AxioRankZero-Trust for AI Agents
Open the console

Authorization plane

OpenID AuthZEN

Resolve a Policy Decision Point's /.well-known/authzen-configuration and flag off-domain access-evaluation endpoints.

View coverage matrixRead the spec

Live in the gateway today.

What it answers

What may it do, and on whose behalf?

OpenID AuthZEN sits in the authorization plane of the agent-interop stack. What may it do, and on whose behalf? AxioRank tracks it as one row in a coverage matrix that spans six planes, from discovery and identity to authorization, content permission, and commerce.

Plane

Authorization

Status

live

Direction

outbound

How AxioRank handles it

Governed, not just listed.

Live in the gateway today. Outbound: when the agents you run reach out to other agents and services.

Read the OpenID AuthZEN specification

More authorization protocols

Related protocols

OAuth Protected Resource (RFC 9728)

Resolve protected-resource metadata to score a target's auth posture and named authorization servers.

Open

Auth.md

Audit an agent-onboarding/credential-claim manifest and its identity providers.

Open

AP2 Mandates

Verify W3C Verifiable Credentials binding agent intent to user authorization.

Open

Cross-App Access (ID-JAG)

Detect Identity-Assertion Authorization Grant (ID-JAG) support in OAuth metadata and assess the cross-app token-exchange posture (MCP authz SEP-990).

Open

DPoP (RFC 9449)

Detect sender-constrained (proof-of-possession) token support in OAuth metadata. DPoP makes a stolen agent token useless.

Open

All protocols

The full coverage matrix across six planes.

Open

Govern the whole agent stack

AxioRank verifies identities and capabilities across the agent ecosystem, from discovery to commerce. See the full coverage matrix, machine-readable.

View coverageRead the docs