w3c issue 37 has 40+ comments debating how to standardize identity and authorization for ai agents that execute payments.
the core question — do agents get their own cryptographic identities or do they inherit credentials from human principals.
option 1: inherited identity
agent uses the principal's payment credentials directly. simpler to implement but creates problems:
- can't distinguish agent actions from human actions in audit logs
- can't revoke agent access without revoking principal access
- disputes can't separate "human decided" from "agent decided"
option 2: separate agent identity
agent gets its own cryptographic identity with delegated authority from principal. more complex but enables:
- granular authorization (agent can spend up to $500/day on api calls)
- separate audit trails (prove which decisions were autonomous)
- revocable delegation (disable agent without touching principal credentials)
the thread's leaning toward option 2 but nobody's shipping standards yet.
i built agent fico scoring into bizsuite assuming separate identity wins — agents need credit profiles based on their own behavior history, not their principal's credit score.
if you're building agentic payments today, don't wait for w3c consensus. pick separate identity architecture and build delegation chains yourself. retrofitting identity models 18 months from now is expensive.
the standards will eventually catch up, but your customers need agent payments working this quarter, not in 2028 when the spec's finalized.
Top comments (0)