<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type="text/xsl" href="rss.xsl"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">
    <channel>
        <title>Yaroslav Popov — Technical Articles</title>
        <link>https://blog.popov.app/articles</link>
        <description>Technical essays on AI agents, trust infrastructure, and local-first software.</description>
        <lastBuildDate>Thu, 16 Jul 2026 00:00:00 GMT</lastBuildDate>
        <docs>https://validator.w3.org/feed/docs/rss2.html</docs>
        <generator>https://github.com/jpmonette/feed</generator>
        <language>en</language>
        <copyright>Copyright © 2026 Yaroslav Popov</copyright>
        <item>
            <title><![CDATA[Why AI agents need passports]]></title>
            <link>https://blog.popov.app/articles/why-ai-agents-need-passports</link>
            <guid>https://blog.popov.app/articles/why-ai-agents-need-passports</guid>
            <pubDate>Thu, 16 Jul 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[A short working note on portable identity, signed intents, and trust infrastructure for AI agents.]]></description>
            <content:encoded><![CDATA[<p>AI agents need a way to prove what they are, who they represent, and which actions they are allowed
to perform. User accounts and API keys are not enough once agents start acting across multiple tools,
websites, local machines, and organizations.</p>
<!-- -->
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="definition">Definition<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#definition" class="hash-link" aria-label="Direct link to Definition" title="Direct link to Definition" translate="no">​</a></h2>
<p>An <strong>agent passport</strong> is a portable identity and trust document for an AI agent. It binds together
an agent identity, a human or organizational principal, allowed capabilities, signed intents,
claims, expiry, and revocation data.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="the-problem">The problem<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#the-problem" class="hash-link" aria-label="Direct link to The problem" title="Direct link to The problem" translate="no">​</a></h2>
<p>Most systems today can identify a human account or a service credential. They usually cannot answer:</p>
<ul>
<li class="">Which agent is acting?</li>
<li class="">Was this specific action approved by the user?</li>
<li class="">What capabilities were delegated?</li>
<li class="">Which claims about the agent are signed by someone trustworthy?</li>
<li class="">How can access be revoked across systems?</li>
</ul>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="a-practical-model">A practical model<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#a-practical-model" class="hash-link" aria-label="Direct link to A practical model" title="Direct link to A practical model" translate="no">​</a></h2>
<p>A useful agent passport should be boring and implementation-friendly:</p>
<ol>
<li class="">stable agent identifier;</li>
<li class="">owner/principal identifier;</li>
<li class="">scoped capabilities;</li>
<li class="">signed intents for high-risk actions;</li>
<li class="">short expiry windows;</li>
<li class="">revocation endpoint or registry;</li>
<li class="">audit references.</li>
</ol>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="why-signed-intents-matter">Why signed intents matter<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#why-signed-intents-matter" class="hash-link" aria-label="Direct link to Why signed intents matter" title="Direct link to Why signed intents matter" translate="no">​</a></h2>
<p>A signed intent turns “the agent said the user wanted this” into a verifiable statement:</p>
<div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><div class="token-line" style="color:#393A34"><span class="token punctuation" style="color:#393A34">{</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain">  </span><span class="token property" style="color:#36acaa">"subject"</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">"user:yaroslav"</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain">  </span><span class="token property" style="color:#36acaa">"agent"</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">"agent:writing-assistant"</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain">  </span><span class="token property" style="color:#36acaa">"action"</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">"publish_article"</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain">  </span><span class="token property" style="color:#36acaa">"scope"</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">"domain:blog.popov.app"</span><span class="token punctuation" style="color:#393A34">]</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain">  </span><span class="token property" style="color:#36acaa">"expires_at"</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">"2026-07-31T23:59:59Z"</span><span class="token plain"></span><br></div><div class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><br></div></code></pre></div></div>
<p>The receiving system can verify the signature, scope, expiry, and revocation state before accepting
the action.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="open-questions">Open questions<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#open-questions" class="hash-link" aria-label="Direct link to Open questions" title="Direct link to Open questions" translate="no">​</a></h2>
<ul>
<li class="">Should agent passports be closer to DIDs, OAuth clients, certificates, or package manifests?</li>
<li class="">How should claims be distributed and revoked?</li>
<li class="">Which actions require explicit signed intents instead of ambient capability grants?</li>
<li class="">How can this work for local-first agents without a centralized identity provider?</li>
</ul>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="related-notes">Related notes<a href="https://blog.popov.app/articles/why-ai-agents-need-passports#related-notes" class="hash-link" aria-label="Direct link to Related notes" title="Direct link to Related notes" translate="no">​</a></h2>
<ul>
<li class=""><a class="" href="https://blog.popov.app/notes/agent-passports">Agent passports</a></li>
<li class=""><a class="" href="https://blog.popov.app/notes/signed-intents">Signed intents</a></li>
</ul>]]></content:encoded>
            <category>AI agents</category>
            <category>Trust infrastructure</category>
        </item>
    </channel>
</rss>