IETF Web Bot Auth

In progress

Working group standardizing cryptographic authentication for bots and AI agents on the web.

Visit website Back to catalog
Website
datatracker.ietf.org/wg/webbotauth/about
Latest update
Apr 01, 2026 Use cases draft updated
Primary approach
New infrastructure
Pipeline
Collect / Retrieve

What it is

The IETF Web Bot Auth working group is developing standards for cryptographically authenticating automated clients and conveying more information about their operators to websites. That matters for data-licensing and AI-governance workflows because stronger bot identity can make differentiated access rules, rate limits, and policy enforcement more reliable.

The group is still in an active standardization phase, with chartered work on authentication techniques, bot metadata, and operational guidance.

Limitations

Web Bot Auth focuses on authenticated bot identity and operator metadata, not on expressing reuse permissions; it is complementary to preference-signal efforts such as AIPref.

Evidence trail