AI Dev 26 X SF | Matthew Xu: The 4-Legged Identity Challenge

In a recent AI Dev 26 session, Matthew Xu, CTO of Agent Fabric, warned that the “four‑legged identity challenge” – where a user, an agent, an MCP server and a downstream API each act in a chain – is becoming the default architecture for autonomous AI agents. He argued that traditional OAuth/OIDC, designed for a single hop between user, app and identity provider, cannot reliably preserve identity once the execution moves beyond the local deployment.

Xu outlined how the delegation graph quickly expands beyond four legs, turning into a complex web of multiple hops. Tokens bound to a single audience are lost mid‑chain, causing APIs to see only the server’s credentials. He highlighted four mitigation patterns, singling out token exchange (RFC 8693) as the cleanest solution because it issues a new audience‑specific token while retaining the original user’s claims. He also noted the uneven support across providers such as Keycloak, Microsoft Entra and Okta.

To illustrate, Xu walked through a lab where an agent discovers an MCP server, uses RFC 9728 to fetch metadata, registers itself dynamically via RFC 7591, obtains a user token, and finally performs RFC 8693 token exchange before calling a downstream API. He positioned Agentic Fabric as a brokered identity layer that centralizes these flows, handling token issuance, policy enforcement and audit logging without burdening each agent with OAuth intricacies.

The broader implication is that enterprises deploying autonomous agents must adopt a governance stack that tracks both the human user and the autonomous agent, enforces role‑based policies at runtime, and provides full audit trails. Without such a layer, organizations risk security gaps, compliance failures, and loss of control over AI‑driven actions across their service mesh.