AI Identity News

Skyfire, released a specialized JWT for identity and payments for AI Agents KYAPay Protocol

(Kaliya was a contributor to the white paper)

Model Context Protocol (MCP) Spec Updates from June 2025: One Small Step for a Spec, One Giant Leap for Security

Learn about the new classification of MCP servers as OAuth Resource Servers, implementing Resource Indicators to prevent token misuse, and the clearer security best practices designed to help you build more robust and secure MCP applications

Congratulations to Linux Foundation in being the host organization for A2A.

This is a major achievement and I'm very happy to see the spec move into a more neutral place.

Google Cloud donates A2A to Linux Foundation

Not familiar with Agent-to-Agent Protocol (A2A)? See below for a quick overview of what the protocol enables:

• Capability Discovery: Agents publish an “Agent Card” in JSON, so other agents (or systems) can easily learn and integrate their functions.

• Task Management: Conversations are task-oriented agents coordinate to fulfill specific end-user requests, streamlining workflows.

• Agent Communication: Agents exchange messages carrying context, responses, artifacts, or instructions, enabling rich, multi-step interactions.

• User Experience Negotiation: Each message can include “parts” (for example, a generated image or structured data), allowing dynamic UX components to be negotiated at runtime.

(OIDF) Artificial Intelligence Identity Management Community Group

This CG provides a safe space to assess use cases, modularization (role, scope, outcomes), existing and emerging AI architectures, progress CG and whitepaper recommendations, develop liaisons, and mature other AI community partners as appropriate.

(OpenID Fnd) Let’s Discuss Identity Management in AI

By co-chairs: Atul Tulshibagwale, SGNL, Tobin South, WorkOS and Stanford, and Jeff Lombardo, AWS

[overview] Identity at the Edge of Autonomy: Agentic IAM and IAM for AI Agents

There are two prominent areas (among potential many others), that could drive the future of identity and access management (IAM) in the age of Agentic AI: Agentic IAM and IAM for AI Agents. Though these may sound alike, they represent fundamentally different approaches to managing the identities, behaviors, and trust models.

Coalition for Secure AI Welcomes Palo Alto Networks and Snyk, Advances AI Security with New Publication and Workstream

The Coalition for Secure AI (CoSAI), an OASIS Open Project dedicated to advancing AI security, proudly welcomes Palo Alto Networks and Snyk as Premier Sponsors.

(Heather Flanagan) Rethinking Digital Identity: What ARE Open Standards? (inspired by all the AI identity standards activity).

“Since I wrote last week about MCP and the need for a more structured standards development process, this week I feel like diving into what it really means to build an open standard.“

• Open-ish is still better than closed

• Schrödinger’s standards, both open and closed?

Digital Public Infrastructure embraces Verifiable Credentials.

Digital Impact Alliance Has a new page to Explore Verifiable Credentials.

• They also have published a Primer

• Technical Considerations

• Feature Bhutan’s NDI

• Point to GLEIF’s vLEIs

• IATA’s Verifiable Credentials

• MOSIP’s Inji Tech Stack

User Centric Credentialing & Personal Data Sharing, CDPI White Paper

This vision paper presents a practical approach to user-centric data sharing through credentialing. It explores how verifiable credentials can make trusted data universally accessible, giving individuals control and self-custody over their personal data and digital assets while unlocking economic opportunities. It serves as a simple primer for countries seeking to improve citizens’ lives through secure and scalable data-sharing models. It also serves as a universal architecture approach for the industry to implement data credentialing to drive innovation and efficiency across various sectors.

This paper is a result of global collaboration, and brings together development partners, DPG community, standards organizations, and the private sector, anchored by the Centre for Digital Public Infrastructure (CDPI).

Inspiring

HIghlights from Katryna Dow’s EIC2025 Keynote: From Digital Identity Solutions To Digital Identity Ecosystems: What It Will Take To Achieve Scale And Interoperability

In her keynote presentation, Katryna Dow, CEO & Founder of Meeco, emphasized a fundamental shift in thinking about digital identity. Despite a decade of significant investment and innovation, we still lack common global infrastructure and cross-border interoperability. The fragmented approach of standalone solutions has created silos that simply don't support how we live and work in an increasingly borderless digital world.

The Identity Security Market: Mapping the Landscape

By Mike Neuenschwander and Jamie Lewis

Europe

The Service Gap: Europe’s International Digital Strategy 2025

"A digital Europe isn’t built from the stack up. It’s built from user needs."

– Building cables and protocols is essential, but without compelling services on top, investment won’t deliver impact.

– Growth must be service-led, solving real problems for businesses and citizens first, then scaling platforms.

– Europe must champion open ecosystems to stay competitive and resilient on the global stage.

Commentary on this Joint Communication on an International Digital Strategy for the EU

The Joint Communication lays out the following objectives of this strategy:

1. Boost the EU’s tech competitiveness through economic and business cooperation

2. Promote a high level of security for the EU and its partners

3. Shape global digital governance and standards with a network of partners

Eurostack and European Digital Sovereignty: A Foundation to Build On

This report does more than just signal intent — it outlines a structured, pragmatic roadmap for reducing Europe's reliance on non-EU technologies, while boosting homegrown innovation. As someone working at the intersection of digital rights, infrastructure and sustainability, I see many reasons to applaud this direction. But also — many opportunities to deepen it, especially by further embracing the strengths of Free and Open Source Software (FOSS).

Industry Research:

Towards the global Org eID system: defining requirements, reviewing regulations and analyzing technology choices

The need to have a global, robust and universally applicable organizational electronic identity (Org eID) has been known for a long time. Even today, however, this need is poorly addressed. Moreover, there are but a few systematic attempts at understanding and defining what Org eID is, what requirements it should satisfy, what technology choices we have today or will need in the future to implement such a system, which regulations are applicable and/or affected and how it can be anchored within the existing legal system

AI General News

Introducing CC Signals: A New Social Contract for the Age of AI

Creative Commons (CC) today announces the public kickoff of the CC signals project, a new preference signals framework designed to increase reciprocity and sustain a creative commons in the age of AI.

We invite our community to join us for a brief explanation of the CC signals framework, and then we will open the floor to you to share feedback and ask questions.

Anthropic wins a major fair use victory for AI — but it’s still in trouble for stealing books

A federal judge has sided with Anthropic in an AI copyright case, ruling that training — and only training — its AI models on legally purchased books without authors’ permission is fair use. It’s a first-of-its-kind ruling in favor of the AI industry, but it’s importantly limited specifically to physical books Anthropic purchased and digitized.

Learnings from two years of using AI tools for software engineering

1. Evolution from “autocomplete on steroids” to AI agents

2. Working with AI

3. AI’s impact on team effectiveness

Publishers facing existential threat from AI, Cloudflare CEO says

Ten years ago, Google crawled two pages for every visitor it sent to a publisher.

Today, according to Cloudflare's stats, Anthropic crawls 60,000; OpenAI crawls 1,500; Google crawls 18. That means that while people are seeing the benefit of the information publishers provide, the publishers are being cut off from much-needed ad, subscription, or donation revenue.

Can the Gulf buy its way to AI supremacy?

Middle East nations have committed $2 trillion to artificial intelligence, computer chips, and defense, chasing tech supremacy that money alone may not guarantee.

Surveillance

The High Stakes of Biometric Surveillance

"There are clear indications from oppressive governments around the world that biometrics will be used to harm human rights, regardless of their accuracy or fairness."

The New Surveillance State: Why Data Privacy Is Now Essential to Democracy

"When the government can track where you go, whom you associate with, and what you spend your money on, it [...] chills freedom of expression, undermines your freedom to travel, and destroys the fundamental privacy right that underlies American liberty."

Organizational eID efforts outlined in Detail

• Towards global Org eID

• Org Identity: mapping "analog" to digital world

• Org eID - Applying Human and Technical Trust

• efining Digital Identity for Legal Entities

Social Web

Digital Identity New Zealand: Ready…Reset…Go!

Those fortunate enough to attend Digital Public Infrastructure: The Invisible Foundation for NZ’s Digital Future in the General Assembly room in Parliament would have heard Minister Collins deliver the powerful message that “digital identity is the key to unlocking productivity in New Zealand.”

The Future of KYC and AML in Canadian Credit Unions: Privacy, Performance, and Policy Alignment

Canadian credit unions face increasing pressure to modernize KYC and AML practices while respecting member privacy and regional data laws. This article explores how edge computing and modular compliance solutions like iComply can help credit unions deliver secure, effective onboarding and continuous monitoring without driving up costs or complexity.

Standards News

Building Trust with Code: How DSR, Hedera, and LF Decentralized Trust, Are Advancing Decentralized Identity

a new plugin enabling integration between Hedera and the ACA-Py framework.

A recent LF Decentralized Trust (LFDT) webinar highlighted a significant advancement in self-sovereign identity (SSI) infrastructure: the release of a new plugin enabling integration between Hedera and the ACA-Py framework.

Scaling FAPI 2.0 to Transform Healthcare Security in Norway

The OpenID Foundation is proud to spotlight a significant achievement in secure healthcare ecosystems: the implementation of the FAPI 2.0 security profile across the entire Norwegian Health Network (NHN) via the new HelseID service. The OpenID Foundation is also very pleased to share that the NHN has decided to become a member of its community.

[PodCast[ From Red Tape to Resilience: How Regulation Shapes Supply Chains with Maggie Lyons

Maggie Lyons, Vice President of Government and Regulatory Affairs at GS1 US, joins hosts Reid Jackson and Liz Sertl to decode the changes affecting how products are made, moved, and sold, and what businesses can do to stay ahead.

Wisdom from Heather

Delegation in a Multi-Actor World: It’s Not Just OAuth Anymore

“Once upon a time, digital systems were built around a beautifully simple idea: one user, one identity, one device, one intent. That model worked, for some value of “worked.” Mostly, it was good enough to solve 80% of the use cases. As always, the remaining 20%, which is where delegation lives, will take the majority of the effort to achieve.”