RFC 8693 (token exchange)
The standard that lets one token be exchanged for another with attenuated scope: the basis for verifiable agent-to-agent delegation.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Scope attenuation
Narrowing permissions at each delegation hop so a sub-agent can never hold more authority than the agent that delegated to it.
Read →Shadow agents
Agents running across clouds, IDEs, and SaaS that no one inventoried or assigned an owner: the unmanaged majority of an enterprise's agent footprint.
Read →SPIFFE / WIMSE
Open standards for verifiable workload identity. Highflame extends them with agent-shaped claims for delegation, trust, and attribution.
Read →Trust tier
A provenance-based level on an agent's identity (first-party/attested, verified third-party, or unverified) that gates what the agent is eligible for and tightens its policy. It is a verified input to every decision, never a bypass: each action is still authorized per request, so there is no implicit trust.
Read →ZeroID
Highflame's open-source agent identity core (Apache 2.0), built on OAuth 2.1, SPIFFE/WIMSE, and RFC 8693: the inspectable foundation beneath Highflame Identity.
Read →A2A (Agent-to-Agent)
Communication where one agent delegates work to, or calls, another agent. Each hop has to carry identity and narrow scope. Or authority leaks down the chain.
Read →