{"schema_version":"0.1","last_updated":"2026-04-30","canonical_url":"https://www.sattyamjjain.in/identity-posture","layers":[{"id":"directory-okta","title":"Directory — Okta for AI Agents","status":"GA","ga_date":"2026-04-30","primary_source":"https://www.okta.com/newsroom/press-releases/showcase-2026/","posture":"Opt-in module in the consulting starter from 2026-04-30. Existing engagements get a single-line patch that binds capability leases to Okta NHI tokens."},{"id":"cryptographic-did","title":"Cryptographic identity — DID + Verifiable Credential","status":"live","primary_source":"https://www.w3.org/TR/did-core/","posture":"/api/quote already accepts agent_identity.did + agent_identity.verifiable_credential (schema v0.1, 2026-04-29). Server logs the VC; cryptographic verification is on the v0.4 schema roadmap."},{"id":"capability-lease","title":"Per-call authorization — capability-lease envelope","status":"live","primary_source":"https://www.anthropic.com/features/project-deal","posture":"Every consulting engagement ships with a signed-capability-lease envelope, an audit-emit channel, and a public /api/quote endpoint. Lease shape is documented in /api/quote/schema.json (draft 2020-12)."}],"references":["https://www.okta.com/newsroom/press-releases/showcase-2026/","https://www.w3.org/TR/did-core/","https://www.anthropic.com/features/project-deal","https://www.cloudflare.com/press/press-releases/2026/cloudflare-launches-mesh-to-secure-the-ai-agent-lifecycle/","https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-reimagines-security-for-the-agentic-workforce.html"]}