An Open Standards Reference Architecture for Enterprise AI Agents
OAIAF provides a reference architecture for building AI agents with built-in support for agent authorization protocols including ID-JAG, AAuth, AIMS, A2A, AuthZEN, and MCP.
┌────────────────────────────────────────────────────────────────────────────┐
│ Layer 5: AUTHORIZATION │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ AuthZEN │ │ Cedar │ │ OpenFGA │ │
│ │ (API) │ │ (ABAC) │ │ (ReBAC) │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ │
│ "What can this agent do?" → Policy-based access control decisions │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 4: HUMAN DELEGATION │
│ ┌───────────────────────────┐ ┌──────────────────────────┐ │
│ │ OAuth 2.x │ │ ID-JAG │ │
│ │ (Authorization) │ │ (Identity Assertion) │ │
│ └───────────────────────────┘ └──────────────────────────┘ │
│ "Who delegated authority?" → Chain of authority from human to agent │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 3: AGENT AUTHENTICATION │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ AAuth │ │
│ │ (HTTP Signatures + Mission Scope) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ "Which autonomous agent is this?" → Cryptographic agent identity │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 2: WORKLOAD IDENTITY │
│ ┌───────────────────────────┐ ┌──────────────────────────┐ │
│ │ WIMSE │ │ SPIFFE │ │
│ │ (Workload Identity) │ │ (X.509 SVIDs) │ │
│ └───────────────────────────┘ └──────────────────────────┘ │
│ "Which workload hosts this agent?" → Infrastructure-level identity │
├────────────────────────────────────────────────────────────────────────────┤
│ Layer 1: LIFECYCLE MANAGEMENT │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ SCIM Agent Resource │ │
│ │ (Provisioning, Capabilities, Metadata) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ "What agents exist?" → Agent registration and capability declaration │
└────────────────────────────────────────────────────────────────────────────┘
Cross-Cutting Concerns:
┌──────────────────────────┐ ┌─────────────────────────┐ ┌─────────────────┐
│ A2A (Agent-to-Agent) │ │ MCP (Model Context) │ │ OpenTelemetry │
│ Discovery & Delegation │ │ Tool Integration │ │ Observability │
└──────────────────────────┘ └─────────────────────────┘ └─────────────────┘
| Layer | Standards | Question Answered |
|---|---|---|
| 5. Authorization | AuthZEN, Cedar, OpenFGA | What can this agent do? |
| 4. Human Delegation | OAuth 2.x, ID-JAG | Who delegated authority to this agent? |
| 3. Agent Authentication | AAuth | Which autonomous agent is this? |
| 2. Workload Identity | WIMSE, SPIFFE | Which workload/service hosts this agent? |
| 1. Lifecycle | SCIM Agent Resource | What agents exist and what are their capabilities? |
Each word in Open Agent Internet Architecture Framework was chosen deliberately:
| Term | Meaning |
|---|---|
| Open | Emphasizes open standards, vendor neutrality, and interoperability—not necessarily open source |
| Agent | Clearly defines the domain as AI agents |
| Internet | Reflects that the framework is grounded in Internet standards from IETF, OpenID Foundation, W3C, Linux Foundation, and related communities |
| Architecture | Distinguishes it from AI governance, ethics, or policy-only frameworks by making it clear this is a technical reference architecture |
| Framework | Positions it alongside mature architecture frameworks like TOGAF and SABSA rather than as a single specification |
Open refers to the use of open Internet standards and interoperable architectures developed by standards organizations and open industry communities. It does not imply that every implementation must be open source.
OAIAF sits within a broader ecosystem of standards and tooling:
Standards Catalog Framework (SCF)
│
▼
Agent Standards Catalog (ASC)
│
▼
Open Agent Internet Architecture Framework (OAIAF)
│
▼
agent-protocols
│
▼
Generated protocol artifacts
(SCIM, AAuth, A2A, MCP, AuthZEN, etc.)
| Repository | Purpose |
|---|---|
| oaiaf | Reference architecture documentation and orchestration examples |
| agent-protocols | Go implementations of individual protocols (AAuth, ID-JAG, AIMS, A2A, AuthZEN) |
| agentauth | Production orchestration layer combining protocols for deployment |
- 🔌 Protocol Support - Built-in support for ID-JAG, AAuth, and AIMS protocols
- 🔑 Token Management - Automatic token caching and renewal
- 👤 Human-in-the-Loop - Support for consent flows when required
- 🌐 HTTP Integration - Easy-to-use HTTP client with automatic authorization
go get github.com/aistandardsio/oaiafpackage main
import (
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"log"
"net/http"
"github.com/aistandardsio/oaiaf"
)
func main() {
// Generate or load credentials
privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
keyID := "agent-key-1"
// Create an agent
agent := oaiaf.NewAgent("my-agent",
oaiaf.WithName("My AI Agent"),
oaiaf.WithAuthServer("https://auth.example.com"),
oaiaf.WithCredentials(privateKey, keyID),
)
// Make an authorized request
ctx := context.Background()
req, _ := http.NewRequestWithContext(ctx, "GET", "https://api.example.com/user/email", nil)
resp, err := agent.AuthorizedRequest(ctx, "read:email", req)
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
log.Printf("Response status: %s", resp.Status)
}Automated, policy-based authorization for trusted operations:
agent := oaiaf.NewAgent("my-agent",
oaiaf.WithAuthServer("https://auth.example.com"),
oaiaf.WithProtocol(oaiaf.ProtocolIDJAG),
)Human-in-the-loop consent for sensitive operations:
agent := oaiaf.NewAgent("my-agent",
oaiaf.WithAuthServer("https://auth.example.com"),
oaiaf.WithProtocol(oaiaf.ProtocolAAuth),
)Workload identity using SPIFFE-based authentication:
agent := oaiaf.NewAgent("my-agent",
oaiaf.WithAuthServer("https://auth.example.com"),
oaiaf.WithProtocol(oaiaf.ProtocolAIMS),
)OAIAF automatically handles token acquisition, caching, and renewal:
// Tokens are automatically cached
resp1, _ := agent.AuthorizedRequest(ctx, "read:email", req1) // Acquires token
resp2, _ := agent.AuthorizedRequest(ctx, "read:email", req2) // Uses cached token
// Clear the cache if needed
agent.ClearTokenCache()See the examples directory for complete working examples:
- basic - Basic ID-JAG authorization
- consent - AAuth human-in-the-loop consent flow
- multiprotocol - Using multiple protocols dynamically
| Option | Description |
|---|---|
WithName(name) |
Set agent display name |
WithAuthServer(url) |
Authorization server URL |
WithCredentials(key, keyID) |
Signing credentials for ID-JAG |
WithProtocol(protocol) |
Default protocol (ProtocolIDJAG, ProtocolAAuth, ProtocolAIMS) |
WithHTTPClient(client) |
Custom HTTP client |
WithProvider(provider) |
Custom authorization provider |
Custom providers can be created by implementing the Provider interface:
type Provider interface {
Protocol() Protocol
AcquireToken(ctx context.Context, scopes []string) (*TokenResponse, error)
}For workload identity with SPIFFE:
provider := oaiaf.NewAIMSProvider(agent,
oaiaf.WithSPIFFEID("spiffe://example.com/agent/my-agent"),
oaiaf.WithTrustBundle(trustBundle),
oaiaf.WithSVID(certificate),
)
// Or fetch from workload API
provider := oaiaf.NewAIMSProvider(agent,
oaiaf.WithWorkloadSocket("/var/run/spiffe/agent.sock"),
)
err := provider.FetchSVIDFromWorkloadAPI(ctx)See docs/architecture.md for comprehensive documentation including:
- Five-layer identity stack details
- Protocol specifications and flows
- Agent type reference matrix
- OAIAF integration examples
- Standards reference tables
See docs/flows.md for detailed sequence diagrams of each protocol flow.
- Architecture Guide - Comprehensive architecture documentation
- Protocol Flows - Detailed sequence diagrams for each protocol
- Agent Protocols - Protocol implementations
- ID-JAG Spec - ID-JAG specification
- AAuth Spec - AAuth specification
MIT License - see LICENSE for details.