**Session Date/Time:** 21 Jul 2025 15:00

```markdown
# webbotauth

## Summary
The webbotauth BOF session explored the need for cryptographic bot authentication on the web. Presentations highlighted use cases from Cloudflare, Spiral, BBC, Vercell, Google, and OpenAI, focusing on origin controls, workload identity, content licensing, bot protection, crawler policies, and agent interactions. The discussion centered on the scope of a potential working group, specifically addressing the identification of bots versus human users, the role of AI agents, and trust mechanisms. Participants expressed interest in refining the charter and contributing to the development of a solution.

## Key Discussion Points

*   **Need for Bot Identification:**  A significant portion of web traffic is generated by bots, leading to challenges in access control, resource management, and content licensing.
*   **Current Limitations:** Existing methods for identifying bots (user agent, IP addresses, reverse DNS) are unreliable and create operational issues.
*   **Use Cases:**  Presentations covered various use cases, including origin controls, workload identity, content licensing, bot protection, and crawler management.
*   **Scope Definition:**  Significant discussion focused on defining the scope of the potential working group, particularly regarding the distinction between bots and human users, AI agents, and whether the effort should cover internal agents.
*   **Trust and Reputation:**  The discussion touched on trust mechanisms, including asymmetric cryptography, and the desire to avoid centralization. Concerns were raised about consolidating force pushing people to use services that provide the kind of functionality. The role of reputation systems and their potential inclusion (or exclusion) from the working group's scope was also debated.
*   **Potential IETF Work:**  Many participants thought that working at the IETF to solve this problem was valuable and potentially useful.
*   **Charter Concerns:** Concerns over fuzzy charter language, vague problem statement, and lack of clear objectives.
*   **AI Agent scope:** Differing views on whether AI agents are in scope.

## Decisions and Action Items

*   **Charter Revision:** The chairs will revise the charter based on the feedback received during the session. The revisions will focus on clarifying the scope, particularly regarding the distinction between bots and human users, the role of AI agents, and the consideration of trust mechanisms.
*   **Encourage Proposal Discussion:** The chairs will encourage further discussion of existing proposals on the mailing list to provide a concrete basis for future discussions.
*   **Google Doc Permission Fix:** The chairs will fix the permission in the Google Doc to make it accessible for edits.

## Next Steps

*   **Mailing List Engagement:** Participants were encouraged to subscribe to the mailing list and contribute to the discussion.
*   **Charter Refinement:** The revised charter will be circulated on the mailing list for further feedback.
*   **Subsequent Discussion:**  The discussion will continue on the mailing list and in future meetings.