Hi all, We have just submitted a new draft that extends OAuth 2.0 to support "delegated authorization" where an OAuth client applies for a "delegation token" from authorization servers and uses it to issue subordinate "delegated access tokens" with possibly reduced permissions. This creates a hierarchical token structure similar to Web PKI certificates. This allows clients to delegate (part of) resource owners' authorizations to intermediate third parties (which we call "delegated parties" in the draft).
We hope this draft helps with access control delegation for intermediaries such as AI agents that sit between the user facing application (OAuth client) and the target resource. Look forward to comments and feedbacks! Thank you! Best Regards, Ruochen -----Original Message----- From: [email protected] <[email protected]> Sent: Monday, 20 October, 2025 18:13 To: Liuchunchi(Peter) <[email protected]>; Wang Haiguang <[email protected]>; Liruochen <[email protected]>; Liuchunchi(Peter) <[email protected]>; Liruochen <[email protected]>; Li Tieyan <[email protected]>; Li Tieyan <[email protected]> Subject: New Version Notification for draft-li-oauth-delegated-authorization-00.txt A new version of Internet-Draft draft-li-oauth-delegated-authorization-00.txt has been successfully submitted by Ruochen Li and posted to the IETF repository. Name: draft-li-oauth-delegated-authorization Revision: 00 Title: OAuth 2.0 Delegated Authorization Date: 2025-10-20 Group: Individual Submission Pages: 23 URL: https://www.ietf.org/archive/id/draft-li-oauth-delegated-authorization-00.txt Status: https://datatracker.ietf.org/doc/draft-li-oauth-delegated-authorization/ HTMLized: https://datatracker.ietf.org/doc/html/draft-li-oauth-delegated-authorization Abstract: Delegated authorization enables a client to delegate a subset of its granted privileges to a subordinate access token (also known as a delegated access token). This mechanism allows the client to securely delegate authorization to a delegated party while maintaining fine-grained control over delegated permissions. The IETF Secretariat _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
