Model Context Protocol - Identity
Getting started with the Identity addendum to Model Context Protocol (MCP-I).
What is MCP-Identity?
MCP-I is an open protocol that standardizes how applications and agents present identity information on behalf of users to LLMs and downstream services, and how they prove that delegated authority has been granted by the user.
Know Your Agent
MCP-I extends the core Model Context Protocol to address the critical challenge of secure, verifiable identity and delegation for AI agents and systems.
Introduction
Taking inspiration from the Model Context Protocol (MCP), MCP-I extends its foundation with cryptographic identity and delegation. It enables AI agents to prove not only who the user is that they represent, but also that they have explicit permission to act on the user's behalf. This capability is critical for agents to interact with services that require strong assurance of user identity—whether for personalization, access control, or regulatory compliance.
Why MCP-I?
MCP-I helps you build agents that will be able to interact with enterprise systems on behalf of your users.
Nearly all enterprise applications require some some form of user identity—from basic OAuth tokens to full identity verification. MCP-I provides a way for those servers to get that same notion of who the user is from agents:
- Prompt the user to verify identity (e.g., via OAuth, biometric KYC, or other flows) and receive a cryptographically signed identifier in return.
- Request delegation of authority from the user, specifying what actions are allowed and under what conditions.
- Transmit verifiable proof of both identity and delegation to services—either directly or through a trusted edge proxy that validates and forwards the request.
The 'Know Your Agent' problem
As AI agents become more prevalent and autonomous, the ability to verify their identity and authority becomes critical. AI Agents need a secure way to prove:
- Who they are (identity)
- Who authorized them (delegation)
- What they're allowed to do (scope)
- Whether they can be trusted (reputation)
The Know Your Agent (KYA) Problem
Without standardized identity and delegation mechanisms, organizations face significant risks when integrating with AI agents, including unauthorized access, audit gaps, and compliance violations.
MCP-I addresses these challenges by providing:
- Secure Identity: Cryptographically verifiable identities for AI agents
- Delegation Chains: Clear provenance of authority from user to agent
- Verifiable Credentials: Tamper-proof attestations of permissions
- Audit Mechanisms: Comprehensive tracking of agent activities
- Interoperability: Standardized approach across platforms and vendors
- Regulatory Compliance: Alignment with emerging AI regulations
Key Entities in MCP-I
MCP-I defines several key entities that interact within its framework:
- Principal (User): The human or organization delegating authority to an agent
- Agent: The AI software acting on behalf of a principal
- Service: The resource server providing tools, data, or capabilities
- Verifier / Edge Proxy: The component that verifies agent requests
Real-World Parallel
Think of MCP-I as an embassy system. The Principal is a citizen, the Agent is their ambassador, the Service is a foreign government, and the Verifier is the border control checking credentials.
Conformance Levels
MCP-I defines three levels of implementation to accommodate different security needs and adoption stages:
Level 1: Basic
- DID issuance at agent registration (optional verification)
- VC delegation or legacy identifiers (OIDC, JWT)
- Agent requests verified by Edge Proxy
- No revocation checks enforced
- Limited agent reputation tracking
Level 2: Standard
- DID issuance and mandatory DID verification
- Full VC delegation verification at request time
- Delegation revocation support (StatusList2021)
- Cryptographic proof required in agent requests
- Basic agent reputation tracking
- Optional visibility into agent identity for downstream services
Level 3: Enterprise
- Comprehensive DID and VC lifecycle management
- Immutable audit trails and detailed reputation management
- Credential-to-token bridging for OAuth 2.1 compatibility
- Behavioral anomaly detection in delegation usage
- Extensive revocation and selective disclosure capabilities
- Both the Agent and Recipient service are MCP-I Aware, enabling direct delegation chain resolution and agent reputation enforcement.
Adoption Strategy
Organizations can begin with Level 1 implementation to gain immediate benefits while planning migration to higher conformance levels as their security needs evolve.
Cryptographic Foundations
MCP-I builds upon established web standards for decentralized identity:
- Decentralized Identifiers (DIDs): Cryptographic, verifiable identifiers for agents and users
- Verifiable Credentials (VCs): Signed, tamper-proof digital attestations of claims
- Delegation Credentials: VCs specifically used to delegate authority from one entity to another
Getting Started with MCP-I
To begin understanding and implementing MCP-I, we recommend:
- Explore the Architecture Overview to understand how the components fit together
- Learn about the Identity Layer and Delegation Layer
- Review the Implementation Examples for practical guidance
- Check the FAQ for answers to common questions
Next Steps
Continue to Architecture Overview to learn more about how MCP-I is structured and functions.