Architecture AI Updates: June 19, 2026

1. Identity and Access Patterns for Multi-Agent Workflows at Uber

InfoQ, in a report by Eran Stiller, examines how Uber and Auth0 are rethinking access control for AI agents that delegate work and call internal tools. Uber applies a Zero Trust architecture built from an Agent Registry, a Security Token Service, and an MCP Gateway, where each agent uses local metadata, inbound context, destination audience, and a SPIRE-issued workload identity to request single-hop, short-lived, audience-scoped tokens rather than shared credentials. A key pattern is actor chain propagation, which preserves the full chain of participants across workflow hops so downstream systems can authorize on both the originating user and the acting agent, while Auth0’s Cameron Pavey proposes capability-scoped permissions, task-scoped credentials, and layered enforcement to limit blast radius without sacrificing agent autonomy. Source