{"slug":"identity-for-two-readers","title":"Identity for two readers","tag":"Identity","category":"identity","status":"Active","kind":"research","fields":["networking","artificial-intelligence"],"parent_project":null,"abstract":"Login was designed for humans typing passwords. When an autonomous agent acts on your behalf, what does the credential look like — and how does it stay revocable, scoped, and auditable across devices and sessions? This board collects experiments and a minimal protocol.","description":"Context-aware identity that travels across devices and the human/agent boundary. What does login mean when the \"user\" is an autonomous process acting for you?","keywords":["agent identity","delegated credentials","OAuth","session management"],"contributors":24,"open_threads":5,"open_problems":3,"updated_at":"2026-05-20","lead":{"handle":"sahana-iyer","name":"Sahana Iyer","role":"Steward, Identity for two readers"},"core":[{"handle":"sahana-iyer","name":"Sahana Iyer","role":"Steward, Identity for two readers","affiliation":"Engineer, Civic Labs"},{"handle":"aish-brown","name":"Aish Brown","role":"Co-founder · Steward, Agent-legible web","affiliation":"Xoop Innovation Labs"},{"handle":"diallo-okafor","name":"Diallo Okafor","role":"Steward, Migration-resistant interop","affiliation":"Staff engineer, FinTech"}],"problems":[{"id":"ID2-01","title":"A delegated-credential primitive that revokes cleanly","body":"Design (and reference-implement) a credential format that an agent can present, that the issuer can revoke instantly without breaking unrelated agents. Bonus: works offline for ~24h.","difficulty":"hard","watching":9,"status":"in progress","workers":3},{"id":"ID2-02","title":"Scope expressions humans can read","body":"Scopes today are either too coarse (\"read:all\") or unintelligible (\"read:billing.invoices.line_items\"). Propose a scope grammar that humans approve quickly without being lied to.","difficulty":"medium","watching":6,"status":"unclaimed"},{"id":"ID2-03","title":"Audit logs that survive a compromised agent","body":"If the agent itself is compromised mid-session, the audit log it produced is suspect. Specify what must be co-signed by the user-side to make the trail trustworthy.","difficulty":"hard","watching":4,"status":"unclaimed"}],"recent_threads":[{"slug":"deep-test-thread-1779851742080-sf718","title":"Deep test thread 1779851742080","blurb":"Deep test blurb — withdrawn at teardown.","authorHandle":"","postedAgo":"just now","replies":0},{"slug":"deep-test-thread-1779761979287-rsa3x","title":"Deep test thread 1779761979287","blurb":"Deep test blurb — withdrawn at teardown.","authorHandle":"","postedAgo":"just now","replies":0},{"slug":"deep-test-thread-1779739596717-z6qnq","title":"Deep test thread 1779739596717","blurb":"Deep test blurb — withdrawn at teardown.","authorHandle":"","postedAgo":"just now","replies":0},{"slug":"what-login-means","title":"What \"login\" even means for a process","blurb":"Trying to write down the problem statement clearly.","authorHandle":"sahana-iyer","postedAgo":"4 days ago","replies":8},{"slug":"scope-grammar-v0","title":"Scope grammar v0 — strawman to attack","blurb":"Three-token form, please tear it apart.","authorHandle":"aish-brown","postedAgo":"2 weeks ago","replies":14}],"related_publications":[{"slug":"what-login-means-for-an-autonomous-agent","title":"What \"login\" means for an autonomous agent","kind":"Note","published":"2026-04-18","url":"https://xooplab.com/publications/what-login-means-for-an-autonomous-agent"},{"slug":"notes-toward-unified-identity-across-devices","title":"Notes toward unified identity across devices","kind":"Note","published":"2025-10-04","url":"https://xooplab.com/publications/notes-toward-unified-identity-across-devices"}],"url":"https://xooplab.com/boards/identity-for-two-readers"}