>
>
> Hi Meiling,
>
> Thank you for this draft. The gap analysis is a useful catalogue, and it
> matches what we see building agent access against real applications.
>
> Gap 2 in your summary ("the framework has no built-in mechanism for an
> agent to 'pause' and securely ask the user for an intermediate decision")
> is the problem I tried to address in
> draft-emerson-oauth-user-mediated-delivery-00, posted last week:
>
>
> https://datatracker.ietf.org/doc/draft-emerson-oauth-user-mediated-delivery/
>
> It proposes user-mediated credential delivery as a complementary
> primitive: the credential is delivered to the user through
> human-controlled channels, and the user hands it to the agent, so the
> authorization decision happens outside the agent's execution context.
> There is no redirect, callback, or other agent-addressable path for an
> injected instruction to exploit.
>
> The same primitive gives a concrete shape to two of your other gaps:
>
> - Gap 1 (just-in-time authorization): when an agent attempts an
> operation outside its granted scope, the system returns an error
> identifying the specific missing scope, and the escalation runs
> through the user as a renewed user-mediated grant (Section 4.2 of
> the draft). Scope changes always terminate at a human decision.
>
> - Gap 4 (revocation): grants are per-connection and validated by
> introspection on each request, so revoking one agent's access is
> immediate and does not affect other connections.
>
> I would welcome the group's thoughts on whether user-mediated delivery
> is a useful primitive for the requirements you catalogue, particularly
> the personal and consumer scenarios in section 3.1, where the end user
> rather than an enterprise administrator is the authority.
>
> Best regards,
> Christopher Emerson
>
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]