Hi all, I am writing to share comments on draft-klrc-aiagent-auth-00, attached as a PDF. The core framework is well-grounded, and I have focused my feedback on three areas where the delegation chain mechanics need further specification work.
The comment covers: (1) underspecification of multi-hop delegation semantics in RFC 8693 as applied to this framework, specifically the absence of chain verification, scope attenuation rules, and revocation propagation standards; (2) a delegation chain splicing vulnerability in RFC 8693 disclosed on the OAuth WG list in February 2026, which is directly relevant to Sections 10.1-10.4; and (3) an architectural failure mode in enterprise-managed authorization when the IdP is unavailable. I am also preparing a companion Internet-Draft (draft-sweeney-oauth-agent-delegation-00) that profiles RFC 8693 for multi-hop agent delegation chains -- covering delegation artifacts, chain verification, mandatory scope attenuation, and cryptographic context binding to resist the splicing attack. I plan to submit this draft ahead of IETF 125 and would welcome discussion on the WIMSE or OAuth lists. The comment PDF is attached. Happy to discuss any of the points raised. Best, Kieran Sweeney
IETF-CRE12-COMMENT.pdf
Description: Adobe PDF document
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
