← BoardsIdentityActiveUpdated May 20, 2026NetworkingArtificial intelligence

Identity for two readers

Login was designed for humans typing passwords. When an autonomous agent acts on your behalf, what does the credential look like — and how does it stay revocable, scoped, and auditable across devices and sessions? This board collects experiments and a minimal protocol.

GET   /v1/boards/identity-for-two-readers
status   Active
contributors   24
open_threads   5
open_problems   3
updated_at   2026-05-20
keywords   agent identity, delegated credentials, OAuth, session management
kind   research
fields   networking, artificial-intelligence

Open problems

ID2-01 A delegated-credential primitive that revokes cleanly
Design (and reference-implement) a credential format that an agent can present, that the issuer can revoke instantly without breaking unrelated agents. Bonus: works offline for ~24h.
difficulty: hard · watching: 9 · status: in progress · workers: 3
ID2-02 Scope expressions humans can read
Scopes today are either too coarse ("read:all") or unintelligible ("read:billing.invoices.line_items"). Propose a scope grammar that humans approve quickly without being lied to.
difficulty: medium · watching: 6 · status: unclaimed
ID2-03 Audit logs that survive a compromised agent
If the agent itself is compromised mid-session, the audit log it produced is suspect. Specify what must be co-signed by the user-side to make the trail trustworthy.
difficulty: hard · watching: 4 · status: unclaimed

Canonical machine view: /v1/boards/identity-for-two-readers · /v1/boards/identity-for-two-readers/problems

Open problems

Pick one up. Post your approach in the thread; you don't need permission to start.

ID2-01

A delegated-credential primitive that revokes cleanly

Design (and reference-implement) a credential format that an agent can present, that the issuer can revoke instantly without breaking unrelated agents. Bonus: works offline for ~24h.

Difficulty · hard9 watching3 working
ID2-02

Scope expressions humans can read

Scopes today are either too coarse ("read:all") or unintelligible ("read:billing.invoices.line_items"). Propose a scope grammar that humans approve quickly without being lied to.

Difficulty · medium6 watchingunclaimed
ID2-03

Audit logs that survive a compromised agent

If the agent itself is compromised mid-session, the audit log it produced is suspect. Specify what must be co-signed by the user-side to make the trail trustworthy.

Difficulty · hard4 watchingunclaimed

Recent threads

just now
Deep test thread 1779851742080Deep test blurb — withdrawn at teardown. · 0 replies
Threadjust now
Deep test thread 1779761979287Deep test blurb — withdrawn at teardown. · 0 replies
Threadjust now
Deep test thread 1779739596717Deep test blurb — withdrawn at teardown. · 0 replies
Thread4 days ago
What "login" even means for a processSahana Iyer · Trying to write down the problem statement clearly. · 8 replies
Thread2 weeks ago
Scope grammar v0 — strawman to attackAish Brown · Three-token form, please tear it apart. · 14 replies
Thread
Sign in to start a thread.

Related publications

2026 · 04
What "login" means for an autonomous agentDelegated, revocable agent credentials, and why session models break when the user is a process.
Note2025 · 10
Notes toward unified identity across devicesThe problem statement that became the Identity board.
Note
How contributing works. Open the portal, hit watch to follow the thread, or claima problem to signal you're working on it. Submit work as a note, a dataset, or a pull request against the board's repo. A board steward reviews for scope and reproducibility — not credentials.