OpenID Federation and the governance gap in agentic identity

At a glance

What this is: OpenID Federation is a trust layer for OIDC and OAuth 2.0 that uses signed metadata and delegated authorities to automate verification across multi-party ecosystems.

Why it matters: It matters because NHI and IAM teams now need governance models that can verify non-human participants, not just human users, across distributed trust boundaries.

👉 Read Raidiam's analysis of OpenID Federation for AI agents and ecosystems

Context

OpenID Federation addresses a familiar IAM problem: trust breaks down when organisations need to onboard many external or semi-independent participants without losing policy control. In ecosystem settings, the relevant identities are often not people but service endpoints, wallets, APIs, and AI agents, which makes NHI governance part of the trust model from the start.

For teams that want a broader NHI lens, the governance challenge sits alongside identity lifecycle, privilege scope, and verification at scale. The article’s central claim is that decentralised trust can replace manual relationship management, which is increasingly the wrong operating model for open data and agentic AI ecosystems.

Key questions

Q: How should organisations govern AI agents that join federated ecosystems?

A: Treat AI agents as first-class non-human identities with signed metadata, bounded scopes, and explicit policy ownership. Federation can verify that an agent is recognised, but it does not decide whether the agent should keep its access. Teams need lifecycle controls, runtime monitoring, and revocation paths for every federated agent.

Q: What is the difference between OpenID Federation and normal OIDC trust?

A: Normal OIDC trust usually relies on preconfigured relationships between a client and an identity provider. OpenID Federation adds a distributed trust layer with signed metadata, trust anchors, and delegated authorities, so ecosystems can verify participants dynamically across organisations instead of relying on manual setup.

Q: When does federation create more risk than it reduces?

A: Federation creates more risk when organisations treat onboarding as the end of governance. If trust anchors are too broad, metadata is weakly controlled, or revocation is slow, the ecosystem can scale access faster than it can scale oversight. In that case, federation spreads trust without enough restraint.

Q: How can security teams combine federation with NHI lifecycle controls?

A: Start with federated verification, then layer credential rotation, entitlement review, and offboarding procedures on top. Federation tells you who a participant is at onboarding time, while lifecycle controls keep that identity accurate as roles, keys, and business relationships change.

Technical breakdown

How OpenID Federation establishes trust chains

OpenID Federation extends OIDC and OAuth 2.0 by adding a cryptographic trust fabric. Participants publish signed metadata that describes endpoints, keys, capabilities, and policy constraints. Federation entities sit under operators, while trust anchors act as the root of trust and can delegate authority to lower layers. That structure lets one ecosystem verify another without preconfigured bilateral relationships. The important shift is not just technical automation. It is the move from static allowlists to verifiable statements about who a participant is, what it can do, and which rules govern it.

Practical implication: Practitioners should treat federation metadata as a control surface and review who can publish, sign, and delegate trust.

Why federation changes AI agent identity governance

Agentic AI introduces software entities that can fetch data, call APIs, and make decisions. In that model, the agent itself becomes a participant that needs identity, authentication, and policy boundaries. OpenID Federation gives external agents a way to present signed metadata before access is granted, which can reduce blind trust in opaque integrations. But federation does not remove the need for local authorisation, step-up controls, or scope limits. It only makes the trust decision more portable across domains. Without strong policy enforcement, federation can scale risk as efficiently as it scales access.

Practical implication: Security teams should pair federated onboarding with least privilege, token scoping, and continuous access review for every agent.

What signed metadata does and does not solve for ecosystems

Signed metadata improves discoverability and authenticity, but it is not the same as full governance. It can tell you that a participant was issued by a recognised authority and that its declared configuration matches policy. It cannot, by itself, guarantee behaviour after onboarding, enforce business-specific risk thresholds, or detect abuse inside the authorised session. That means OpenID Federation works best as the verification layer above which IAM, PAM, and monitoring controls still operate. It is a trust framework, not an operating substitute for NHI lifecycle management.

Practical implication: Use federation to automate trust establishment, then enforce runtime controls for privilege, monitoring, and offboarding.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

OpenID Federation is becoming the missing trust layer for distributed NHI governance. Ecosystems built on open banking, wallet credentials, and AI agents need a way to recognise counterparty identity without manually stitching together relationships. Static onboarding models do not scale once the number of participants, domains, and policy regimes multiplies. Practitioners should treat federation as a governance primitive, not just an integration convenience.

Identity blast radius: federation reduces onboarding friction, but it also concentrates trust decisions into the root and operator layers. That means the wrong trust anchor, delegation rule, or metadata policy can affect many downstream participants at once. NHI governance should therefore include explicit oversight for who can issue trust, how delegation is bounded, and how revocation propagates. Practitioners should design for constrained delegation, not broad trust inheritance.

Agentic AI makes federated trust operational, not theoretical. Once AI agents can invoke APIs and act across organisational boundaries, identity controls must move closer to machine-to-machine verification. That validates the federation model, but it also exposes how immature many enterprise controls remain for non-human participants. Practitioners should assume that agent identity will require both federation and runtime authorisation, not one or the other.

OpenID Federation accelerates interoperability, but it does not replace NHI lifecycle discipline. Trust can be established automatically, yet credentials still age, scopes drift, and participants exit ecosystems. Revocation, rotation, and access review remain essential because the trust fabric only works when its underlying identities stay accurate. Practitioners should align federation rollout with lifecycle controls from day one.

The market signal is clear: future identity infrastructure will be policy-driven and decentralised. As more ecosystems adopt verifiable trust chains, teams will need to re-evaluate whether their current IAM stack can represent machines, wallets, and agents as first-class identities. Practitioners should prepare for a world where trust is negotiated continuously, not assumed at onboarding.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which means many federated environments still lack basic identity inventory discipline.
• OpenID Federation can automate trust exchange, but practitioners still need the Ultimate Guide to NHIs to close lifecycle gaps after onboarding.

What this signals

Identity federation will matter more as autonomous software becomes a routine participant in business ecosystems. If AI agents, wallets, and partner APIs are all being treated as verifiable entities, then the governance question shifts from user authentication to ecosystem trust operations. Practitioners should be ready to document who can publish trust, who can revoke it, and how quickly changes propagate across domains.

Federated trust only works when the underlying NHI estate is visible. With only 5.7% of organisations having full visibility into their service accounts, according to Ultimate Guide to NHIs, many teams are trying to build decentralised trust on top of incomplete identity inventories. The immediate programme priority is to align discovery, ownership, and revocation before scaling federation.

OpenID Federation and the NIST AI Risk Management Framework point to the same operational conclusion: policy must travel with identity. For agentic AI, that means access decisions cannot stop at initial registration. Practitioners should prepare for continuous verification, constrained delegation, and auditable control boundaries across every federated relationship.

For practitioners

• Implement delegated trust governance Define who can act as a trust anchor, which operators may delegate authority, and what conditions limit that delegation across ecosystems.
• Bind federation to least privilege Require signed metadata to be paired with minimal scopes, explicit audience restrictions, and short-lived tokens for every external participant.
• Review non-human onboarding paths Map how AI agents, wallets, service accounts, and partner APIs are discovered, verified, approved, and revoked before they receive access.
• Enforce runtime controls after trust establishment Use monitoring, session-level policy, and periodic entitlement review so federation does not become a one-time trust decision.

Key takeaways

• OpenID Federation addresses the trust gap that appears when ecosystems outgrow manual onboarding and bilateral identity setup.
• The core risk is not federation itself, but uncontrolled delegation, weak revocation, and post-onboarding privilege drift across non-human identities.
• IAM and NHI teams should pair federated verification with lifecycle controls, least privilege, and runtime oversight before expanding ecosystem trust.

Key terms

• OpenID Federation: OpenID Federation is a trust framework that extends OIDC and OAuth 2.0 so organisations can verify each other through signed metadata and delegated authorities. It replaces many manual onboarding relationships with cryptographically verifiable trust chains, which is especially relevant in multi-party digital ecosystems.
• Trust anchor: A trust anchor is the root authority that signs federation metadata and establishes the policies other participants inherit. In practice, it controls who can join, what cryptographic rules apply, and how trust is delegated across an ecosystem. The security posture of the whole federation depends heavily on this layer.
• Federation entity: A federation entity is an organisation or technical participant that publishes metadata describing its keys, endpoints, and capabilities. It is the unit of participation inside the federation, and it can be an identity provider, relying party, wallet provider, or AI agent acting on behalf of a system.
• Signed metadata: Signed metadata is the machine-readable trust statement that a federation participant publishes for others to verify. It allows ecosystems to confirm identity, policy posture, and permitted capabilities without relying on static manual configuration. If the metadata is wrong or poorly governed, the trust model inherits that weakness.

Deepen your knowledge

OpenID Federation and agentic AI identity governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your environment is moving toward decentralised trust, it is worth exploring.

This post draws on content published by Raidiam: OpenID Federation and its role in trust automation across ecosystems. Read the original.