Hi all,

I've submitted an individual Internet-Draft,
draft-emerson-oauth-user-mediated-delivery-00, that proposes a
complementary authorization primitive for the framework described in
draft-klrc-aiagent-auth-02.


https://datatracker.ietf.org/doc/draft-emerson-oauth-user-mediated-delivery/


The framework provides a strong foundation for composing existing standards
to address AI agent authentication and authorization. My I-D focuses on a
structural gap in the authorization model: all credential delivery flows
described in the draft (Authorization Code Grant, Client Credentials, CIBA,
cross-domain chaining, and token exchange) deliver credentials through
automated channels controlled by the agent or its platform. The user
approves, but the delivery itself is automated.


The I-D proposes user-mediated credential delivery, in which the
authorization decision and credential delivery occur in the user's trusted
context, separate from the agent's execution environment. This provides a
structural defense against prompt injection at the authorization layer.


The document covers four methods that complement the framework:

   1. User-mediated credential delivery: directly addresses the gap noted
   in Section 9.7, where the authors observe that CIBA "doesn't map well to
   cases that envision the need for User confirmation to occur mid-execution."
   2. Self-describing connection credentials: complements the Section 9.10
   discovery mechanisms with connection-level discovery.
   3. Caller-identity consent differentiation: enables independent per-user
   consent for different caller classes (human, platform AI, external agent)
   at unified endpoints.
   4. Discovery-by-introspection: delivers scope-filtered operational
   metadata, including field-level request schemas, complementing the static
   infrastructure discovery in Section 9.10.

Section 8 of the I-D maps how these methods strengthen each process defined
in the framework (Sections 7 to 10).


The methods described are patent pending, and an IPR disclosure has been
filed.


I’m happy to discuss any of the points raised.


Best regards,
Christopher Emerson
[email protected]
agentadmit.com
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to