Age Assurance on the Internet: Identity, Privacy, and the Limits of Verification This episode explores age assurance on the internet, where digital identity, privacy, and policy collide. Heather explains why age verification, age estimation, and age assurance are not the same, and why platforms, regulators, and standards bodies are all converging on this complex problem. Discover how current approaches range from self-reported birth dates to cryptographic credentials and browser-level checks. The episode highlights the trade-offs between accuracy, data minimization, interoperability, and security, and why protecting minors online can reshape identity infrastructure across the web.

“Think of the children!” is a powerful argument. But building age verification into the internet raises real questions for privacy and identity systems. I took a closer look at where age assurance stands today.

I am the adultiest adult to ever have adulted. Annual exam AND dental appointment all in one day! Wooooo! I am now going to go back to avoiding acting like a grown-up for the rest of the day. Neener neener!

When AI Agents Start Shopping: The Emerging Architecture AI agents can now research products and make purchases. What does that mean for identity, payments, and liability in agentic commerce?

Now with a link that works: sphericalcowconsulting.com/2026/04/07/w...

When AI Agents Start Shopping: The Emerging Architecture of Agentic Commerce Heather Flanagan explores how AI agents are moving from browsing the web to buying on behalf of users, and what that shift means for online payments, identity, and digital trust. The episode examines mandates, delegated authority, liability, and the browser’s evolving role in agentic commerce. It also considers why identity standards, consent, and audit evidence matter as AI shopping becomes more common.

When AI agents start buying things online, the web’s architecture gets interesting. Identity, payments, delegation, liability... all suddenly matter in new ways. A few thoughts on the emerging world of agentic commerce.

LISTEN | IDAC

Just recorded (and now live!) on the IDAC podcast 🎙️

Thanks to Jeff and Jim for a sharp, enjoyable conversation. It’s always an honor to be on the best identity-focused podcast.

www.identityatthecenter.com/listen/episo...

Two deer resting in the side yard.

It’s a super low key day. Just ask my neighbors.

Excellent choice!

oooh, a second April 1st RFC! This is a subtle one: RFC 9949, BUSA-TLS: Mandatory Audio Component (MAC) Pre-Shared Key (PSK) Derivation for TLS 1.3 Using 2 Live Crew's "Banned
in the U.S.A."

www.rfc-editor.org/info/rfc9949

I wish there were a good answer here. The tension between competing regulations and what's technically possible makes this a nightmare for any company that has to deal with it. I do actually have a post coming out about it on April 14.

(Sorry I didn't respond on thread; interaction was restricted)

I was worried we wouldn't see an April 1st RFC this year, but they've come through! RFC 9948: Internet Protocol Police (IPP) - Schedule of Punishments

www.rfc-editor.org/info/rfc9948

AI Browsers and the Web User Agent: What Might Need to Change? Heather Flanagan explores how AI-enabled browsers challenge the traditional definition of web user agents and what this means for digital identity, web architecture, and standards. As browsers evolve from passive tools to active agents, long-standing assumptions about user representation and control are being tested. This episode examines the implications for user safety, automation, and accountability across the web ecosystem. It highlights emerging questions around transparency, permissions, and governance, offering insight into how standards bodies and developers may need to adapt to ensure browsers continue to prioritize and protect user interests.

Last time I asked whether AI-enabled browsers fit the W3C definition of a Web User Agent.

Short answer: mostly yes.

But that raises the more interesting question: What needs to change in the Web Platform Design Principles to make that answer a comfortable yes?

Some thoughts.

When Browsers Start Acting for You: AI Browsers and the Definition of a Web User Agent Heather Flanagan explores how AI browsers are reshaping the definition of a web user agent, challenging long-standing web architecture principles around user control, consent, and interaction. As AI-driven features evolve from assistance to autonomous action, the browser’s traditional intermediary role begins to shift in subtle but important ways. She examines key questions around delegation, accountability, and intent, including how browsers acting on behalf of users blur the line between human interaction and automation. This discussion highlights why emerging AI capabilities in web browsers demand early attention from digital identity, security, and standards communities.

Right now, we’re calling them “AI browsers.”

But like most things labeled AI, that name probably won’t last. Soon they’ll just be… browsers.

Which makes this question worth asking now: if a browser starts acting on your behalf, does it still fit the W3C definition of a Web User Agent?

Maybe.

We'd love to hear your perspective as part of the short interviews (25 minutes) that we are conducting. Please let us know if you or someone you know would like to participate, here, via private message, or by email: info @ dokie.li

#journalism #research #writing

dokieli (@dokieli@w3c.social) Calling all journalists, researchers, and technical writers:

As part of our development roadmap, we'd love to hear about your current day to day workflow, from your research to your publishing process.

To all the independent journalists out there, a colleague of mine has a request, if you have a few minutes and are open to chat about your process:

Photo of a bag of stickers called “Daily Dose of Sarcasm”

So many options. 🤓

I'm going with King Tutankhanyan and Count Catcula. 😻

An excellent suggestion!!!

Two stickers: one with a cartoon cat saying "It's Fine. I'm Fine. Everything is Fine." and the other with the Grim Reaper wearing a hard hat asking "But Did You Die?"

The protective case for my new laptop arrives today, which leaves me with some very important decisions to make.

What stickers go on the new case?

(In addition to these two, of course)

*lol*

There are oodles of great nuggets in the @aaronfrancis.com
keynote from the Commit Your Code conference. Some that really resonate for tech blogging…

Making Sense of ISO, IEC, and the Standards Maze Heather Flanagan explores the complex world of ISO and IEC standards and why these global organizations play a critical role in digital identity infrastructure. From national body participation models to the scale of international standardization, this episode examines how these institutions shape technology far beyond traditional open standards communities. Discover how structures like ISO/IEC JTC1, the PAS transposition process, and national standards bodies influence digital wallets, mobile credentials, and regulated identity systems. Heather explains why identity architects must understand both open standards and ISO/IEC governance as digital identity increasingly intersects with government policy and global interoperability.

If you work in digital identity, you will eventually run into ISO and ISO/IEC work. This guide breaks down how ISO, IEC, and JTC 1 actually operate, and why participation and timelines often feel very different from more open SDOs.

Shopify is preparing for AI shopping agents to change everything, exec says | TechCrunch Shopify is preparing for an ecommerce transformation via AI shopping agents, says president Harley Finklestein.

Shopify is preparing for an ecommerce transformation via AI shopping agents, says president Harley Finklestein.

“I take it the other 9 in 10 aren’t retiring at all?” Kara Schulz, Scaffolding Expert

Poll: Nearly 1 In 10 Adults Have Postponed Retirement Due To Healthcare Costs theonion.com/poll-nearly-1-in-10-adul...

Well, that was annoying. It was very wet, heavy snow, so quite a few plants (my lilac and rosemary bushes in particular) are broken. Booooo.

It’s pretty, but I’m glad I’m not outside.

How NOT to Get Your Conference Submission Binned Heather Flanagan explores why conference submissions succeed and why many proposals get rejected during call for proposals review. As a content chair, she shares what reviewers look for in an abstract, including clear outcomes, audience fit, and authentic voice over generic buzzwords. Get actionable guidance on using generative AI to polish—not replace—your ideas, plus tips for sharper titles and stronger structure. She also explains how to avoid vendor pitches, spell out acronyms, match format to scope, and use the space provided so your conference proposal stands out.

How NOT to Get Your Conference Submission Binned

Heather Flanagan explores why conference submissions succeed and why many proposals get rejected during call for proposals review. As a content chair, she shares what reviewers look for in an abstract, including clear outcomes, audience fit, and…

Designing Digital Wallets for Reality: Where Selective Disclosure and ZKPs Fit Heather Flanagan explores how digital identity wallets are shifting from experimental concepts into real infrastructure, as selective disclosure and zero knowledge proofs move from theory into production. Drawing on recent policy, payments, and wallet deployments, she frames the architectural decisions now facing teams building privacy-preserving identity systems. The episode examines where system complexity lives, how correlation risk emerges at scale, and why operational realities matter more than minimal pilots. It highlights trade-offs between credential models, cryptographic approaches, and long-term sustainability for regulators, enterprises, and ecosystem designers.

Digital wallets are moving into production — and suddenly the difference between selective disclosure and ZKPs really matters. Here's a practical look at where the complexity actually lands.