Hi all,
I've submitted an individual Internet-Draft, draft-emerson-oauth-user-mediated-delivery-00, that proposes a complementary authorization primitive for the framework described in draft-klrc-aiagent-auth-02. https://datatracker.ietf.org/doc/draft-emerson-oauth-user-mediated-delivery/ The framework provides a strong foundation for composing existing standards to address AI agent authentication and authorization. My I-D focuses on a structural gap in the authorization model: all credential delivery flows described in the draft (Authorization Code Grant, Client Credentials, CIBA, cross-domain chaining, and token exchange) deliver credentials through automated channels controlled by the agent or its platform. The user approves, but the delivery itself is automated. The I-D proposes user-mediated credential delivery, in which the authorization decision and credential delivery occur in the user's trusted context, separate from the agent's execution environment. This provides a structural defense against prompt injection at the authorization layer. The document covers four methods that complement the framework: 1. User-mediated credential delivery: directly addresses the gap noted in Section 9.7, where the authors observe that CIBA "doesn't map well to cases that envision the need for User confirmation to occur mid-execution." 2. Self-describing connection credentials: complements the Section 9.10 discovery mechanisms with connection-level discovery. 3. Caller-identity consent differentiation: enables independent per-user consent for different caller classes (human, platform AI, external agent) at unified endpoints. 4. Discovery-by-introspection: delivers scope-filtered operational metadata, including field-level request schemas, complementing the static infrastructure discovery in Section 9.10. Section 8 of the I-D maps how these methods strengthen each process defined in the framework (Sections 7 to 10). The methods described are patent pending, and an IPR disclosure has been filed. I’m happy to discuss any of the points raised. Best regards, Christopher Emerson [email protected] agentadmit.com
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
