Meiling — this is a useful enumeration, and I want to make sure AAuth is on
your radar as you refine it.

Several of the use cases you list — verifiable delegation chains, distinct
agent identity, least-privilege-per-step, and continuous / just-in-time
authorization — are things AAuth (draft-hardt-oauth-aauth-protocol)
addresses natively rather than as bearer-token extensions. AAuth is
PoP-native, with no bearer tokens, pre-registered clients, or redirect
bootstrap. That changes the shape of several problems your extension drafts
target: agent-vs-user differentiation and confused-deputy prevention fall
out of PoP-bound agent identity, and short-lived PoP credentials remove
much of the standing-token surface that agent-revocation is trying to
manage.

I'll be in Vienna and happy to compare notes and discuss.

/Dick


On Mon, Jul 6, 2026 at 7:17 AM [email protected] <
[email protected]> wrote:

> Hi Rifaat, Hannes:
>
> I would like to request a slot at the IETF 126 OAuth WG session to present:
>
> 1、10mins for 
> draft-chen-oauth-agent-authz-use-cases,https://datatracker.ietf.org/doc/draft-chen-oauth-agent-authz-use-cases/
>
> 2、10mins for draft-chen-oauth-roadmap-01,  
> https://datatracker.ietf.org/doc/html/draft-chen-oauth-roadmap-01
>
> 3、10mins for Series of Oauth2.0 extension drafts: 
> draft-chen-oauth-agent-revocation-00 
> draft-chen-oauth-scope-agent-extensions-00 
> draft-chen-oauth-rar-agent-extensions-01
>
> Best,
> Meiling
>
> ------------------------------
> [email protected]
>
>
> *From:* Rifaat Shekh-Yusef <[email protected]>
> *Date:* 2026-06-21 06:42
> *To:* oauth <[email protected]>
> *Subject:* [OAUTH-WG] Call for topics for Vienna
> All,
>
> As per the preliminary agenda, we have two OAuth sessions at:
> Thursday, 2:00-4:00pm
> Friday, 9:00-11:00am
>
> If you have not done so already, let us know, as soon as possible, if you
> have a topic that you would like to present and discuss in Vienna.
>
> Regards,
>  Rifaat & Hannes
>
> _______________________________________________
> OAuth mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to