Agent2Agent Protocol, IBM Vault, & OAuth 2.0 On-Behalf-Of

I wrote a blog on using AI agent authorization with Agent2Agent protocol and IBM Vault that focused on setting up Vault as an OIDC provider to authenticate and authorize requests from an Agent2Agent client to a server. While it works, the post missed something rather critical: identity delegation. Basically, if I am an end user, I want to delegate my Agent2Agent (A2A) client to act on my behalf to access the A2A server. It turns out a number of folks in the agent identity space Microsoft Entra A