(no title)

The agent identity problem is different. AI agents are deployed by third parties, run across organizational boundaries, and interact with services they have no pre-existing trust relationship with. There's no SPIRE server you can install on someone else's OpenClaw instance.

Agent Passport is designed for that gap — lightweight, no infrastructure requirements, works over plain HTTP. But I think there's a real opportunity to bridge the two. An agent that runs inside your infra could get a SPIFFE SVID, and Agent Passport could accept that as an attestation signal in the risk engine. SPIFFE for internal trust, Agent Passport for cross-boundary trust.

The on-behalf-of angle is exactly right too. That's the chain we need: verified human → authorized agent → traceable action. Right now that chain is completely broken.