The agent identity problem nobody is talking about yet

Genuine question I've been working through. Right now agent-to-agent auth is mostly API keys, OAuth, maybe mTLS. That works when agents operate within one platform. But the industry is heading toward autonomous agents crossing ecosystem boundaries. The A2A protocol just moved to Linux Foundation governance. NIST launched the AI Agent Standards Initiative. The gap I keep running into: existing auth verifies the client application, not the agent itself.