AuthN/AuthZ Architecture for the Age of Agents

Transcript

1. Copyright © 2026 Authlete, Inc. All Rights Reserved. Copyright ©

   2026 Authlete, Inc. All Rights Reserved. AuthN/AuthZ Architecture for the Age of Agents

2. Copyright © 2026 Authlete, Inc. All Rights Reserved. UCP standardizes

   how businesses connect with AI agents across the entire shopping journey, including the critical step of enabling secure digital identity and payments. In the weeks following the launch, we've received tremendous interest from hundreds of top tech companies, payments partners and retailers interested in integrating it. It’s already improving shopping experiences on Google. In fact, UCP-powered checkout is rolling out now, letting US shoppers buy items from Etsy and Wayfair, right in AI Mode in Search and the Gemini app (with Shopify, Target, and Walmart coming soon). Source: What to expect in digital advertising and commerce in 2026 https://blog.google/products/ads-commerce/digital-advertising-commerce-2026/

3. Copyright © 2026 Authlete, Inc. All Rights Reserved. Source: OpenAI

   Town Hall with Sam Altman https://www.youtube.com/live/Wpxv-8nG8ec?t=2744s -- I have a feature request for you which is sign in with my ChatGPT account. I think a lot of people would like that. We are going to do that. People ask me for it all the time. What what do you need? Do do you want people to like be able to bring their own token budget or do you want them to like bring their ChatGPT memories or all? It's so we do want to figure out how to do this. It's very scary because ChatGPT does know so much about you. If you like tell a person that you're very close to a bunch of secrets, you can be like relatively confident they'll know this exact social nuances and when they share what with who and when something overrules something else. Our models are not quite there, although they're getting like pretty good at it. I would feel uncomfortable if I connected my ChatGPT account to a bunch of sites and said, "Just use your judgment about like when to share what you know about me from all of my chat history and everything I've connected." But when we can get there, it will clearly be a cool thing to offer. And in the meantime, I think doing something just with, you know, token budgets and if I pay for the pro model, then I can use it on other services, that seems like a cool thing to do. So I think we will at least do that and we'll try to figure out a way to get the information sharing right, but like we really don't want to we really don't want to screw that up.

4. Copyright © 2026 Authlete, Inc. All Rights Reserved. • Unified

   ID: Providing services (RPs) centered around an Identity Provider (IdP) • API Integration: Providing API servers (RSs) centered around an Authorization Server (AS) Unified ID and API Integration IdP Identity Provider RP Relying Party RP Relying Party RP Relying Party RP Relying Party AS Authorization Server API Resource Server API Resource Server API Resource Server API Resource Server

5. Copyright © 2026 Authlete, Inc. All Rights Reserved. • SSO

   Using Unified ID: Eliminating or simplifying login procedures for end-users across multiple RPs • Authorization for API Integration: Centralizing the process of obtaining end-user consent and authorization for API access SSO and Authorization IdP AS RP RP RP RP API API API API API Access End User Environment Access with Unified Identity Authorize API Integration

6. Copyright © 2026 Authlete, Inc. All Rights Reserved. End User

   Environment • Independent IdPs and ASs due to business requirements and regulatory compliance • End-users must manage separate credentials for each IdP/AS and perform individual authentication for each Authn/Authz for Unified ID and API Integration IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API API Access API Access Access with Unified Identity Access with Unified Identity Authorize API Integration Authorize API Integration

7. Copyright © 2026 Authlete, Inc. All Rights Reserved. End User

   Environment • Password managers, now integrated into browsers and operating systems, enable end-users to manage login credentials for various IdPs and ASs, effectively creating a "single ID" experience • Furthermore, with support for Passkeys and OTPs, these password managers have significantly enhanced login security for end-users The Rise of Password Managers IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Access with Unified Identity Authorize API Integration Access with Unified Identity Authorize API Integration Password Manager API Access API Access

8. Copyright © 2026 Authlete, Inc. All Rights Reserved. エンド ユーザー

   環境 パスワード マネージャー • The initiative in service integration is shifting from "Service Providers" to "End-users empowered by Agents" • The Agent serves as the primary front-end for the end-user, making access to individual services indirect and mediated Shifting to Agent-Centric Integration Model IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API API Access API Access Digital Identity Wallet End User Agent Platform

9. Copyright © 2026 Authlete, Inc. All Rights Reserved. • Based

   on end-user consent (e.g., “Sign in with...”), an agent integrated with platforms such as OSs, apps, and browsers accesses identity information — including memory, context, permissions, and credentials — managed by the platform • The agent then dynamically determines which unified ID to use and which APIs to integrate with Agent-Centric Integration Identity-Aware Agent IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Digital Identity Wallet API Access API Access End User Agent Platform

10. Copyright © 2026 Authlete, Inc. All Rights Reserved. • The

    agent accesses RPs using existing "Unified ID" credentials stored within the platform • Furthermore, the agent can request the issuance of a unified ID — even from unfamiliar IdPs — by presenting Verifiable Credentials (VCs) stored in a Digital Identity Wallet Agent-Centric Integration Agents Access on Behalf of User IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Digital Identity Wallet API Access API Access End User Agent Platform

11. Copyright © 2026 Authlete, Inc. All Rights Reserved. • Based

    on MCP, the agent dynamically establishes front-channel service integration • The agent (or platform) — rather than the service provider — takes the lead in determining how services are utilized and which access authorizations (profiles) are applied Agent-Centric Integration Agent Direct Access via MCP IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Digital Identity Wallet API Access API Access End User Agent Platform

12. Copyright © 2026 Authlete, Inc. All Rights Reserved. • As

    agents enable front-channel integration, the necessity of relying solely on API-driven backend linking decreases • However, as long as data and functions require specific levels of "Confidentiality, Integrity, and Availability," back-channel integration remains essential Agent-Centric Integration Shifting Role of API Integration IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Digital Identity Wallet API Access API Access End User Agent Platform

13. Copyright © 2026 Authlete, Inc. All Rights Reserved. AuthN/AuthZ in

    the Age of Agents IdP AS RP RP RP RP IdP RP RP RP RP API API API API AS API API API API Digital Identity Wallet API Access API Access End User Agent Platform VC VC MCP MCP • As end-user interactions shift to being mediated by agents, providing an "Agent-First Interface" becomes paramount – This involves issuing and accepting "VCs" designed for easy retrieval and use by agents, as well as supporting agent-specific integration protocols and "MCP" • Since not all service integrations can be fully delegated to agents, back-channel integration remains critical for high-value data and functions – This necessitates the adoption of the high-security OAuth profile "FAPI" and the implementation of the "SSF" (Shared Signals Framework) for security event sharing FAPI / SSF

14. Copyright © 2026 Authlete, Inc. All Rights Reserved. Thank You

    www.authlete.com [email protected] Copyright © 2026 Authlete, Inc. All Rights Reserved.