Meiling — this is a useful enumeration, and I want to make sure AAuth is on your radar as you refine it.
Several of the use cases you list — verifiable delegation chains, distinct agent identity, least-privilege-per-step, and continuous / just-in-time authorization — are things AAuth (draft-hardt-oauth-aauth-protocol) addresses natively rather than as bearer-token extensions. AAuth is PoP-native, with no bearer tokens, pre-registered clients, or redirect bootstrap. That changes the shape of several problems your extension drafts target: agent-vs-user differentiation and confused-deputy prevention fall out of PoP-bound agent identity, and short-lived PoP credentials remove much of the standing-token surface that agent-revocation is trying to manage. I'll be in Vienna and happy to compare notes and discuss. /Dick On Mon, Jul 6, 2026 at 7:17 AM [email protected] < [email protected]> wrote: > Hi Rifaat, Hannes: > > I would like to request a slot at the IETF 126 OAuth WG session to present: > > 1、10mins for > draft-chen-oauth-agent-authz-use-cases,https://datatracker.ietf.org/doc/draft-chen-oauth-agent-authz-use-cases/ > > 2、10mins for draft-chen-oauth-roadmap-01, > https://datatracker.ietf.org/doc/html/draft-chen-oauth-roadmap-01 > > 3、10mins for Series of Oauth2.0 extension drafts: > draft-chen-oauth-agent-revocation-00 > draft-chen-oauth-scope-agent-extensions-00 > draft-chen-oauth-rar-agent-extensions-01 > > Best, > Meiling > > ------------------------------ > [email protected] > > > *From:* Rifaat Shekh-Yusef <[email protected]> > *Date:* 2026-06-21 06:42 > *To:* oauth <[email protected]> > *Subject:* [OAUTH-WG] Call for topics for Vienna > All, > > As per the preliminary agenda, we have two OAuth sessions at: > Thursday, 2:00-4:00pm > Friday, 9:00-11:00am > > If you have not done so already, let us know, as soon as possible, if you > have a topic that you would like to present and discuss in Vienna. > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
