Hi Rifaat and Hannes, I'd like to request a slot to present draft-ambekar-oauth-epop. EPOP defines a transport-agnostic sender-constraining mechanism for OAuth tokens, extending proof-of-possession beyond HTTP to MQTT, Kafka, gRPC, SASL, and agentic protocols like MCP — using a client-derived cnonce for stateless validation.
I believe this is timely given the delegation chain work on the agenda. draft-liu-oauth-chain-delegation (§10.5) calls for sender-constraining of delegated tokens and recommends DPoP or mTLS — but neither covers non-HTTP transports where agentic workloads operate. EPOP fills that gap, and I also see potential alignment with WIMSE worth surfacing in Vienna. Draft: https://datatracker.ietf.org/doc/draft-ambekar-oauth-epop/ Best regards, Ashwin Ambekar On Tue, Jun 23, 2026, 10:09 AM Max Gerber <mgerber= [email protected]> wrote: > Hey Rifaat & Hannes, > > Frederik and I would like a slot to present > https://datatracker.ietf.org/doc/draft-gerber-oauth-deferred-token-response/ > . > > This work emerged from an earlier draft within the OIDF, and we are > hopeful that generalizing asynchronous authorization mechanisms within > OAuth will be worthwhile. > > > On Mon, Jun 22, 2026 at 10:47 AM 刘大鹏(鹏成) <max.ldp= > [email protected]> wrote: > >> Hi Rifaat, Hannes: >> >> I would like to request a slot at the IETF 126 OAuth WG session to >> present the following drafts: >> >> Primary: Delegation Chain for OAuth 2.0 (with Aaron Parecki, Suresh >> Krishnan): >> https://datatracker.ietf.org/doc/draft-liu-oauth-chain-delegation/ >> - Defines the delegation_chain JWT claim as a structured companion to >> the RFC 8693 act claim. While act identifies who is acting at each hop, >> delegation_chain records the full delegation lineage: per-hop policy >> constraints, delegator cryptographic confirmation, and user consent >> interaction. Supports cross-domain delegation by composing with identity >> chaining. >> >> Related updates: >> - Rego Policy Language for OAuth 2.0 Authorization (with Aaron >> Parecki, Suresh Krishnan): >> https://datatracker.ietf.org/doc/draft-liu-oauth-rego-policy/ >> - Authorization Evidence and Audit Trail for OAuth 2.0 Access Tokens (with >> Aaron Parecki, Suresh Krishnan): >> https://datatracker.ietf.org/doc/draft-liu-oauth-authorization-evidence/ >> >> These three drafts were split from the original Agent Operation >> Authorization draft per expert review comments at the previous IETF >> meeting. >> >> Estimated time: 10-15 minutes plus Q&A. >> >> Thanks, >> Dapeng Liu >> >> ------------------------------------------------------------------ >> 发件人:Rifaat Shekh-Yusef <[email protected]> >> 发送时间:2026年6月21日(周日) 06:43 >> 收件人:oauth<[email protected]> >> 主 题:[OAUTH-WG] Call for topics for Vienna >> >> All, >> >> As per the preliminary agenda, we have two OAuth sessions at: >> Thursday, 2:00-4:00pm >> Friday, 9:00-11:00am >> >> If you have not done so already, let us know, as soon as possible, if you >> have a topic that you would like to present and discuss in Vienna. >> >> Regards, >> Rifaat & Hannes >> >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
