In previous posts on Agentic AI and Sovereign AI, I have been a bit loose in defining what I mean by “the real person”. This laziness reflects the fact that in most transactions we just don’t care about the “who” provided the risk of the transaction is mitigated.

• For an in-store visit, if the payment card clears (or cash is not counterfeit), then jog along, purchaser! - No need to know who you are.

• For an online purchase, if the card clears credit checks, we bank the money and add the ‘profile’ to our CRM or CDP, regardless of who used the card.

• For a restricted purchase (a knife, chemicals, prescription), we get a tick in a box, a cross-my-heart-and-hope-to-die assurance, and that’ll do.

Afterwards, our marketing colleagues attempt to assemble a profile of a ‘buyer’ from the mishmash of card transactions, deliveries to the same address, and heuristics about purchasing patterns, to create an ‘identity’ that we can target with offers. Generally though we wouldn’t bet that we know “who” the person is. In short, identity is inferred and is a secondary consideration to spamming.

Agentic commerce demands more, and in parallel, regulatory moves are looking at e-identity while the open web grapples with free speech and “who” is the person speaking, filming or voting.

In this post I’ll consider:

1. the elements of ‘being me’ - the meat, the behaviours and attributes, and the rights and access levels

2. the systems for ‘being me’ and how they might interact with Agentic AI

3. a couple of examples of such systems in use

4. whether there’s a direction of travel of relevance to D2C businesses.

Me, Myself, I

Identity has a number of facets, and to borrow the emphatic phrase from Billy Holiday’s 1937 hit, “Me, Myself and I (are all in love with you)”1, there are at least three dimensions to how we define ourselves…

In approaching these distinctions, I’m drawing on “NAB - Need, Attitude, Behaviour” segmentation, where we would assess our approach to a consumer based on NAB. For example, in a grocery setting, the three aspects of a customer buying oven-ready pizzas from the chilled cabinet might be:

• Need: I am feeding my family of four (two adults, two teens), so the need is for two whole pizzas for tonight’s meal.

• Attitude: I want quality ingredients, low salt, from a well-known premium brand.

• Behaviour: I will generally be swayed by a 3-for-2 offer on organic products; otherwise, I ignore cross-trade or down-trade offers.

If I look to identify, uniquely and reliably, the carbon-based unit at the heart of these attributes, I see (at least) three definitions, riffing off the Me, Myself and I differentiation, namely:

1. Me: the human lump of meat. The body wrapped in skin. This is the “thing” that can only be in one place at a time, that gets on a plane, that would be incarcerated, that feels pain and joy. Me is the human body.

2. Myself: the roles that life gives me. Facets of Me, but not the whole Me

3. I: the activities and agency, my actions, credentials and permissions.

I have completed a quick table of the different elements - usage, authority, etc - below, but it’s clear to me that any identity system in the “Me” column needs to interact with (and be able to store) the role-based attributes in the “Myself” column, as well as tracking and supporting the activities in the “I” column. Indeed, it sounds very much like a modern wallet, but linked to an identity system.

Combining into a single entity

From Kim Cameron’s 2005 paper on identity2 to Christopher Allen’s 2016 article on “The Path to Self-Sovereign Identity”3 we have seen a previously niche, technology-focused discussion come into the mainstream, enabled by advances in blockchain, legislation and interoperation. Building on those concepts, and looking at our options today, can we craft a “me” that can function in the mess of options and be a secure approach for the future?

A ‘homebrew’ approach could be fashioned, but it’s still in the realm of the individual tech-savvy ‘prepper’. A unified approach might be as follows, creating a stack inspired by India’s Aadhaar e-identity system.

Core Components:

1. Decentralised Identifiers (DIDs) - Unique, self-controlled identifiers not dependent on central authorities

2. Verifiable Credentials (VCs) - Cryptographically signed digital statements about subjects that can be verified without contacting the issuer

3. Digital Wallets - User-controlled storage for credentials on personal devices

4. Distributed Ledger/Blockchain - Immutable registry for DIDs, credential schemas, and revocation lists.

If we overlay these components on the 3-part model above, then we can see how both Aadhaar and SSI could accomplish this identity and action model now. For comparison, I’ve added the Estonian, EU and Singaporean approaches to e-identity.

Un-ease of use

If I were more technical and capable of digital homebrew, I might be more excited by the above, but to me it’s still a primordial soup of early-stage standards that do not interoperate or provide a simple wrapper. Importantly, I’m not sure that I’d trust a single issuer, nor any data repository (in the month that even the mighty AWS had outages), nor my own ability to set up and manage the identity components.

Furthermore, to operate at ‘agentic speed’, each agent would need to have its own DID, complete with authority parameters and permissions.

An example setup for agentic identity and delegated authority to ‘bind the human’

If we are going to allow digital agents to bind, commit, implicate and serve a certified authentic human entity, then an approach might be:

1. Human establishes foundational identity via government-issued biometric credentials (Me layer) stored in a digital wallet

2. Human receives role credentials from the employer, family registry, or professional bodies (Myself layer), linked to the same DID

3. Human grants specific permissions to AI agent via signed verifiable credential: “Agent-X may access my work email, limited to 100 messages per day, revocable at any time” (I layer)

4. Agent receives its own DID and time-limited credential signed by the human’s DID, creating an auditable delegation chain

5. Agent acts autonomously within scope, with every action logged under its agent identity but traceable back to human authority

6. Verification happens in real-time without revealing the human’s full identity - the only requirement is that proper delegation exists

7. Human can revoke agent permissions instantly through their digital wallet, terminating the agent’s authority immediately.

Again, there’s one happy, working path - and many branches of grief! However, it serves as a starting point, albeit a conceptual one.

Where next?

The main point to illustrate here is that agentic commerce can only be effective where the human is “properly constituted” and the agents are correctly configured, enabled, permissioned and bound to the human. We are still a long way from this right now (although multiple paths are already visible). However, until we have the identities, rights and resources needed, the claims of agentic commerce are no more than the current distance selling regulations and customer-not-present credit card transactions - albeit at speed.

In future posts I will look at examples of these identities, authorities and issuing organsations, along with situations where identity beyone the current card number, post-code and CVV systems are already in play.

Your thoughts

Please let me know if you see any other, more suitable constructs for representing the ‘whole human’ digitally in a modern, non-geeky way, and how this identity can be linked to agentic and sovereign AI. I’m all ears!

Thanks for reading In No Particular Order from Ian Jindal! Subscribe for free to receive new posts and support my work.

Share In No Particular Order from Ian Jindal