[Question]: What does the authentication requirement mean in practice

[yarolegovich]

The spec is now very explicit about auth:

Servers MUST reject requests with invalid or missing authentication credentials

Should this be a part of the specification? Authentication is very application specific.
Can we say that an SDK is protocol compliant if it provides a way to set an interceptor which can potentially verify authentication?
What does it mean for a credential to be invalid?
What if I want to handle auth on another layer in the internal deployment cross-service integration?

[The-Nexus-Guard]

This is a great question — "what does authentication mean in practice for agents?" is genuinely unsolved in the current spec.

The core tension: traditional auth (OAuth, API keys, mTLS) authenticates the service or user, not the agent. In multi-agent systems, you need to know which specific agent is making a request, not just which server it's coming from.

A few concrete approaches being discussed:

1. Domain-level auth (what the spec likely intends): mTLS, OAuth client credentials, or API keys. This verifies the hosting service. Sufficient for internal deployments where you control both sides.

2. Agent-level auth (the gap): Cryptographic identity per-agent. Each agent has its own keypair and DID (Decentralized Identifier), signs requests, and the receiving agent verifies the signature. This is what AIP implements — and it works alongside domain-level auth, not instead of it.

3. Trust-aware auth (the next step): Not just "is this agent who it claims to be?" but "should I accept work from this agent?" This requires trust metadata (vouches, reputation, certification) as discussed in Feature: Trust scoring extension for agent-to-agent delegation #1501 and Proposal: Agent Identity Verification and Trust Framework #1497.

For your specific questions:

• "Can an SDK be compliant with an auth interceptor?" — Yes, if the interceptor can handle agent-level identity verification (not just service-level). The key is making the agent's identity (DID, public key) available in the request context.
• "What if I handle auth on another layer?" — Fine for service-to-service, but you lose agent-level attribution. If Agent A and Agent B both run on the same service, the receiving agent can't distinguish them without agent-level auth.

The AgentCard could help here by declaring what auth methods the agent supports, so the client knows what credentials to present before the first request.