Open Research Problems

What is a bot?: A formal definition of a bot is still TBD.

What is Trust?: Establishing what constitutes "trusted" behavior or "trustworthy" agents is left to implementers and policy decisions outside this protocol.

Multi-user OBO agent : Authentication for agents that act on behalf of multiple users simultaneously is not addressed in this specification.

Server-side vs client-side bot architecture: The specification does not differentiate between centrally-hosted bots and locally-run agents originating from end-user devices.

Reputation systems: Mechanisms for tracking bot behavior history or maintaining reputation scores across services are not included.

Bot impersonation: Detecting or preventing bots from falsely claiming another bot's identity is outside the core authentication scope.