The rapid evolution of AI agents poses significant challenges to authentication, authorization, and identity management; existing protocols (e.g., MCP) lack systematic security design. Method: This paper introduces the first centralized identity management strategic framework tailored for AI agents, integrating OpenID standards with agent-centric protocols. It proposes an extensible access control mechanism, fine-grained AI workload classification, a dynamic delegation model for permissions, and a governance pathway for long-term autonomous operation. The study systematically surveys current security practices, distills agent-specific security best practices, and formulates a technology roadmap for identity management in large-scale autonomous systems. Contribution/Results: The framework delivers a forward-looking, interoperable identity architecture for AI-native systems—bridging critical theoretical and practical gaps in agent-centric identity governance while ensuring backward compatibility and scalability.

The rapid rise of AI agents presents urgent challenges in authentication, authorization, and identity management. Current agent-centric protocols (like MCP) highlight the demand for clarified best practices in authentication and authorization. Looking ahead, ambitions for highly autonomous agents raise complex long-term questions regarding scalable access control, agent-centric identities, AI workload differentiation, and delegated authority. This OpenID Foundation whitepaper is for stakeholders at the intersection of AI agents and access management. It outlines the resources already available for securing today's agents and presents a strategic agenda to address the foundational authentication, authorization, and identity problems pivotal for tomorrow's widespread autonomous systems.