Hello,

This is a short awareness note. I have submitted a family of
Internet-Drafts on agent identity, and a few of them touch this group's
territory on consent and delegated authorisation. The primary home for
the work is the agent-to-agent discussion, and I am not asking anything
of OAuth here; I would just rather this group knew the drafts exist than
be surprised by them later.

The two most relevant:
- draft-morrison-consent-settlement binds a paid read of an identity
  attribute about a person to a scoped, revocable consent grant the
  subject issued, carried as a reference in the payment payload. The
  consent-grant primitive is the part that overlaps your work; the
  payment and settlement parts sit elsewhere.
  https://datatracker.ietf.org/doc/draft-morrison-consent-settlement/
- draft-morrison-org-alter-policy-provision resolves an organisational
  policy stack as delegated runtime constraints at the moment an agent
  runtime identifies its principal, which is a delegated-authority shape
  you may recognise.
  https://datatracker.ietf.org/doc/draft-morrison-org-alter-policy-provision/

One further draft, draft-morrison-compute-location-gate, enforces
consent-class matching at the wire layer (refusing an unconsented
provenance class before any inference runs); I mention it only because
the consent-class idea is adjacent, not because it belongs here.
https://datatracker.ietf.org/doc/draft-morrison-compute-location-gate/

I intend to discuss all of this on the agent-to-agent list, and I am
following 126 remotely. If anyone here sees a consent or authorisation
primitive I have reinvented badly, I would be grateful to be told.

Thank you,

Blake Morrison
Alter Meridian Pty Ltd
[email protected]

_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to