This blog is simple summary of OpenID TechNight vol.23 ~ AI x API x Enterprise, organized by the nov-san, a member of OpenID Foundation Japan. This event focused on something many teams are starting to face: AI agents are becoming consumers of enterprise APIs, but most enterprise IAM systems were designed assuming the consumer was a human.
Whether you’re building a massive SaaS platform or a niche API, OAuth is the gold standard for authorization. In such there might arise a hurdle that every developer faces: Registration.
Every time a user clicks “Sign in with Google” or gets SSO access to a third-party app from a corporate IdP, identity crosses a trust boundary. Identity proofing happened somewhere, authentication happened somewhere else, and now another system needs to rely on that result.
NIST SP 800-63B-4 is the authentication volume of the 800-63-4 suite. It defines exactly what authenticator types qualify at each assurance level, what phishing resistance actually requires, and what your session and recovery policies need to look like.
