Hello, This is a short awareness note. I have submitted a family of Internet-Drafts on agent identity, and a few of them touch this group's territory on consent and delegated authorisation. The primary home for the work is the agent-to-agent discussion, and I am not asking anything of OAuth here; I would just rather this group knew the drafts exist than be surprised by them later.
The two most relevant: - draft-morrison-consent-settlement binds a paid read of an identity attribute about a person to a scoped, revocable consent grant the subject issued, carried as a reference in the payment payload. The consent-grant primitive is the part that overlaps your work; the payment and settlement parts sit elsewhere. https://datatracker.ietf.org/doc/draft-morrison-consent-settlement/ - draft-morrison-org-alter-policy-provision resolves an organisational policy stack as delegated runtime constraints at the moment an agent runtime identifies its principal, which is a delegated-authority shape you may recognise. https://datatracker.ietf.org/doc/draft-morrison-org-alter-policy-provision/ One further draft, draft-morrison-compute-location-gate, enforces consent-class matching at the wire layer (refusing an unconsented provenance class before any inference runs); I mention it only because the consent-class idea is adjacent, not because it belongs here. https://datatracker.ietf.org/doc/draft-morrison-compute-location-gate/ I intend to discuss all of this on the agent-to-agent list, and I am following 126 remotely. If anyone here sees a consent or authorisation primitive I have reinvented badly, I would be grateful to be told. Thank you, Blake Morrison Alter Meridian Pty Ltd [email protected] _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
