Over the last month, George Fletcher and I have been exploring a concept we’re calling As-Known-As (AKA) Delegation. This was fueled by many discussions at the OAuth Security Workshop in February and the Internet Identity Workshop in Mountain View last week. In the real world, we play many roles—engineer, advocate, leader, caretaker —and our digital identities should reflect that same nuance. AKA Delegation is about enabling a persona (a selective representation of a person) to be delegated independently, securely, and intentionally. Why does this matter? Think pseudonyms, aliases, multiple job roles—or even legal name changes. Digital systems need to support this level of identity abstraction and delegation. 📰 We just published a post unpacking this idea 💡 Would love your thoughts! #Identity #Authentication #DigitalIdentity #OAuth #IIW #Delegation #IAM
Thank you for sharing, Jen and George. I think this is a wonderful idea. I would love to explore how the “AKA Delegation” concept, along with its various types, can be applied here. For example, Alice’s startup might designate her as both CFO and CTO, after which Alice could delegate responsibilities to her personas. Her personas, in turn, might assign tasks to their AI agents.
Reminds me of Limited Liability Persona, cc Lori Robinson Mike Neuenschwander. Thanks to Drummond Reed for capturing these notes: https://equalsdrummond.name/2006/09/13/the-limited-liability-persona-llp/
Identerati Office Hours Episode 108 is on this topic: https://gluu.co/ioh-108 Please join us on Tuesday 5/13/2025 10:00am PST
I am working on long-term delegations, such as might be found for an elderly or disabled person. We are looking for others that would be interested in contributing to a Kantara report on this topic. Send me a message and i will forward a link to the work product.
Worth mentioning that William Lin also uses "AKA" for his company's name, AKA Identity. Slightly different meaning, of course.
Interesting article : What Agentic Software Really Means: "It’s Not Autonomy, It’s Delegation" https://gluu.co/agentic-mike
Nice work Jen!
I agree a JWT token needs to attest to the delegation between the subjects. But a lot of the challenge is around the authz--knowing how to make sensible policies to consume that interesting data about the delegation event. That's why personally I'm more focused on the policy engine then the token design... IMHO, we have more tokens then we currently use in practice. Another way to say it is, first we need to teach developers how to consume and make policies about tokens (i.e. TBAC), then we can send them some pretty fancy tokens about delegation.
Really cool! I'm researching on trust and governance in digital identity wallets and would love to have a convo with you on this, this brings such an interesting perspective!
Solving business problems with technology
7moPhil Windley talks about this some in his book. In the real world we get these different roles by default, but online everything is everywhere all at once, which means we need to design in these separations. Some of it happens with decentralization, but other aspects need to be designed in. https://www.amazon.com/Learning-Digital-Identity-Design-Architectures/dp/1098117697