The InCommon Certificate Authority already gives us one potential method of support for entity federation. A client could use its certificate to register with an entity registry, or to get a credential from an authorization service.
Entities as Agents
|API Security turns out to be the driver for taking up non-person entities|
Authorization policies have a fundamental structure