The Age of Agent Experience

The popularity of agents that run from users' devices is going to push sites that don't have logins to add them and sites with logins to add tougher captchas.

Not to take the bait on this bit of content marketing (&quot;the future of agents is OAuth, says company that sells OAuth solution&quot;), but: I disagree with the premise that agents should basically use the same APIs and auth mechanisms that humans &amp; apps currently use.<p>I realize there&#x27;s a strong impulse to not &quot;reinvent the wheel,&quot; but what we have currently is unsustainable. Specifically, the fact that every API uses a slightly different REST API and its own unique authentication &amp; authorization workflow. It worked fine for the days when application developers would spend a few weeks on each new integration, but it totally breaks down when you want to be able to orchestrate an agent across many user-defined services.<p>I think a simple protocol based on JSON and bog-standard public key encryption could allow agents to coordinate and spend credits&#x2F;money based on human-defined budgets.

We&#x27;re finally putting the &#x27;agent&#x27; in &#x27;user agent&#x27;

Back when REST was a new hot buzzword and people were debating its true meaning, I remember thinking that some of the arguments for HATEOAS only really made sense if your client apps were going to be some kind of AI graph navigators. So I wonder if being particular about HATEOAS makes more sense now?

Good read, thanks for sharing! I&#x27;d love for OAuth to be augmented with agent-friendly scopes. Completely agree that it&#x27;s a standard that doesn&#x27;t need to be reinvented. But in how things are today, there&#x27;s two broad areas where OAuth doesn&#x27;t quite cut it:<p>1) long tail of websites that don&#x27;t have APIs, so the only way for an agent to interact with them on the user&#x27;s behalf is to log in more conventionally, and<p>2) even if a website has APIs, there may be tasks to be done that are outside the scope of the provided APIs.<p>Thoughts?

I also think OAuth could be used to better serve AX in the age of agent, but before the whole industry find the PMF, shall we not leave the humans (us) behind? Thus I made one for breaking the grip of big IdPs and offer a more secure and easier authentication solutions for humans [1].<p>You can find its dogfooding demo on the Show HN [2].<p>[1]: <a href="https:&#x2F;&#x2F;sign-poc.js.org" rel="nofollow">https:&#x2F;&#x2F;sign-poc.js.org</a><p>[2]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42076063">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42076063</a>

How does computer use APIs affect this? Isn&#x27;t the whole idea that a UI that a human can use should also be usable by an agent without a lot of special accommodation made? For high volume automation and API is a lot more efficient, but for lots of typical automation (automating what would take a human 20-30 minutes of work to do themselves) this doesn&#x27;t matter too much.

hm. API stands for Application Programming Interface. Which IMO is not same as Application Agentic Interface.. similar to how it is not Application&#x27;s Human Interface. Maybe closer than that.<p>But, parsing documentation? And, believing it blindly? hah. Maybe ressurect Semantic web as well..

AI agents do not have agency. This is just another sloppy and disturbing way that AI people show their disrespect or incompetence about the nature of humans.<p>If you think AI has agency then you must think all software has agency. AI is just software.<p>To those of you who say humans are just software: try deactivating a human and see what happens. Note that this is a different experience than deactivating AI.

Thank you for sharing!