Need Agent-to-Agent Identity Propagation
Identity and authorization tokens must be properly propagated when AI agents call other agents or services in multi-hop scenarios.
Take Control Of Your Signals — Become a Naftiko Design Partner Today!
Persona Story:
Morgan, the security & compliance lead, needs to ensure that identity and authorization tokens are properly propagated when AI agents call other agents or services on behalf of users.
Problem Context
- AI agents are making calls to other agents and services in multi-hop scenarios
- Existing identity providers (Entra, Okta) weren’t designed for agent-to-agent authorization
- “On Behalf Of” (OBO) token patterns need to work across agent chains
- Both human-controlled and machine-to-machine agent interactions must be auditable
Problem Impact
- Major security and compliance risk from unclear identity propagation
- Unable to audit who (or what) authorized specific agent actions
- Difficulty integrating with enterprise IDPs for agent scenarios
- Risk of privilege escalation or unauthorized access in agent chains
Naftiko Today
- External bindings for secrets, tokens, and environment variables keep credentials centrally managed rather than embedded in agent code
- Auth support (Bearer tokens, API keys, header injection, secret binding) provides a consistent authentication layer for all API consumption
- Capability specs declare auth requirements explicitly in YAML, making identity configuration auditable and reviewable
- MCP exposure layer mediates between agents and upstream APIs, providing a controlled boundary where auth can be enforced
Naftiko Tomorrow
- MCP auth support (May 2026) would enable proper identity propagation for agent-to-agent communication through the MCP protocol
- A2A (Agent-to-Agent) adapter (May 2026) would directly address multi-hop agent identity propagation scenarios
- Enterprise security with Keycloak and OpenFGA integration (Dec 2026) would provide IDP-backed authorization and fine-grained access control for agent chains
- API token refresh (May 2026) would handle automated credential lifecycle management in long-running agent-to-agent flows