Model Context Protocol - Identity

Getting started with the Identity addendum to Model Context Protocol (MCP-I).

What is MCP-I?

Taking inspiration from the Model Context Protocol (MCP), MCP-I extends MCP with cryptographic identity and delegation. It enables AI agents to prove not only which user they represent, but also that they have explicit permission to act on the user's behalf. This capability allows agents to interact with services requiring strong assurance of user identity—whether for personalization, access control, or regulatory compliance.


Why MCP-I Matters: The 'Know Your Agent' problem

As AI agents become more prevalent and autonomous, the ability to verify their identity and authority becomes critical. AI Agents need a secure way to prove:

  1. Who they are (identity)
  2. Who authorized them (delegation)
  3. What they're allowed to do (scope)
  4. Whether they can be trusted (reputation)

MCP-I addresses these by providing:

  • Secure Identity: Cryptographically verifiable identities for AI agents
  • Delegation Chains: Clear provenance of authority from user to agent
  • Verifiable Credentials: Tamper-proof attestations of permissions
  • Audit Mechanisms: Comprehensive tracking of agent activities
  • Interoperability: Standardized approach across platforms and vendors
  • Regulatory Compliance: Alignment with emerging AI regulations

Key Entities in MCP-I

MCP-I defines several key entities that interact within its framework:

  • User (Principal): The human or organization delegating authority to an agent
  • Agent: The AI software acting on behalf of a user
  • Service: The resource server providing tools, data, or capabilities
  • Verifier / Edge Service: The component that verifies agent requests

Loading diagram...

What can MCP-I achieve?

With MCP-I, Agents can act on behalf of users, and do things such as

  • Book a flight using your saved traveler profile.
  • File your taxes with your real identity.
  • Access your health records securely.

Previously, AI agents could not perform these tasks, as they could not prove which user they represented, or what permissions they'd been granted.

MCP-I makes this possible by requiring agents to:

  1. Prompt the user to verify identity (e.g., via OAuth, biometric KYC, or other flows) and receive a cryptographically signed identifier in return.
  2. Request delegation of authority from the user, specifying what actions are allowed and under what conditions.
  3. Transmit verifiable proof of both identity and delegation to services—either directly or through a trusted edge proxy that validates and forwards the request.

Cryptographic Foundations

MCP-I builds upon established web standards for decentralized identity with these key components:

  • Verifiable Credentials (VCs): Signed, tamper-proof digital attestations of claims
  • Decentralized Identifiers (DIDs): Cryptographic, verifiable identifiers for agents and users, and a component of VCs
  • Delegation Credentials: VCs specifically used to delegate authority from one entity to another

Conformance Levels

MCP-I defines three levels of implementation to accommodate different security needs and adoption stages:

Level 1: Basic

  • DID issuance at agent registration (optional verification)
  • VC delegation or legacy identifiers (OIDC, JWT)
  • Agent requests verified by Edge Proxy
  • No revocation checks enforced
  • Limited agent reputation tracking

Level 2: Standard

  • DID issuance and mandatory DID verification
  • Full VC delegation verification at request time
  • Delegation revocation support (StatusList2021)
  • Cryptographic proof required in agent requests
  • Basic agent reputation tracking
  • Optional visibility into agent identity for downstream services

Level 3: Enterprise

  • Comprehensive DID and VC lifecycle management
  • Immutable audit trails and detailed reputation management
  • Credential-to-token bridging for OAuth 2.1 compatibility
  • Behavioral anomaly detection in delegation usage
  • Extensive revocation and selective disclosure capabilities
  • Both the Agent and Recipient service are MCP-I Aware, enabling direct delegation chain resolution and agent reputation enforcement.

Getting Started with MCP-I

To begin understanding and implementing MCP-I, we recommend:

  1. Explore the Architecture Overview to understand how the components fit together
  2. Learn about the Identity Layer and Delegation Layer
  3. Check the FAQ for answers to common questions

Next Steps

Continue to Architecture Overview to learn more about how MCP-I is structured and functions.