{
  "protocol": {
    "id": "agent-identity-stack",
    "name": "OAIAF Five-Layer Agent Identity Stack",
    "version": "1.1",
    "description": "Complete flow through the five-layer agent identity stack: Lifecycle (SCIM), Workload Identity (SPIFFE), Agent Authentication (AAuth), Human Delegation (ID-JAG), and Authorization (AuthZEN).",
    "category": "auth",
    "references": [
      {
        "name": "SCIM Agent Resource",
        "url": "https://datatracker.ietf.org/doc/draft-wzdk-scim-agent-resource/"
      },
      {
        "name": "SPIFFE",
        "url": "https://spiffe.io/"
      },
      {
        "name": "AAuth Protocol",
        "url": "https://datatracker.ietf.org/doc/draft-hardt-oauth-aauth-protocol/"
      },
      {
        "name": "ID-JAG",
        "url": "https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/"
      },
      {
        "name": "AuthZEN",
        "url": "https://openid.net/specs/openid-authzen-authorization-api-1_0.html"
      }
    ]
  },
  "entities": [
    {
      "id": "admin",
      "name": "Enterprise Admin",
      "type": "user",
      "description": "Administrator who provisions and manages agents",
      "trust_level": "trusted",
      "protocol_roles": [
        { "protocol": "scim", "role": "client", "description": "Manages agent lifecycle" }
      ]
    },
    {
      "id": "scim_server",
      "name": "SCIM Server",
      "type": "server",
      "description": "Identity management system with SCIM Agent Resource extension",
      "trust_level": "authoritative",
      "protocol_roles": [
        { "protocol": "scim", "role": "service_provider", "description": "Stores agent registrations" }
      ]
    },
    {
      "id": "user",
      "name": "Delegating User",
      "type": "user",
      "description": "Human user who delegates authority to agent",
      "trust_level": "trusted",
      "protocol_roles": [
        { "protocol": "oauth", "role": "resource_owner", "description": "Authorizes agent delegation" }
      ]
    },
    {
      "id": "agent",
      "name": "OAIAF Agent",
      "type": "agent",
      "description": "AI agent with full identity stack integration",
      "trust_level": "semi_trusted",
      "protocol_roles": [
        { "protocol": "aauth", "role": "agent", "description": "Requests authorization" },
        { "protocol": "idjag", "role": "client", "variant": "assertion_issuer", "description": "Creates JWT assertions" },
        { "protocol": "mcp", "role": "client", "description": "Invokes tools" }
      ]
    },
    {
      "id": "spire",
      "name": "SPIRE",
      "type": "server",
      "description": "SPIFFE Runtime Environment providing workload identity",
      "trust_level": "trusted",
      "protocol_roles": [
        { "protocol": "spiffe", "role": "server", "description": "Issues X.509 SVIDs" }
      ]
    },
    {
      "id": "auth_server",
      "name": "Authorization Server",
      "type": "authorization_server",
      "description": "OAuth/AAuth server handling authentication and delegation",
      "trust_level": "authoritative",
      "protocol_roles": [
        { "protocol": "oauth", "role": "authorization_server" },
        { "protocol": "aauth", "role": "access_server", "description": "Issues agent tokens" },
        { "protocol": "idjag", "role": "token_endpoint", "description": "Exchanges assertions for tokens" }
      ]
    },
    {
      "id": "pdp",
      "name": "Policy Decision Point",
      "type": "server",
      "description": "AuthZEN-compatible PDP (Cedar, OpenFGA, etc.)",
      "trust_level": "authoritative",
      "protocol_roles": [
        { "protocol": "authzen", "role": "pdp", "description": "Evaluates authorization policies" }
      ]
    },
    {
      "id": "resource_server",
      "name": "Resource Server",
      "type": "resource_server",
      "description": "Protected enterprise resource",
      "trust_level": "trusted",
      "protocol_roles": [
        { "protocol": "oauth", "role": "resource_server" },
        { "protocol": "authzen", "role": "pep", "description": "Enforces authorization decisions" }
      ]
    }
  ],
  "phases": [
    {
      "id": "lifecycle",
      "name": "Layer 1: Lifecycle Management",
      "description": "Agent provisioning via SCIM"
    },
    {
      "id": "workload_identity",
      "name": "Layer 2: Workload Identity",
      "description": "SPIFFE identity binding"
    },
    {
      "id": "agent_auth",
      "name": "Layer 3: Agent Authentication",
      "description": "AAuth token acquisition"
    },
    {
      "id": "human_delegation",
      "name": "Layer 4: Human Delegation",
      "description": "ID-JAG delegation chain"
    },
    {
      "id": "authorization",
      "name": "Layer 5: Authorization",
      "description": "AuthZEN policy evaluation"
    }
  ],
  "flows": [
    {
      "from": "admin",
      "to": "scim_server",
      "action": "provision_agent",
      "label": "POST /Agents\n{displayName, capabilities, owner}",
      "mode": "request",
      "phase": "lifecycle",
      "description": "Admin provisions agent in enterprise identity system",
      "sequence": 1
    },
    {
      "from": "scim_server",
      "to": "admin",
      "action": "agent_created",
      "label": "201 Created\n{id, spiffeID, status: active}",
      "mode": "response",
      "phase": "lifecycle",
      "description": "SCIM server returns agent record with assigned identifiers",
      "sequence": 2
    },
    {
      "from": "agent",
      "to": "spire",
      "action": "fetch_svid",
      "label": "FetchX509SVID()",
      "mode": "request",
      "phase": "workload_identity",
      "description": "Agent requests workload identity from SPIRE",
      "sequence": 3
    },
    {
      "from": "spire",
      "to": "agent",
      "action": "svid_issued",
      "label": "X.509 SVID\nspiffe://example.com/agent/{id}",
      "mode": "response",
      "phase": "workload_identity",
      "description": "SPIRE issues SVID binding agent to infrastructure",
      "sequence": 4,
      "security": {
        "requires": ["encryption"],
        "description": "Short-lived certificate with SPIFFE ID"
      }
    },
    {
      "from": "user",
      "to": "auth_server",
      "action": "authenticate",
      "label": "OIDC Login",
      "mode": "request",
      "phase": "human_delegation",
      "description": "User authenticates to establish delegation authority",
      "sequence": 5
    },
    {
      "from": "auth_server",
      "to": "user",
      "action": "id_token",
      "label": "ID Token + Session",
      "mode": "response",
      "phase": "human_delegation",
      "description": "Auth server establishes user session",
      "sequence": 6
    },
    {
      "from": "agent",
      "to": "auth_server",
      "action": "idjag_request",
      "label": "POST /token (mTLS)\nID-JAG assertion\ndelegator={user_id}",
      "mode": "request",
      "phase": "agent_auth",
      "description": "Agent requests token with ID-JAG assertion referencing delegating user",
      "sequence": 7,
      "security": {
        "requires": ["mtls", "signature"],
        "description": "mTLS with SVID + signed JWT assertion"
      }
    },
    {
      "from": "auth_server",
      "to": "auth_server",
      "action": "validate_chain",
      "label": "Validate:\n- SVID (workload)\n- Assertion (agent)\n- Delegation (user)",
      "mode": "interactive",
      "phase": "agent_auth",
      "description": "Auth server validates complete identity chain",
      "sequence": 8
    },
    {
      "from": "auth_server",
      "to": "agent",
      "action": "composite_token",
      "label": "Access Token\n{sub: agent, act: {sub: user}, scope}",
      "mode": "response",
      "phase": "agent_auth",
      "description": "Token contains agent identity, acting-as user, and scope",
      "sequence": 9,
      "security": {
        "token": "access_token",
        "description": "Composite token with delegation chain"
      }
    },
    {
      "from": "agent",
      "to": "resource_server",
      "action": "api_request",
      "label": "POST /api/sensitive-action\nAuthorization: Bearer {token}",
      "mode": "request",
      "phase": "authorization",
      "description": "Agent attempts sensitive operation",
      "sequence": 10
    },
    {
      "from": "resource_server",
      "to": "pdp",
      "action": "authzen_request",
      "label": "POST /access/v1/evaluation\n{subject: {agent, user}, action, resource}",
      "mode": "request",
      "phase": "authorization",
      "description": "Resource server queries PDP with full context",
      "sequence": 11,
      "annotations": [
        {
          "type": "info",
          "text": "AuthZEN request includes agent, user, workload context"
        }
      ]
    },
    {
      "from": "pdp",
      "to": "pdp",
      "action": "evaluate_policy",
      "label": "Evaluate Cedar/OpenFGA Policy\n- Agent capabilities\n- User permissions\n- Resource constraints",
      "mode": "interactive",
      "phase": "authorization",
      "description": "PDP evaluates fine-grained authorization policy",
      "sequence": 12
    },
    {
      "from": "pdp",
      "to": "resource_server",
      "action": "authzen_response",
      "label": "{decision: PERMIT}",
      "mode": "response",
      "phase": "authorization",
      "description": "PDP returns authorization decision",
      "sequence": 13,
      "condition": "allowed"
    },
    {
      "from": "resource_server",
      "to": "agent",
      "action": "api_response",
      "label": "200 OK\n{result}",
      "mode": "response",
      "phase": "authorization",
      "description": "Resource server performs action and returns result",
      "sequence": 14
    }
  ],
  "metadata": {
    "tokens": [
      {
        "id": "svid",
        "name": "X.509 SVID",
        "type": "x509",
        "issuer": "spire",
        "binding": "mtls"
      },
      {
        "id": "access_token",
        "name": "Composite Access Token",
        "type": "jwt",
        "issuer": "auth_server",
        "audience": "resource_server",
        "binding": "bearer"
      }
    ],
    "networks": {
      "enterprise": {
        "name": "Enterprise Network",
        "style": "internal",
        "entities": ["admin", "user", "scim_server"]
      },
      "workload": {
        "name": "Workload Environment",
        "style": "dmz",
        "entities": ["agent", "spire"]
      },
      "infrastructure": {
        "name": "Auth Infrastructure",
        "style": "internal",
        "entities": ["auth_server", "pdp", "resource_server"]
      }
    },
    "components": [
      {
        "id": "iga",
        "name": "Identity Governance",
        "type": "iga",
        "description": "Manages agent lifecycle and compliance",
        "entities": ["scim_server"],
        "implements": [
          { "protocol": "scim", "role": "service_provider" }
        ],
        "examples": ["SailPoint", "Saviynt", "Okta IGA"]
      },
      {
        "id": "spire_infra",
        "name": "SPIFFE Infrastructure",
        "type": "spire",
        "description": "Provides workload identity via X.509 SVIDs",
        "entities": ["spire"],
        "implements": [
          { "protocol": "spiffe", "role": "server" }
        ],
        "examples": ["SPIRE", "Istio"]
      },
      {
        "id": "idp",
        "name": "Identity Provider",
        "type": "idp",
        "description": "OAuth/OIDC authorization server with AAuth and ID-JAG support",
        "entities": ["auth_server"],
        "implements": [
          { "protocol": "oauth", "role": "authorization_server" },
          { "protocol": "aauth", "role": "access_server" },
          { "protocol": "idjag", "role": "token_endpoint" }
        ],
        "examples": ["Okta", "Entra ID", "Auth0", "Keycloak"]
      },
      {
        "id": "pdp_component",
        "name": "Policy Engine",
        "type": "pdp",
        "description": "Fine-grained authorization via AuthZEN API",
        "entities": ["pdp"],
        "implements": [
          { "protocol": "authzen", "role": "pdp" }
        ],
        "examples": ["Topaz", "Cedar", "OpenFGA", "OPA"]
      },
      {
        "id": "gateway",
        "name": "API Gateway / PEP",
        "type": "gateway",
        "description": "Enforces authorization decisions on API requests",
        "entities": ["resource_server"],
        "implements": [
          { "protocol": "oauth", "role": "resource_server" },
          { "protocol": "authzen", "role": "pep" }
        ],
        "examples": ["Kong", "Envoy", "AWS API Gateway"]
      }
    ],
    "trust_relations": [
      {
        "id": "admin_scim",
        "from": "admin",
        "to": "iga",
        "type": "provisions",
        "credentials": ["api_key"],
        "description": "Admin provisions agents via SCIM API"
      },
      {
        "id": "spire_agent",
        "from": "spire_infra",
        "to": "agent",
        "type": "attests",
        "credentials": ["x509_svid"],
        "description": "SPIRE attests agent workload identity"
      },
      {
        "id": "user_idp",
        "from": "user",
        "to": "idp",
        "type": "authenticates",
        "credentials": ["id_token"],
        "description": "User authenticates to IdP"
      },
      {
        "id": "agent_idp",
        "from": "agent",
        "to": "idp",
        "type": "authenticates",
        "credentials": ["jwt_assertion", "x509_svid"],
        "description": "Agent authenticates with ID-JAG assertion over mTLS"
      },
      {
        "id": "idp_agent",
        "from": "idp",
        "to": "agent",
        "type": "issues",
        "credentials": ["access_token"],
        "description": "IdP issues composite access token"
      },
      {
        "id": "user_agent",
        "from": "user",
        "to": "agent",
        "type": "delegates",
        "description": "User delegates authority to agent"
      },
      {
        "id": "gateway_pdp",
        "from": "gateway",
        "to": "pdp_component",
        "type": "validates",
        "credentials": ["access_token"],
        "description": "Gateway queries PDP for authorization"
      },
      {
        "id": "pdp_gateway",
        "from": "pdp_component",
        "to": "gateway",
        "type": "authorizes",
        "description": "PDP returns authorization decision"
      },
      {
        "id": "idp_gateway",
        "from": "idp",
        "to": "gateway",
        "type": "trusts",
        "credentials": ["access_token"],
        "description": "Gateway trusts tokens from IdP"
      }
    ]
  }
}
