The future of identification technologies will involve delegating tasks to automated agents. Between the decentralised dream and the password asphyxiation, a third actor is emerging: the automatic intermediary.
For years, we have spoken about the decentralising power of technologies, of a "disintermediated" digital future in which we can interact "peer to peer," point to point. However, the world appears to be moving in a direction opposed to the many good intentions and experiments aimed at decentralisation, transparency, and horizontality on the web.
Today, as I peek into the future of human-computer interaction and digital systems, I no longer see the elimination of intermediaries, but rather their automation and exponential multiplication.
We are not witnessing the end of delegation, but rather its explosion in new, minute, and ephemeral forms, especially in the realm of digital identity, which encompasses all those systems concerned with identifying us to institutions, authorities, commercial offices, and tourist services: 🚗 Digital driving license, 🩺 Access to medical prescriptions, 📧 Digital signature, 💳 New bank account, 🧳 Travel documents.
Let's be honest, identity management is a tedious and dangerous chore for everyone. Both for those who must prove it and for those who must verify it. And it is likely for this reason that, in the very near future, we will entrust it to automatic assistants.
Our wallets will act on their own.
My colleague Andrea D’Intino, who is very knowledgeable about industry standards in identity, calls it a "headless wallet" and describes it as a wallet without a screen, without a visible interface, with which we will interact simply by speaking in our own language. Imagine telling your phone, "Book me a hotel with parking in central Copenhagen in two weekends" immediately followed by a request to delegate your identity data and be authorised with a fingerprint. Or, "ask my bank to increase the limit on outgoing transfers to two thousand Euros" and so on, without having to enter any app or website, but guaranteeing an identity delegation to the AI that executes the order by interacting with the counter, website, or API provided by the service.
The recent OpenID Foundation whitepaper, "Identity Management for Agentic AI," captures with technical precision the present situation: AI agents clumsily impersonate humans without any authentication possible, and thus creating a responsibility vacuum. The solution, which will have radical consequences for how we currently use computers and mobile phones to resolve bureaucratic matters, will be authenticated delegation that allows us to distinguish between humans and their legitimate automated agent mandataries.
Serj Hallam
We are facing a paradigm shift.
This is not an evolution of the digital wallets we know, but a paradigm shift. A "headless wallet" is an agentic service, typically implemented as an MCP server (Model Context Protocol, a standard launched by Anthropic and initially supported by Claude), whose sole purpose is to manage, autonomously but conditioned by agreed-upon directives, identification and authentication credentials on behalf of a person.
Sooner or later, we all end up distracted and fatigued by "consent fatigue," a syndrome of continuous assent that becomes a danger to ourselves and an opportunity for those who wish to defraud us. In the future, all this will be replaced by an AI agent: an operational assistant that, to book us a ticket or buy us a book, will ask us for a pass for that task, inextricably linking the responsibility for its actions to us. These passes will be minute delegations, similar to signed sub-credentials, which will contain detailed instructions with precise characteristics, such as coins with an expiration date engraved upon them. For example:
- They will have a defined expiry (minutes, hours, days, years...).
- They will be limited to specific tasks ("book a hotel", "buy a book").
- They may have quantitative constraints ("spend no more than 200 EUR").
- They will contain distinct identifiers for both us, the human principals, and the automations themselves.
The most ironic thing is that we will end up delegating to automata the power to sub-delegate other automata. And, behind all this "AI choreography", humans won't ever need to look into each other eyes.
Complexity will grow with the advent of tools like "recursive delegations" and "field attenuations" technical terms to describe how a primary servant can generate secondary servants, each with a narrower mandate and more circumscribed power.
So then our headless wallet will be the first link in this chain, the point where a vulnerable, exhausted, and gullible human authority will try to defend itself by fragmenting into many authorised agents, whose delegation is born and dies within the execution timeframe of a task, according to a principle of minimal necessary authorisation. Cryptographic token technologies named "Biscuit" or "Macaroon" already allow the implementation of various scenarios of this type for crypto finance.
What can ever go wrong?
As you can imagine, this new digital architecture of the future, this new way of interaction between humans and machines, brings with it new shadows.
When we talk about digital identity we step into a world where interactions must be identifiable, authenticated and secure. The growing complexity will force systems to trade-off on transparency and security when asked to demonstrate the integrity for dozens of sub-agents accomplishing authenticated tasks at light-speed.
Ideally, every action undertaken by an agent using a delegation will have to be traceable, in a non-repudiable way, back to the agent. And, ultimately, to the user who granted the original authority.
Revocation will always be a critical challenge.
When a human revokes a primary agent's access, all the sub-delegations in circulation should immediately become ineffective. Likewise, when a machine revokes a credential for some reason it can really damage a human, and so the revocation reasons should be auditable. Technical designers must consider these aspects from the very beginning, perhaps by making credentials short-lived or by incorporating direct revocation mechanisms via emerging protocols, such as the "Shared Signals Framework," to propagate events in real-time.
There are many techno-political challenges ahead of us.
Traceability and Privacy
Selective disclosure mechanisms are needed where a first level of verification for delegations is possible without revealing all the actions undertaken by the agents or the identity of the user principal, using, for example, so-called "zero-knowledge" cryptography techniques like those implemented in Zenroom.
Jaromil
Interoperability
Closed, proprietary implementations of agentic identity systems will pose serious risks, and I sincerely hope they will be banned. Everything must be developed on open and interoperable standards; otherwise, monopoly situations will cause much greater harm than that of a simple browser or operating system whose code is closed.
Clear Responsibility
An agent's identity must be inextricably linked to the actions it performs and the outputs it generates, as suggested by initiatives for content origin certification (C2PA). The scientific foundations for this link are rooted in graph theory and complex cryptographic schemes, such as the one we developed for the REFLOW project.
We are heading towards a world of invisible intermediaries, automatic gatekeepers, principals, and mandataries in a digital court, where humans will no longer be the clients to be reasoned with, but the remote and somewhat mysterious subjects behind an infinity of interlocking services.
The interface for managing our identity will no longer be made of plastic cards, windows and icons on screens.
The dialogue with one of the many "artificial intelligence" assistants will be our main interface to bureaucratic chores, and we better prepare to make wise choices about which one we really trust.
The elephant of digital identity protocols will soon enter the china shop of delegation and revocation functions: let us only hope that, in this hall of mirrors, the glimmer of our original intention survives intact and well-guarded.
Who am I, and further reading
If you like to read further, I've written more about digital identity.
Jaromil
I've been working on this topic for over a decade, primarily in projects funded by the European Commission. Among my efforts are DECODEproject.eu and REFLOWproject.eu, plus various academic papers. With our growing team at The Forkbomb Company we've developed products as DIDROOM.com and CREDIMI.io.
