Skip to content

aistandardsio/oaiaf

Repository files navigation

Open Agent Internet Architecture Framework (OAIAF)

An Open Standards Reference Architecture for Enterprise AI Agents

Go CI Go Lint Go SAST Go Report Card Docs Docs Visualization License

OAIAF provides a reference architecture for building AI agents with built-in support for agent authorization protocols including ID-JAG, AAuth, AIMS, A2A, AuthZEN, and MCP.

The Five-Layer Agent Identity Stack

┌────────────────────────────────────────────────────────────────────────────┐
│  Layer 5: AUTHORIZATION                                                    │
│  ┌───────────────┐  ┌───────────────┐  ┌───────────────┐                   │
│  │   AuthZEN     │  │    Cedar      │  │   OpenFGA     │                   │
│  │   (API)       │  │   (ABAC)      │  │   (ReBAC)     │                   │
│  └───────────────┘  └───────────────┘  └───────────────┘                   │
│  "What can this agent do?" → Policy-based access control decisions         │
├────────────────────────────────────────────────────────────────────────────┤
│  Layer 4: HUMAN DELEGATION                                                 │
│  ┌───────────────────────────┐  ┌──────────────────────────┐               │
│  │      OAuth 2.x            │  │        ID-JAG            │               │
│  │   (Authorization)         │  │  (Identity Assertion)    │               │
│  └───────────────────────────┘  └──────────────────────────┘               │
│  "Who delegated authority?" → Chain of authority from human to agent       │
├────────────────────────────────────────────────────────────────────────────┤
│  Layer 3: AGENT AUTHENTICATION                                             │
│  ┌─────────────────────────────────────────────────────────┐               │
│  │                        AAuth                            │               │
│  │            (HTTP Signatures + Mission Scope)            │               │
│  └─────────────────────────────────────────────────────────┘               │
│  "Which autonomous agent is this?" → Cryptographic agent identity          │
├────────────────────────────────────────────────────────────────────────────┤
│  Layer 2: WORKLOAD IDENTITY                                                │
│  ┌───────────────────────────┐  ┌──────────────────────────┐               │
│  │         WIMSE             │  │        SPIFFE            │               │
│  │    (Workload Identity)    │  │    (X.509 SVIDs)         │               │
│  └───────────────────────────┘  └──────────────────────────┘               │
│  "Which workload hosts this agent?" → Infrastructure-level identity        │
├────────────────────────────────────────────────────────────────────────────┤
│  Layer 1: LIFECYCLE MANAGEMENT                                             │
│  ┌─────────────────────────────────────────────────────────┐               │
│  │                  SCIM Agent Resource                    │               │
│  │          (Provisioning, Capabilities, Metadata)         │               │
│  └─────────────────────────────────────────────────────────┘               │
│  "What agents exist?" → Agent registration and capability declaration      │
└────────────────────────────────────────────────────────────────────────────┘

Cross-Cutting Concerns:
┌──────────────────────────┐  ┌─────────────────────────┐  ┌─────────────────┐
│  A2A (Agent-to-Agent)    │  │  MCP (Model Context)    │  │  OpenTelemetry  │
│  Discovery & Delegation  │  │  Tool Integration       │  │  Observability  │
└──────────────────────────┘  └─────────────────────────┘  └─────────────────┘
Layer Standards Question Answered
5. Authorization AuthZEN, Cedar, OpenFGA What can this agent do?
4. Human Delegation OAuth 2.x, ID-JAG Who delegated authority to this agent?
3. Agent Authentication AAuth Which autonomous agent is this?
2. Workload Identity WIMSE, SPIFFE Which workload/service hosts this agent?
1. Lifecycle SCIM Agent Resource What agents exist and what are their capabilities?

About the Name

Each word in Open Agent Internet Architecture Framework was chosen deliberately:

Term Meaning
Open Emphasizes open standards, vendor neutrality, and interoperability—not necessarily open source
Agent Clearly defines the domain as AI agents
Internet Reflects that the framework is grounded in Internet standards from IETF, OpenID Foundation, W3C, Linux Foundation, and related communities
Architecture Distinguishes it from AI governance, ethics, or policy-only frameworks by making it clear this is a technical reference architecture
Framework Positions it alongside mature architecture frameworks like TOGAF and SABSA rather than as a single specification

Open refers to the use of open Internet standards and interoperable architectures developed by standards organizations and open industry communities. It does not imply that every implementation must be open source.

Ecosystem Position

OAIAF sits within a broader ecosystem of standards and tooling:

Standards Catalog Framework (SCF)
        │
        ▼
Agent Standards Catalog (ASC)
        │
        ▼
Open Agent Internet Architecture Framework (OAIAF)
        │
        ▼
agent-protocols
        │
        ▼
Generated protocol artifacts
(SCIM, AAuth, A2A, MCP, AuthZEN, etc.)
Repository Purpose
oaiaf Reference architecture documentation and orchestration examples
agent-protocols Go implementations of individual protocols (AAuth, ID-JAG, AIMS, A2A, AuthZEN)
agentauth Production orchestration layer combining protocols for deployment

Features

  • 🔌 Protocol Support - Built-in support for ID-JAG, AAuth, and AIMS protocols
  • 🔑 Token Management - Automatic token caching and renewal
  • 👤 Human-in-the-Loop - Support for consent flows when required
  • 🌐 HTTP Integration - Easy-to-use HTTP client with automatic authorization

Installation

go get github.com/aistandardsio/oaiaf

Quick Start

package main

import (
    "context"
    "crypto/ecdsa"
    "crypto/elliptic"
    "crypto/rand"
    "log"
    "net/http"

    "github.com/aistandardsio/oaiaf"
)

func main() {
    // Generate or load credentials
    privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    keyID := "agent-key-1"

    // Create an agent
    agent := oaiaf.NewAgent("my-agent",
        oaiaf.WithName("My AI Agent"),
        oaiaf.WithAuthServer("https://auth.example.com"),
        oaiaf.WithCredentials(privateKey, keyID),
    )

    // Make an authorized request
    ctx := context.Background()
    req, _ := http.NewRequestWithContext(ctx, "GET", "https://api.example.com/user/email", nil)

    resp, err := agent.AuthorizedRequest(ctx, "read:email", req)
    if err != nil {
        log.Fatal(err)
    }
    defer resp.Body.Close()

    log.Printf("Response status: %s", resp.Status)
}

Supported Protocols

ID-JAG (Identity Assertion Authorization Grant)

Automated, policy-based authorization for trusted operations:

agent := oaiaf.NewAgent("my-agent",
    oaiaf.WithAuthServer("https://auth.example.com"),
    oaiaf.WithProtocol(oaiaf.ProtocolIDJAG),
)

AAuth (Agent Authorization)

Human-in-the-loop consent for sensitive operations:

agent := oaiaf.NewAgent("my-agent",
    oaiaf.WithAuthServer("https://auth.example.com"),
    oaiaf.WithProtocol(oaiaf.ProtocolAAuth),
)

AIMS (Agent Identity and Messaging System)

Workload identity using SPIFFE-based authentication:

agent := oaiaf.NewAgent("my-agent",
    oaiaf.WithAuthServer("https://auth.example.com"),
    oaiaf.WithProtocol(oaiaf.ProtocolAIMS),
)

Token Management

OAIAF automatically handles token acquisition, caching, and renewal:

// Tokens are automatically cached
resp1, _ := agent.AuthorizedRequest(ctx, "read:email", req1)  // Acquires token
resp2, _ := agent.AuthorizedRequest(ctx, "read:email", req2)  // Uses cached token

// Clear the cache if needed
agent.ClearTokenCache()

Examples

See the examples directory for complete working examples:

  • basic - Basic ID-JAG authorization
  • consent - AAuth human-in-the-loop consent flow
  • multiprotocol - Using multiple protocols dynamically

API Reference

Agent Options

Option Description
WithName(name) Set agent display name
WithAuthServer(url) Authorization server URL
WithCredentials(key, keyID) Signing credentials for ID-JAG
WithProtocol(protocol) Default protocol (ProtocolIDJAG, ProtocolAAuth, ProtocolAIMS)
WithHTTPClient(client) Custom HTTP client
WithProvider(provider) Custom authorization provider

Provider Interface

Custom providers can be created by implementing the Provider interface:

type Provider interface {
    Protocol() Protocol
    AcquireToken(ctx context.Context, scopes []string) (*TokenResponse, error)
}

AIMS/SPIFFE Configuration

For workload identity with SPIFFE:

provider := oaiaf.NewAIMSProvider(agent,
    oaiaf.WithSPIFFEID("spiffe://example.com/agent/my-agent"),
    oaiaf.WithTrustBundle(trustBundle),
    oaiaf.WithSVID(certificate),
)

// Or fetch from workload API
provider := oaiaf.NewAIMSProvider(agent,
    oaiaf.WithWorkloadSocket("/var/run/spiffe/agent.sock"),
)
err := provider.FetchSVIDFromWorkloadAPI(ctx)

Architecture Documentation

See docs/architecture.md for comprehensive documentation including:

  • Five-layer identity stack details
  • Protocol specifications and flows
  • Agent type reference matrix
  • OAIAF integration examples
  • Standards reference tables

See docs/flows.md for detailed sequence diagrams of each protocol flow.

Documentation

License

MIT License - see LICENSE for details.

About

OAIAF provides a framework for building AI agents with built-in support for agent authorization protocols including ID-JAG, AAuth, and AIMS.

Resources

License

Stars

Watchers

Forks

Contributors

Languages