Hi all, We are writing to introduce a new Internet-Draft, "Agent Authorization Use Cases and Gap Analysis," which we believe is highly relevant to the future work of Oauth. HTMLized: https://datatracker.ietf.org/doc/html/draft-chen-oauth-agent-authz-use-cases https://github.com/Maisy-ML/Agent-Authorization-Use-Cases This draft's primary goal is not to propose a solution, but rather to clearly define the problem space. It provides a systematic analysis of emerging agent-based use cases, categorizing them into distinct scenarios (from simple assistants to complex agent swarms). For each use case, the draft details the specific authorization requirements and then performs a comprehensive gap analysis against the existing OAuth 2.0 framework and its common extensions. It aims to answer the question: "Where do current standards fall short when faced with the demands of AI agents?" Key gaps identified include challenges related to: Handling long-lived, offline, and autonomous tasks. Representing and securing complex, multi-step delegation chains. Enabling contextual and interactive user consent during a task. Providing fine-grained, task-level authorization and revocation. Managing authorization for groups or "swarms" of agents. We hope this document can serve as a foundational piece to spark a focused discussion within the working group. Feedback, comments, critiques, and suggestions are invaluable. We believe this is a crucial conversation for the future of authorization, and we look forward to discussing it with you on this mailing list. Best, Meiling
[email protected] From: internet-drafts Date: 2026-07-06 00:20 To: Chunchi Peter Liu; Jia Chen; Jiankang Yao; Meiling Chen; Peter Liu; Yuning Jiang Subject: New Version Notification for draft-chen-oauth-agent-authz-use-cases-01.txt A new version of Internet-Draft draft-chen-oauth-agent-authz-use-cases-01.txt has been successfully submitted by Meiling Chen and posted to the IETF repository. Name: draft-chen-oauth-agent-authz-use-cases Revision: 01 Title: Agent Authorization use cases and gap analysis Date: 2026-07-05 Group: Individual Submission Pages: 20 URL: https://www.ietf.org/archive/id/draft-chen-oauth-agent-authz-use-cases-01.txt Status: https://datatracker.ietf.org/doc/draft-chen-oauth-agent-authz-use-cases/ HTML: https://www.ietf.org/archive/id/draft-chen-oauth-agent-authz-use-cases-01.html HTMLized: https://datatracker.ietf.org/doc/html/draft-chen-oauth-agent-authz-use-cases Diff: https://author-tools.ietf.org/iddiff?url2=draft-chen-oauth-agent-authz-use-cases-01 Abstract: This document provides a systematic analysis of these emerging agent- based use cases. It categorizes them into distinct scenarios, details their specific authorization requirements, and performs a comprehensive gap analysis against the existing OAuth 2.0 framework [RFC6749] and its common extensions. The analysis identifies fundamental mismatches, the goal of this document is to articulate these gaps clearly, providing a foundation for future work on new extensions within the OAuth Working Group to address the authorization needs of the next generation of ai agents. The IETF Secretariat
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
