[2603.24775] AIP: Agent Identity Protocol for Verifiable Delegation Across MCP and A2A

Computer Science > Cryptography and Security arXiv:2603.24775 (cs) [Submitted on 25 Mar 2026] Title:AIP: Agent Identity Protocol for Verifiable Delegation Across MCP and A2A Authors:Sunil Prakash View a PDF of the paper titled AIP: Agent Identity Protocol for Verifiable Delegation Across MCP and A2A, by Sunil Prakash View PDF HTML (experimental) Abstract:AI agents increasingly call tools via the Model Context Protocol (MCP) and delegate to other agents via Agent-to-Agent (A2A), yet neither protocol verifies agent identity. A scan of approximately 2,000 MCP servers found all lacked authentication. In our survey, we did not identify a prior implemented protocol that jointly combines public-key verifiable delegation, holder-side attenuation, expressive chained policy, transport bindings across MCP/A2A/HTTP, and provenance-oriented completion records. We introduce Invocation-Bound Capability Tokens (IBCTs), a primitive that fuses identity, attenuated authorization, and provenance binding into a single append-only token chain. IBCTs operate in two wire formats: compact mode (a signed JWT for single-hop cases) and chained mode (a Biscuit token with Datalog policies for multi-hop delegation). We provide reference implementations in Python and Rust with full cross-language interoperability. Compact mode verification takes 0.049ms (Rust) and 0.189ms (Python), with 0.22ms overhead over no-auth in real MCP-over-HTTP deployment. In a real multi-agent deployment with Gemini 2.5 Flash, ...