SEATTLE, WA — June 12, 2026 — Identient today introduced AuthR, a proposed framework for authorship representation designed to address a missing layer in enterprise identity as organizations adopt increasingly autonomous AI systems.
For decades, identity and access management has centered on two questions: Who are you? and What are you allowed to do? Authentication and authorization remain essential, but they were built for a world where humans directly accessed systems and performed discrete actions. As enterprises move toward agentic AI and Verified Intelligence systems that can reason, delegate, and act across systems, a third question becomes unavoidable: Whose judgment is being represented, and who is responsible for what was done?
AuthR is Identient’s proposed answer. Short for Authorship Representation, it complements existing identity standards and infrastructure, including OAuth, SAML, OIDC, CoSAI, SPIFFE/SPIRE, and verifiable credentials. It does not replace authentication or authorization. It adds an authorship layer that travels alongside agentic work, carrying responsibility, intent, scope, provenance, and drift across multi-hop AI workflows.
“Authentication tells us who is present. Authorization tells us what access has been granted. As AI agents begin to act on behalf of people and organizations, those two pillars are no longer enough,” said Steve Tout, CEO of Identient. “The enterprise needs to prove whose judgment was represented, what intent governed the action, and whether the system stayed within its intended scope. AuthR makes that concrete.”
The need for an authorship layer is no longer a forward-looking thesis; regulators are describing it directly. The 2026 FINRA Annual Regulatory Oversight Report, published December 9, 2025, includes a dedicated section on generative AI that names, among its leading risks, “Scope and authority: Agents may act beyond the user’s actual or intended scope and authority.” The same section flags agents acting autonomously without human validation, and the difficulty of tracing multi-step agent reasoning. Those concerns map almost exactly to what AuthR makes verifiable: whose intent governed an action, whether a human authored it, and how to reconstruct the reasoning behind it.
“When a financial regulator writes that agents may act beyond the user’s intended scope and authority, it is describing the precise failure mode AuthR was built to prevent,” Tout said. “An agent can stay perfectly inside its granted scope while pursuing a goal the user never set. That gap is structural, and closing it requires a structural answer.”
AuthR v0.1 represents authorship through six core primitives: Author, Actor, Intent, Scope, Provenance, and Drift. Together they create a verifiable record of who authored a decision, what executed it, why, within what boundaries, shaped by what lineage, and whether conditions changed enough to require review. Two of these primitives, Intent and Drift, are what distinguish AuthR from existing delegation and access-control mechanisms.
Intent captures why an action was authorized and carries that reason across every hop of a workflow. Existing standards propagate identity and narrow scope, but they do not carry the human intent that justified the work. This matters because the most consequential agentic failures are not traditional scope violations. An agent influenced by untrusted data can take an action fully within its granted permissions while serving a goal its principal never authorized. Without intent, there is nothing to evaluate that action against; with it, an in-scope action that contradicts the authored intent becomes visible.
Drift treats the gap between original intent and runtime behavior as a condition to be continuously evaluated, not a decision settled once when access is granted. In long-running, delegated, and multi-agent workflows, conditions change after authority is delegated: sub-agents re-plan, memory accumulates, external data reshapes behavior over time. A static, grant-time approval cannot account for that. Drift asks, on a continuing basis, whether the system has moved far enough from its original mandate to require re-anchoring or human review.
Industry veterans see the same shift. “We have spent twenty years perfecting authentication and authorization for a world where humans push buttons. Agents are a dynamic process, and you cannot apply a static control to a dynamic process. The identity stack needs a third primitive,” said Steve Zalewski, security veteran and former CISO of Levi Strauss & Co. “Steve Tout’s AuthR is the most elegant articulation I have seen of what that primitive should be.”
As enterprises shift from AI tools that assist humans to systems that execute work on their behalf, knowing which token was used or which account made a call will not be enough. In high-trust environments such as finance, security, healthcare, and legal, organizations will need to reconstruct the authorship chain behind an action and confirm it stayed aligned with the original intent.
“Verified Intelligence cannot scale on trust alone,” Tout added. “It needs structure that security teams, identity architects, auditors, and developers can evaluate. AuthR is an invitation to the identity and security community to help shape it.”
Identient is introducing AuthR v0.1 as a proposed framework for industry discussion, and invites identity leaders, security practitioners, standards contributors, AI governance experts, and enterprise architects to review the specification, test the materials, and help develop it further. The AuthR materials include a working paper, draft specification, interactive playground, schema materials, and reference implementation resources, available at https://www.identient.com/authr/.
###
Identient is building the authorship layer for the agentic era. Through advisory and innovation work centered on Verified Intelligence, Identient helps CIOs, CISOs, and finance and security leaders close the trust gap created by AI systems that produce fast, confident answers no one can trace, explain, or defend. Verified Intelligence is a data governance discipline that grounds AI output in curated, human-authored knowledge, enforces hard limits on scope, makes every insight traceable to its source, and continuously monitors for drift.
AuthR extends that discipline into agentic workflows, carrying authorship, intent, and accountability alongside the work itself, so organizations can prove whose judgment was represented and who is responsible for what was done. Designed to complement existing identity standards rather than replace them, Identient keeps human judgment at the center of consequential decisions as AI systems increasingly act on the enterprise’s behalf.
Verify the intelligence behind your decisions at https://www.identient.com.
Media Contact:
Steve Tout
steve@tout.media
(408) 825-3350
