I may be missing some functionality, but I think the objectives can be accomplished with existing OAuth standards.
RAR (RFC 9396 provides the granularity proposed in CHEQ) https://datatracker.ietf.org/doc/html/rfc9396 In your architecture diagram, you are missing the MCP server and the AS. The MCP server is sitting between the agent and the RS and can determine that additional authorization is required to call the RS, and the MCP could then make a PAR (RFC 9126) call with RAR to an AS. The resulting URL could then be passed back to the agent through an elicitation response which would then be loaded for the user to interact with the AS to provide authorization to the RS for the MCP server. In this OAuth flow, note that the MCP server is the client, not the agent. This is similar to related proposals to allow an MCP server to get access to resources downstream from the agent. Once the MCP server has this new access token, it can notify the agent to continue processing. https://datatracker.ietf.org/doc/html/rfc9396 https://datatracker.ietf.org/doc/html/rfc9126 On Thu, Jul 24, 2025 at 10:10 AM Lombardo, Jeff <[email protected]> wrote: > The name of the Draft as OAuth in it, OAuth is a working group, > Agent2Agent is only a mailing list as far I understand right now. > > > > So is there really a second options to submit it to another Working Group? > > > > *Jean-François “Jeff” Lombardo* | Amazon Web Services > > > > Architecte Principal de Solutions, Spécialiste de Sécurité > Principal Solution Architect, Security Specialist > Montréal, Canada > > ( +1 514 778 5565 > > *Commentaires à propos de notre échange? **Exprimez-vous **ici* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *Thoughts on our interaction? Provide feedback **here* > <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> > *.* > > > > *From:* Jonathan Rosenberg <[email protected]> > *Sent:* July 24, 2025 10:06 AM > *To:* [email protected] > *Cc:* [email protected]; [email protected] > *Subject:* [EXT] [OAUTH-WG] Re: Draft on CHEQ - HITL confirmation for AI > Agent actions > > > > *CAUTION*: This email originated from outside of the organization. Do not > click links or open attachments unless you can confirm the sender and know > the content is safe. > > > > *AVERTISSEMENT*: Ce courrier électronique provient d’un expéditeur > externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous > ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas > certain que le contenu ne présente aucun risque. > > > > What is your view on whether this could be in scope for the OAuth group? > > > > On Thu, Jul 24, 2025 at 9:53 AM Dick Hardt <[email protected]> wrote: > > I'd like to suggest one mail list for discussion. :) > > > > On Thu, Jul 24, 2025 at 9:50 AM Jonathan Rosenberg <[email protected]> > wrote: > > At the mic just now I mentioned this draft: > > https://datatracker.ietf.org/doc/html/draft-rosenberg-cheq-00 > > > > > > Abstract: > > This document proposes Confirmation with Human in the Loop (HITL) Exchange > of Quotations (CHEQ). CHEQ allows humans to confirm decisions and actions > proposed by AI Agents prior to those decisions being acted upon. It also > allows humans to provide information required for tool invocation, without > disclosing that information to the AI agent, protecting their privacy. CHEQ > aims to guarantee that AI Agent hallucinations cannot result in unwanted > actions by the human on whose behalf they are made. CHEQ can be integrated > into protocols like the Model Context Protocol (MCP) and the Agent-to-Agent > (A2A) protocols. It makes use of a signed object which can be carried in > those protocols. > > Comments and feedback are most welcome, either here on > [email protected], where I have also posted notice of this draft. > > > > Thx, > > Jonathan R. > > -- > > Jonathan Rosenberg, Ph.D. > [email protected] > http://www.jdrosen.net > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
