# Open Research Problems

1. **What is a bot?:** A formal definition of a bot is still TBD.
2. **What is Trust?:** Establishing what constitutes "trusted" behavior or "trustworthy" agents is left to implementers and policy decisions outside this protocol.
3. **Multi-user OBO agent :** Authentication for agents that act on behalf of multiple users simultaneously is not addressed in this specification.
4. **Server-side vs client-side bot architecture:** The specification does not differentiate between centrally-hosted bots and locally-run agents originating from end-user devices.
5. **Reputation systems:** Mechanisms for tracking bot behavior history or maintaining reputation scores across services are not included.
6. **Bot impersonation:** Detecting or preventing bots from falsely claiming another bot's identity is outside the core authentication scope.