We recently published a new draft https://datatracker.ietf.org/doc/html/draft-diaconu-agents-authz-info-sharing-00 which discusses challenges and solutions for securely and flexibly acquiring and sharing authorization information for agents across domains. These solutions include the use of dynamic identity, interoperable claims, and verifiable credentials.
Are there additional use cases and related requirements beyond those listed in sections 4 and 5 that should be considered? Are you aware of other solution approaches targeting authorization sharing for agents across domains beyond those discussed in sections 6.1 to 6.3? Besides the discussion of requirements and solution approaches, the draft proposes a pragmatic approach based on draft-ietf-oauth-sd-jwt-vc and draft-ietf-oauth-client-id-metadata-document. This approach uses verified credentials to address decentralized authorization information for distributed agents in a structured manner. The draft reuses VCs and the associated data model, but it doesn't extend to the larger distributed identity ecosystem of W3C (i.e., DIDs) - unless you want to. Any thoughts or comments are very much appreciated. Cheers, Frank
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
