There’s a better way, Kiser noted: “OAuth Token Exchange exists as a technical solution that enables proper delegated authority [in that it] proves Bob is authorized to act for Alice, not just that Bob has Alice’s password. But it’s not widely adopted.”
A related issue is that agentic systems “can now create posthumous avatars and deepfakes of deceased individuals, raising questions about consent and control,” Kiser said. “Unauthorized re-creations have already generated legal disputes, yet no frameworks exist for people to specify whether, or how, their likeness should be used after death.”
This also raises questions about how identity authentication systems today handle autonomous agents.
“Moving from delegated access, as in having credentials, to delegated authority requires work on multiple fronts. For AI specifically, even with proper delegation, how do you prove an AI avatar was authorized to exist in the first place?” Kiser asked. “There’s no legal framework for what constitutes consent, especially posthumous consent. It’s crazy murky at best.”
Developing and implementing international standards for delegated authority would help address both issues. “Building delegated authority infrastructure for AI agents would solve digital estates, too,” Kiser said. “It is the same fundamental problem.”
Read the full article here
