Hi Hannes,
Thanks for the historical context. The AI agent workload context is a new 
driver: agents acting autonomously on behalf of users across multiple services, 
with authorization constraints that go beyond what scopes can express. This is 
what makes the question worth revisiting now.
The discussion on this thread suggests interest has indeed increased. Happy to 
continue exploring whether the WG sees enough momentum to move forward.
Thanks,
Dapeng Liu
------------------------------------------------------------------
发件人:Hannes Tschofenig <[email protected]>
发送时间:2026年7月7日(周二) 18:09
收件人:Yaron Sheffer<[email protected]>; oauth<[email protected]>
主 题:[OAUTH-WG] Re: Standardizing a policy language
Hi Yaron,
we had various discussions about policy languages over the years and also 
drafts in the past, see for example 
https://www.ietf.org/archive/id/draft-cecchetti-oauth-rar-cedar-02.html 
<https://www.ietf.org/archive/id/draft-cecchetti-oauth-rar-cedar-02.html >
Unfortunately, there was not enough interest in any of that work.
Would be interesting to hear from the group whether the interest has increased 
now due to the AI-related work.
Ciao
 Hannes
Am 14.06.2026 um 13:30 schrieb Yaron Sheffer:
Hi,
I came across the recently published draft-liu-oauth-rego-policy-00 [0].
First, apologies to the authors for commenting before they have had a chance to 
present the draft on this list.
For many years, the OAuth community kept authorization policy languages out of 
scope. I agree with the authors that it may be time to revisit that position, 
particularly given the increased focus on workload authorization and AI agents 
operating as workloads.
However, once we go there, we should also discuss what properties we need from 
such languages. As input to that discussion, I would point to a recent AWS blog 
post [1] explaining why Amazon chose Cedar for agentic workload authorization. 
Granted that AWS is not a neutral party, but the post highlights an important 
consideration: the ability to perform automated analysis of policies.
Rego is more expressive and more widely deployed than Cedar. On the other hand, 
Cedar was designed to support reasoning about questions such as:

 * 
Whether policies are unintentionally over-permissive or over-restrictive.

 * 
Whether policies overlap or conflict.

 * 
The impact of a policy change on authorization outcomes.
It is far too early to discuss any specific language choice, but it would be 
useful to discuss the requirements, including the tradeoff between 
expressiveness and analyzability.
Thanks,
 Yaron
[0] https://www.ietf.org/archive/id/draft-liu-oauth-rego-policy-00.html 
<https://www.ietf.org/archive/id/draft-liu-oauth-rego-policy-00.html >
[1] 
https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/
 
<https://aws.amazon.com/blogs/security/why-policy-in-amazon-bedrock-agentcore-chose-cedar-for-securing-agentic-workflows/
 > (discussion on Analyzability is in the second half of the post)
_______________________________________________ OAuth mailing list -- 
[email protected] <mailto:[email protected] > To unsubscribe send an email to 
[email protected] <mailto:[email protected] > 
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to