Hi Agent2Agent folks, I've updated draft-yao-agent-auth-considerations-01, Further considerations on AI Agent Authentication and Authorization Based on OAuth Extension.
https://datatracker.ietf.org/doc/draft-yao-agent-auth-considerations/ This draft primarily considers the AuthN and AuthZ issues for multiple scenarios in agent communication networks, including agent to agent communication, agent to API proxy server(MCP server) communication, and delegated communication, etc. -01 adds more security considerations, including Agent Impersonation during Discovery, Excessive Attribute Disclosure, and Token Replay and Intermediary Exfiltration. There might be more issues related and need to be considered. Welcome for review and comments. Best regards, Kehan
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
