feat(spec): Specify Agent Authorization Verifiable Credential profile

[nikkal12]

Description

This contribution specifies the Agent Authorization Verifiable Credential Profile
(AAVC) - Section 5.4.2 - providing a standardized credential schema for interoperable
cross-domain agent authorization.

The profile enables Authorization Servers across different administrative domains to
make informed, consistent authorization decisions while preserving organizational
flexibility through a structured extension mechanism.

Required Claims (MUST)

Core identity and authorization claims for interoperability:

• id: Globally unique agent identifier (dereferenceable URI)
• agentType: Agent classification (tool, orchestrator, workflow, system, ephemeral)
• authorizedScopes: Array of permitted scopes (resource:action format or URIs)
• issuerDomain: Administrative domain for trust policy application

Recommended Claims (SHOULD)

Production deployment guidance for security and compliance:

• Identity claims: agentName, agentVersion, tenantId
• dataSensitivityClearance: Maximum data classification (public → regulated)
• complianceAttestations: Certification records (ISO-27001, SOC2, GDPR, HIPAA)
• operationalConstraints: Runtime limits (rate, concurrency, time windows, geofence)
• trustSignals: Dynamic trust indicators with provenance and freshness

Optional Claims (MAY)

Extended capabilities for specific use cases:

• modelInfo: AI model provenance with approved/prohibited use cases
• delegation: Delegation permissions (see Section 5.4.1)
• provenance: SLSA build provenance and supply chain attestations
• policyBindings: References to governing policies with enforcement modes

Extension Mechanism

JSON-LD context-based extensions allow organizations to add domain-specific claims
while maintaining baseline interoperability. Implementations gracefully handle
unrecognized claims following the robustness principle.

Complete Reference Implementation

Includes a fully-specified example credential for an XDR Triage Assistant workflow
agent, demonstrating practical application of all claim categories.

Interoperability Requirements

Defines normative conformance matrix (MUST/SHOULD/MAY) for:

• Credential structure validation
• Required claim processing
• Proof verification
• Selective disclosure support

This profile enables the vision of cross-organizational agent ecosystems with
verifiable, privacy-preserving, and policy-compliant authorization.

Related: Part of the DCR v1 Draft proposal series for the AGNTCY Identity Working Group.
Builds on: Threat model (PR #146), Security considerations (PR #147), Delegation
semantics (PR #148)
References: W3C Verifiable Credentials Data Model, SD-JWT (Selective Disclosure
for JWTs), JSON-LD, SLSA Provenance

Type of Change

• Documentation

Checklist

• I have read the contributing guidelines
• Existing issues have been referenced (where applicable)
• I have verified this change is not present in other open pull requests
• Functionality is documented
• All code style checks pass
• All new and existing tests pass

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see actions/dependency-review-action/issues/938.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None