Hi Yaron,
Thanks for raising this. I agree with your point that "it may be time to 
revisit that position, particularly given the increased focus on workload 
authorization and AI agents operating as workloads." The agent workload context 
makes policy standardization more urgent.
To clarify the draft's design intent: we use Rego as a concrete example, making 
policy-as-code a first-class authorization object in the OAuth flow. The RAR 
type defines how a policy is proposed, validated, bound to a token, and 
evaluated at the RS, with reverse-guided authorization enabling 
autonomous recovery. Tradeoffs like analyzability vs. expressiveness can be 
addressed at the profile level.
I've been thinking about the right scope for OAuth. Perhaps the goal should not 
be "standardize a policy language" but "standardize how policies are bound to 
OAuth tokens." The language itself can be standardized as profiles or remain an 
implementation choice, while OAuth defines the binding mechanism (RAR type, 
metadata, evaluation hints etc.). This would keep the scope focused on OAuth's 
core mission while enabling policy-as-code as a first-class authorization 
object.
I'd be happy to organize an offline discussion in Vienna to continue this 
conversation. The current draft can serve as a strawman, and I'm open to 
evolving it based on the WG's consensus.
Thanks,
Dapeng Liu
------------------------------------------------------------------
发件人:Yaron Sheffer <[email protected]>
发送时间:2026年6月14日(周日) 19:32
收件人:oauth<[email protected]>
主 题:[OAUTH-WG] Standardizing a policy language
Hi,
I came across the recently published draft-liu-oauth-rego-policy-00 [0].
First, apologies to the authors for commenting before they have had a chance to 
present the draft on this list.
For many years, the OAuth community kept authorization policy languages out of 
scope. I agree with the authors that it may be time to revisit that position, 
particularly given the increased focus on workload authorization and AI agents 
operating as workloads.
However, once we go there, we should also discuss what properties we need from 
such languages. As input to that discussion, I would point to a recent AWS blog 
post [1] explaining why Amazon chose Cedar for agentic workload authorization. 
Granted that AWS is not a neutral party, but the post highlights an important 
consideration: the ability to perform automated analysis of policies.
Rego is more expressive and more widely deployed than Cedar. On the other hand, 
Cedar was designed to support reasoning about questions such as:

 * 
Whether policies are unintentionally over-permissive or over-restrictive.

 * 
Whether policies overlap or conflict.

 * 
The impact of a policy change on authorization outcomes.
It is far too early to discuss any specific language choice, but it would be 
useful to discuss the requirements, including the tradeoff between 
expressiveness and analyzability.
Thanks,
 Yaron
[0] https://www.ietf.org/archive/id/draft-liu-oauth-rego-policy-00.html 
<https://www.ietf.org/archive/id/draft-liu-oauth-rego-policy-00.html >
[1] 
https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/
 
<https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/
 > (discussion on Analyzability is in the second half of the post)
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to