Don’t apologize, I am the one at fault here / too much fast reading. Jean-François “Jeff” Lombardo | Amazon Web Services
Architecte Principal de Solutions, Spécialiste de Sécurité Principal Solution Architect, Security Specialist Montréal, Canada ( +1 514 778 5565 Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. From: Jonathan Rosenberg <[email protected]> Sent: July 24, 2025 11:18 AM To: Lombardo, Jeff <[email protected]> Cc: [email protected]; [email protected]; [email protected] Subject: RE: [EXT] [OAUTH-WG] Re: Draft on CHEQ - HITL confirmation for AI Agent actions CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque. Jeff - Apologies for the confusion here, there are two drafts. One of the ones - draft-rosenberg-oauth-aauth, does have oauth in the name, and was discussed at the mic. We have submitted a second draft: draft-rosenberg-cheq This draft doesnt have oauth in the name, this is a new one about confirmation flows. Thx, Jonathan R. On Thu, Jul 24, 2025 at 10:10 AM Lombardo, Jeff <[email protected]<mailto:[email protected]>> wrote: The name of the Draft as OAuth in it, OAuth is a working group, Agent2Agent is only a mailing list as far I understand right now. So is there really a second options to submit it to another Working Group? Jean-François “Jeff” Lombardo | Amazon Web Services Architecte Principal de Solutions, Spécialiste de Sécurité Principal Solution Architect, Security Specialist Montréal, Canada ( +1 514 778 5565 Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. From: Jonathan Rosenberg <[email protected]<mailto:[email protected]>> Sent: July 24, 2025 10:06 AM To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: [EXT] [OAUTH-WG] Re: Draft on CHEQ - HITL confirmation for AI Agent actions CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. AVERTISSEMENT: Ce courrier électronique provient d’un expéditeur externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas certain que le contenu ne présente aucun risque. What is your view on whether this could be in scope for the OAuth group? On Thu, Jul 24, 2025 at 9:53 AM Dick Hardt <[email protected]<mailto:[email protected]>> wrote: I'd like to suggest one mail list for discussion. :) On Thu, Jul 24, 2025 at 9:50 AM Jonathan Rosenberg <[email protected]<mailto:[email protected]>> wrote: At the mic just now I mentioned this draft: https://datatracker.ietf.org/doc/html/draft-rosenberg-cheq-00 Abstract: This document proposes Confirmation with Human in the Loop (HITL) Exchange of Quotations (CHEQ). CHEQ allows humans to confirm decisions and actions proposed by AI Agents prior to those decisions being acted upon. It also allows humans to provide information required for tool invocation, without disclosing that information to the AI agent, protecting their privacy. CHEQ aims to guarantee that AI Agent hallucinations cannot result in unwanted actions by the human on whose behalf they are made. CHEQ can be integrated into protocols like the Model Context Protocol (MCP) and the Agent-to-Agent (A2A) protocols. It makes use of a signed object which can be carried in those protocols. Comments and feedback are most welcome, either here on [email protected]<mailto:[email protected]>, where I have also posted notice of this draft. Thx, Jonathan R. -- Jonathan Rosenberg, Ph.D. [email protected]<mailto:[email protected]> http://www.jdrosen.net<http://www.jdrosen.net/> _______________________________________________ OAuth mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
