Identity Before Capability: The Agent-Authorization Stack Quietly Restructuring Agentic AI by 2028
Beneath the agentic-AI capability narrative, NIST's February 2026 AI Agent Standards Initiative, the NCCoE identity-and-authorization concept paper, OpenID Foundation's NIST response, and Okta and Microsoft Entra agent-ID releases are converging into the rails that decide which agents act on whose behalf — a 2026-2028 inflection for IAM, vendor selection and liability.
The consensus on AI and automation is that 2026 is the year agentic AI moves from demo to deployment, with frontier capability, longer context windows and tool integrations the things that matter. Beneath this sits a less obvious shift: the rapid formation of an "agent identity and authorization" stack — NIST's Center for AI Standards and Innovation, an NCCoE concept paper, OpenID Foundation submissions to federal RFIs, IETF OAuth drafts, and the pivot of dominant IAM vendors to treat agents as first-class non-human identities. These rails will determine which agents are permitted to act on whose behalf, with what audit trail. The board question is no longer "can our agents do X?" but "will our agents be allowed to do X?"
Signal Identification
A regulatory and standards pivot in early formation: the emergence of a sovereign-and-industry-led identity and authorization layer for autonomous AI agents. The signal is the convergence of US federal standards, open identity bodies and IAM vendors around a common framing — agents as identities, with delegation chains, scope-limited tokens and revocable authority — in a six-month window.
What's Changing
The architecture is being formalised faster than enterprises notice. The (NIST Center for AI Standards and Innovation, 17/02/2026) launched the AI Agent Standards Initiative around three pillars: industry-led standards, open-source protocols, and federal research on agent security and identity. Two weeks earlier, the (NIST NCCoE concept paper, 05/02/2026) invited input on applying identity standards to AI agents in enterprise settings; comments closed 02/04/2026, with a practice guide to follow. The (OpenID Foundation formally responded, 11/03/2026), framing the core problem as "not the technology, it's the trust" and calling for a trust fabric of verifiable credentials, constrained authority and traceable accountability.
Adoption signals confirm the gap. (Deloitte's State of AI in the Enterprise 2026, 24/04/2026), surveying 3,235 leaders across 24 countries, finds 74% expect at least "moderate" agent use by 2027 yet only 21% report a mature governance model; roughly 80% lack mature agentic-governance capabilities including bounded decision rights, real-time monitoring and audit trails. The (Cloud Security Alliance research note, 16/04/2026) documents that sector concerns from CAISI's April listening sessions in healthcare, finance and education are feeding proposed Cybersecurity Overlays for AI Systems (COSAiS).
The market is moving before the standards finish. (Okta's blueprint for the secure agentic enterprise, 16/03/2026), with Okta for AI Agents generally available 30/04/2026, treats AI agents as first-class identities; it cites data that 88% of organisations report suspected or confirmed AI agent security incidents while only 22% treat agents as identity-bearing entities. (CIO's analysis of Model Context Protocol, 24/02/2026) reports fewer than 4% of MCP-related RSA 2026 submissions frame the protocol as opportunity rather than exposure — over-permissioning, tool impersonation, authentication bypass — moving governance to the protocol layer.
Disruption Pathway
Stage one (2026-2027): NCCoE practice guides, IETF specifications (OAuth 2.1, WIMSE, Identity Assertion Authorization Grant) and OpenID for Agents mature into reference implementations; major IAM vendors operationalise agent registry, scope-token vaulting and universal logout. Stage two (2027-2028): enterprise procurement requires agent-identity attestation, agent-registry inventories and identity-bearing audit logs as compliance baseline; the EU AI Act high-risk implementing acts incorporate equivalent requirements via ENISA and the EU AI Office; finance and healthcare regulators cite the standards in supervisory guidance. Stage three (2028-2030): the agent-identity layer becomes the binding determinant of which AI agents can transact with which counterparties, restructuring vendor lock-in, agent-platform economics and liability allocation.
Stresses concentrate at three points: agent-platform vendors face a forced choice between adopting open identity standards (losing lock-in) or building closed walled gardens (losing enterprise procurement); enterprise IAM teams absorb an unbudgeted workload, registering shadow agents as identities and running a credential lifecycle for non-human actors that may outnumber human staff within 18 months; compliance teams need attestable audit trails tied to delegated-authority chains, where most agents today run on shared service accounts. Two adaptations follow: operational — IAM stacks add agent registry, scope-token gateways and kill-switch as standard features; regulatory — financial and healthcare supervisors import the NIST framing into rule-making.
Why This Matters
For CIOs and CISOs, agent identity is the binding constraint on agent deployment velocity, with procurement the leading edge. For boards, IAM modernisation tied to agentic AI is the unobvious capex line likely to outpace 2026-2027 forecasts. For legal and risk committees, liability allocation now depends on whether the organisation can attest to the identity, scope and authority of every agent acting on its behalf. For agent-platform vendors, the choice is to embrace the open stack or lose the enterprise market to IAM-anchored incumbents.
Decision-action posture for this signal: Prepare — standards are in active formation and IAM-vendor product is shipping, but the 2027-2028 procurement and compliance inflection is too close to monitor passively and too early to commit hard product or contract architecture.
Counter-Argument
The strongest objection is that this is a familiar standards race that will fragment rather than converge. The (CSA listening-session note, 16/04/2026) flags sector-specific divergence; AWS, Google and Microsoft are anchoring proprietary agent-identity surfaces inside their platforms; IETF OAuth, OpenID, FIDO and W3C have overlapping drafts. The layer could end up like the WS-* generation — a graveyard of competing standards enterprises route around with proprietary glue.
This understates two forcing functions. EU AI Act implementing acts and sector supervisor guidance need a citable identity-and-authorization baseline by 2027-2028, forcing convergence even where specifications differ at the margin. IAM-vendor economics point the same way: customers want to buy the layer once, not three times. Fragmentation slows the timeline by 12-18 months without changing the outcome.
Implications
The signal catalyses durable change in the enterprise AI stack. The (NCCoE concept paper, 05/02/2026) reframes agent governance from a model-quality problem into an identity-and-authorization problem — a reframing that carries across regulators, IAM vendors and procurement and does not reverse on a slowdown in model capability. The agent-identity layer becomes the addressable market for IAM incumbents (Okta, Microsoft Entra, CyberArk, Ping) and a disqualifying constraint for agent-platform vendors that resist it. The competitive geography of agentic AI is being set not by who has the best model, but by who controls the rails that decide whose model is allowed to act.
Early Indicators to Monitor
- NCCoE publishes a draft practice guide on agent identity and authorization with named reference implementations by Q4 2026.
- A major US financial regulator (Fed, OCC, FCA) cites NIST agent-identity work in supervisory guidance by mid-2027.
- ENISA or the EU AI Office publishes implementation guidance referencing OpenID or IETF agent-identity standards before end-2026.
- A Fortune-500 procurement RFP names agent-identity attestation and identity-bearing audit logs as compliance baseline.
- An agent-platform vendor (OpenAI, Anthropic, Google) commits to native OAuth or WIMSE agent-credential support in production by H2 2026.
Disconfirming Signals
- AWS, Google and Microsoft launch incompatible proprietary agent-identity stacks and procurement accepts the fragmentation.
- NIST CAISI concludes its listening-session cycle with no published agent-identity practice guide by Q1 2027.
- Sector regulators (Fed, FCA, BaFin, FDA) explicitly defer agent-identity guidance, waiting for industry convergence.
- Enterprise IAM budgets for agent identity remain a sub-1% line through 2027, signalling shared-service-account governance.
- IETF OAuth and OpenID Foundation agent-identity drafts stall beyond 2027 without standards-track progress.
Strategic Questions
- Standardise on one IAM vendor's agent-identity stack now, or wait for cross-vendor interoperability in 2027?
- When does delegated-authority attestation move from procurement nice-to-have to binding compliance — H2 2027 or H1 2028?
- At what agent inventory does running on shared service accounts become an attestable governance failure?
- Which board owns liability when an autonomous agent's identity, scope and delegation chain cannot be reconstructed?
Keywords
AI agent identity; agent authorization; NIST AI Agent Standards Initiative; NCCoE; OpenID Foundation; Model Context Protocol; OAuth 2.1; WIMSE; agentic AI governance; non-human identity; IAM modernisation; agent registry
Bibliography
- Tier 1 Announcing the AI Agent Standards Initiative. NIST CAISI (17/02/2026).
- Tier 1 Accelerating the Adoption of Software and AI Agent Identity and Authorization (concept paper). NIST NCCoE (05/02/2026).
- Tier 2 OIDF responds to NIST on AI agent security. OpenID Foundation (11/03/2026).
- Tier 2 NIST AI Agent Standards: Listening Sessions and Emerging Controls. Cloud Security Alliance Labs (16/04/2026).
- Tier 2 AI agents scaling faster than guardrails (State of AI 2026). Deloitte Insights (24/04/2026).
- Tier 3 Why Model Context Protocol is suddenly on every executive agenda. CIO (24/02/2026).
- Tier 4 Blueprint for the secure agentic enterprise (Okta for AI Agents GA 30/04/2026). Okta (16/03/2026).