Designing and Evaluating Auditable Delegated Identity for AI Agents
| Thesis type | Master Thesis |
| Supervisor | Erwin Kupris |
| Starting date | As soon as possible |
| Skills | LaTeX, Git, Any programming language, OAuth 2.0 / OIDC basics |
| Language | English (preferred), German |
| Industry cooperation | Not possible |
| Publish date | 2026-06-03 |
Problem and context
With the rise of AI agents, digital identity systems face a new class of non-human actors. Such agents may autonomously interact with tools, APIs, data sources, and other agents in order to fulfill user-defined goals. In many scenarios, an AI agent does not act purely on its own behalf, but on behalf of a human user, an organization, or another technical system. This creates new challenges for authentication, authorization, auditability, and accountability.
Existing access management protocols such as OAuth 2.1 and OpenID Connect (OIDC) provide important building blocks for delegated access. However, many practical agentic workflows require more explicit representations of the acting entity, the delegating subject, the requested task, the available tools, and the resulting chain of responsibility. This is especially relevant when agents operate across organizational boundaries, invoke external tools, or delegate subtasks to other agents.
Current standardization and research activities show that this topic is still open. The OpenID Foundation’s whitepaper on identity management for agentic AI discusses authentication, authorization, identity, and delegation challenges in agentic systems [1]. The Decentralized Identity Foundation’s Trusted AI Agents Working Group focuses on interoperable stacks for trustworthy, privacy-preserving, and secure AI agents that act on behalf of users or systems [2]. At the same time, tool protocols such as the Model Context Protocol (MCP) are beginning to specify OAuth-based authorization patterns for agent-to-tool interactions [3].
Goals
The goal of this thesis would be to design, implement, and evaluate an auditable delegated identity model for AI agents. The thesis should investigate how an AI agent can prove both who or what it is and on whose behalf it is acting. In addition, the resulting authorization model should support least privilege, revocation, and traceable audit logs for agentic workflows.
A possible outcome would be a prototype in which an AI agent accesses protected resources through OAuth/OIDC-based authorization flows. The prototype could represent separate identity information for the human principal, the AI agent, the delegated authority, the requested scope, and the concrete tool invocation. An MCP server could be used as an example resource server to evaluate delegated access in a realistic agent-tool setting.
This thesis can focus on a number of subtopics, including, but not limited to:
- Analyzing existing standards and proposals for delegated identity in agentic AI systems
- Designing an on-behalf-of authorization model for AI agents
- Implementing a prototype using OAuth 2.1 / OIDC and an MCP-based tool server
- Evaluating how well the prototype supports least privilege, auditability, revocation, and accountability
- Investigating possible misuse cases, such as over-scoped tokens, agent impersonation, missing revocation, or unclear responsibility chains
Thesis proposals for adjacent topics are welcome. Get in touch if you have further questions.
Literature
- https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdf
- https://identity.foundation/working-groups/trusted-agents.html
- https://modelcontextprotocol.io/specification/draft/basic/authorization