Dear OAuth Working Group, We would like to request your opinions on this draft: https://datatracker.ietf.org/doc/draft-gerber-oauth-deferred-token-response/
This document proposes an opt-in mechanism to convert OAuth grants into asynchronous processes - extracting the polling and notification mechanisms defined in device authorization and CIBA grants into a generic mechanism that can be applied to any grant type. This asynchronous deferral mechanism empowers the authorization server to deal with authorization decisions that cannot complete synchronously: - Fraud Prevention: Sensitive operations may trigger manual review by parties other than the resource owner. - ID Verification: Users may submit copies of physical credentials during onboarding or step-up. Verification by the authorization server (or a third party acting on its behalf) can take hours. - Autonomous Agent Authorization: An agent acting on behalf of a user may request access beyond what was provisioned at enrollment, requiring out-of-band approval before the request can be granted. Slides comparing this draft to CIBA, specifically for human-in-the-loop cases for AI Authorization can be found here <https://maxgerber.com/slides/ciba-vs-dtr-may-2026.html>. This recent IETF draft evolved from an earlier draft <https://github.com/gniero/oidc-dtr-resources/tree/main> of the same name in the OIDF after we realized the proposed mechanism was suitable for a wider range of use cases. Additionally, the draft seeks interoperability with the AuthZEN Access Request and Approval Profile Draft <https://openid.github.io/authzen/authzen-access-request-approval-profile-1_0.html>, which adds an asynchronous requesting flow to AuthZEN systems as well. The draft was presented recently at IIW #42. Both Frederik and Max will be present for IETF 126 and are hoping for feedback from the working group. Thank you, Frederik, Guilherme, and Max
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
