing user data stored in the network. With user’s consent, it can provide various communication services and support individual users based on user’s intention and requirement. The provided services include intent-based search, personalized recommendations, voice-controlled smart home devices, and interaction with various services (including 3rd party AI assistant or capabilities) or devices. The customization can be achieved by providing different levels of the intelligent communication assistant service, based on the authorization from the user for user data. Yao & Liu Expires 2 January 2026 [Page 4] Internet-Draft Agent Digital Identity Requirements July 2025 3. Potential Digital Identity Management Requirements for AI Agent Communication 3.1. General Digital Identity in the context of AI agent communication involves several common requirements to ensure effective, efficient, and secure interactions. Here is a list of potential key requirements derived from the illustrative use cases provided in the previous sections. They are not yet formally approved by 3GPP and only provided for information/discussion. 3.2. Identifier 3.2.1. Global Unique Identifier AI agents SHOULD have a global unique identifier in an universal interoperable format to ensure the identifier can be used to dynamically identify and locate the AI agent. 3.2.2. User Binding AI agents are designed to provide services for the human user, sometimes on behalf of the user. The digital identity of an AI agent MUST support the description of its associated user, so that the AI agent communication protocol can further support user authorization when needed. 3.3. Attribute 3.3.1. Skill AI Agents can support multiple skills, and these skills may not be provided by a single manufacturer or provider. Considering that skill is the nature of AI agent communication and one of the most important properties of an AI agent. The definition of skills with different origins for an AI agent SHOULD be supported. 3.3.2. Capability AI agent are able to communicate with other agents through multi- modal capabilities, e.g. text, image, voice, video, real-time communication. These capabilities are pre-requisites for the communication channel establishment. The definition of these multi- modal capabilities SHOULD be supported. Yao & Liu Expires 2 January 2026 [Page 5] Internet-Draft Agent Digital Identity Requirements July 2025 3.3.3. Service AI Agent SHOULD be able to obtain long-term or short-term service verifiable credentials from different service providers, these credentials can be used for access control purposes. The AI agent identity SHOULD support the definition of dynamic service attributes. 3.3.4. Key Credential AI Agent SHOULD be able to support transmit, share, store its digital identity in a secure way. Usually the public key credential is used to ensure the integrity of digital identity. Also the key credential can be used by the target entity of the AI agent to verify its identity information. The AI agent identity SHOULD support the usage of key credential. 3.4. Security 3.4.1. Authentication In addition to traditional user authentication, the authentication of the agent should also be considered in AI agent identity management. More AI agent authentication related considerations have been mentioned in [I-D.yao-agent-auth-considerations]. The digital identity SHOULD contain at least one corresponding credential for the unique identifier for the identification. 3.4.2. Authorization According to different scenarios, there will be three different authorization requirements, the digital identity of AI agent SHOULD support these authorization requirements. * Agent Authorization: The agent authorization is the common authorization that agent A provides authorized information from its own digital identity needed by agent B, and then agent B verifies and authorize the request. This is REQUIRED when an agent is on-behalf-of(OBO) itself or other agents. * Delegation Authorization: The agent authorization is the common authorization that Agent A provides authorized information from its user’s and own digital identity needed by Agent B, and then Agent B verifies and authorize the request. This is REQUIRED when an agent is OBO its user, itself, or other agents. Yao & Liu Expires 2 January 2026 [Page 6] Internet-Draft Agent Digital Identity Requirements July 2025 * User Authorization: The agent authorization is the common authorization that agent A provides authorized information from its user’s and own digital identity needed by agent B, and then agent B still thinks that it’s not sufficient, then agent B require agent A to help get a direct authorized information from the user to avoid risk. This is REQUIRED when an agent is OBO its user. 3.5. Discovery 3.5.1. Intra-domain * Registration: In order for a successful discovery, the AI agent SHOULD be able to register its digital identity in an intra-domain repository. So that the AI agent can be discovered by the intra- domain entities (e.g. user/other agents). 3.5.2. Inter-domain * Discovery mechanism: AI agent should be able to find needed resource (user/tool/agent) dynamically through discovery mechanism depending on identifier or attribute, from intra-/inter-domain repositories to meet its task requirements. The digital identity of AI agent should be the bearer of discovery information. * Repository Update and Synchronization: In order for a successful discovery, different AI agent repositories SHOULD be able to update the digital identity information of AI agents that can be discovered. 4. Security Considerations As discussed in previous sections, security plays a key roles in the definition of digital identity of AI agent. A comprehensive consideration of the potential impact of the various specific technologies that may be involved on the overall AI agent communication protocol is required. 5. Conclusions AI agent communication requires the participation of partners from the industry, academia, and research sectors, including terminal vendors, network service providers, cloud service suppliers, AI base model providers, and application developers. Through technical workshops, project collaboration, and innovation pilots, all parties should join efforts to make AI agent communication an essential part of AI agent economic growth in the future. Furthermore, the industry Yao & Liu Expires 2 January 2026 [Page 7] Internet-Draft Agent Digital Identity Requirements July 2025 should advance the standardization progressively to formulate globally unified standards for the AI agent communication and prosper the industry ecosystem. In summary, while AI agents have impressive autonomy and intelligence, they are ultimately tools that serve the needs of individuals or organizations. Each AI agent possesses a unique digital identity bound to the user identity they serve on the network. After AI agents are authenticated and authorized, their autonomous communication activities can be supervised, controlled, and traced on the network by the user. Also, diverse AI agents possess varying levels of sensing, decision-making, and operational capabilities. Besides autonomy, these properties can be shared with other AI agents through discovery and orchestration, facilitating task collaboration and achieving the effect of collective intelligence. Standard solutions will be required to support the management of digital identity for AI agent communications. To ensure the global interoperability between heterogeneous AI agents, a standardized AI agent communication protocol including the digital identity management needs to be introduced for the session establishment and multi-modal data transmission. It is expected that IETF could be the place to develop such standard. 6. IANA Considerations TBD. 7. Acknowledgements 8. Informative References [Digital-identity] ITU-T, "Digital Identity Roadmap Guide, D-STR- DIGITAL.01-2018-PDF-E.", n.d.. [I-D.rosenberg-ai-protocols] Rosenberg, J. and C. F. Jennings, "Framework, Use Cases and Requirements for AI Agent Protocols", Work in Progress, Internet-Draft, draft-rosenberg-ai-protocols-00, 5 May 2025, . [I-D.yao-agent-auth-considerations] Yao, K., "Further considerations on AI Agent Authentication and Authorization Based on OAuth 2.0 Extension", Work in Progress, Internet-Draft, draft-yao- Yao & Liu Expires 2 January 2026 [Page 8] Internet-Draft Agent Digital Identity Requirements July 2025 agent-auth-considerations-00, 30 June 2025, . [TR22.870] 3GPP, "Study on 6G Use Cases and Service Requirements", n.d.. Authors' Addresses Kehan Yao China Mobile Email: yaokehan@chinamobile.com Peng Liu China Mobile Email: liupengyjy@chinamobile.com Yao & Liu Expires 2 January 2026 [Page 9]