Open Agent Internet Architecture Framework (OAIAF)¶
An Open Standards Reference Architecture for Enterprise AI Agents
OAIAF provides a reference architecture for enterprise AI agent identity and authorization. It documents how emerging standards fit together to address the fundamental questions enterprises face when deploying autonomous AI agents.
The Five-Layer Agent Identity Stack¶
┌────────────────────────────────────────────────────────────────────────────┐
│ Layer 5: AUTHORIZATION │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ AuthZEN │ │ Cedar │ │ OpenFGA │ │
│ │ (API) │ │ (ABAC) │ │ (ReBAC) │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ │
│ "What can this agent do?" → Policy-based access control decisions │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 4: HUMAN DELEGATION │
│ ┌───────────────────────────┐ ┌──────────────────────────┐ │
│ │ OAuth 2.x │ │ ID-JAG │ │
│ │ (Authorization) │ │ (Identity Assertion) │ │
│ └───────────────────────────┘ └──────────────────────────┘ │
│ "Who delegated authority?" → Chain of authority from human to agent │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 3: AGENT AUTHENTICATION │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ AAuth │ │
│ │ (HTTP Signatures + Mission Scope) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ "Which autonomous agent is this?" → Cryptographic agent identity │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 2: WORKLOAD IDENTITY │
│ ┌───────────────────────────┐ ┌──────────────────────────┐ │
│ │ WIMSE │ │ SPIFFE │ │
│ │ (Workload Identity) │ │ (X.509 SVIDs) │ │
│ └───────────────────────────┘ └──────────────────────────┘ │
│ "Which workload hosts this agent?" → Infrastructure-level identity │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 1: LIFECYCLE MANAGEMENT │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ SCIM Agent Resource │ │
│ │ (Provisioning, Capabilities, Metadata) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ "What agents exist?" → Agent registration and capability declaration │
└────────────────────────────────────────────────────────────────────────────┘
Cross-Cutting Concerns:
┌──────────────────────────┐ ┌─────────────────────────┐ ┌─────────────────┐
│ A2A (Agent-to-Agent) │ │ MCP (Model Context) │ │ OpenTelemetry │
│ Discovery & Delegation │ │ Tool Integration │ │ Observability │
└──────────────────────────┘ └─────────────────────────┘ └─────────────────┘
| Layer | Standards | Question Answered |
|---|---|---|
| 5. Authorization | AuthZEN, Cedar, OpenFGA | What can this agent do? |
| 4. Human Delegation | OAuth 2.x, ID-JAG | Who delegated authority to this agent? |
| 3. Agent Authentication | AAuth | Which autonomous agent is this? |
| 2. Workload Identity | WIMSE, SPIFFE | Which workload/service hosts this agent? |
| 1. Lifecycle | SCIM Agent Resource | What agents exist and what are their capabilities? |
About the Name¶
Each word in Open Agent Internet Architecture Framework was chosen deliberately:
| Term | Meaning |
|---|---|
| Open | Emphasizes open standards, vendor neutrality, and interoperability—not necessarily open source |
| Agent | Clearly defines the domain as AI agents |
| Internet | Reflects that the framework is grounded in Internet standards from IETF, OpenID Foundation, W3C, Linux Foundation, and related communities |
| Architecture | Distinguishes it from AI governance, ethics, or policy-only frameworks by making it clear this is a technical reference architecture |
| Framework | Positions it alongside mature architecture frameworks like TOGAF and SABSA rather than as a single specification |
Definition of Open
Open refers to the use of open Internet standards and interoperable architectures developed by standards organizations and open industry communities. It does not imply that every implementation must be open source.
Ecosystem Position¶
OAIAF sits within a broader ecosystem of standards and tooling:
Standards Catalog Framework (SCF)
│
▼
Agent Standards Catalog (ASC)
│
▼
Open Agent Internet Architecture Framework (OAIAF)
│
▼
agent-protocols
│
▼
Generated protocol artifacts
(SCIM, AAuth, A2A, MCP, AuthZEN, etc.)
Quick Links¶
-
Architecture
Comprehensive architecture covering the five-layer identity stack
-
Protocol Flows
Detailed sequence diagrams for ID-JAG, AAuth, AIMS, and more
-
Roadmap
Planned work across the AI Standards ecosystem
Related Projects¶
| Repository | Purpose |
|---|---|
| agent-protocols | Go implementations of AAuth, ID-JAG, AIMS, SCIM Agent Resource |
| agentauth | Protocol orchestration and hybrid providers |
| PIDL | Protocol Interaction Description Language for diagrams |
Supported Protocols¶
Identity & Authentication¶
- ID-JAG - Identity Assertion Authorization Grant for automated agent authorization
- AAuth - Agent Authorization Protocol for human-in-the-loop consent
- AIMS/SPIFFE - Workload identity with X.509 SVIDs
- SCIM Agent Resource - Agent lifecycle management
Authorization¶
- AuthZEN - PEP-PDP communication API
- Cedar - ABAC policy language
- OpenFGA - ReBAC authorization service
Interoperability¶
Getting Started¶
OAIAF is primarily a documentation project. For code implementations, see:
# Protocol implementations
go get github.com/aistandardsio/agent-protocols
# Orchestration library
go get github.com/plexusone/agentauth
License¶
MIT License - see LICENSE for details.