I would agree with George’s comments and had similar takeaways from the meeting.
Kind Regards, Bjorn > On Mar 16, 2026, at 5:56 AM, [email protected] wrote: > > On Monday at the OAuth meeting for IETF 125 a number of AI related proposals > were made to extend existing OAuth mechanisms in different ways. However, it > seemed to me that there was overlap in the desired goals across these > proposals and I’m wondering if for the AI space we need to take a step back > and define the desired requirements before making spec level proposals. Just > in what was presented, there is fragmentations and this doesn’t include a > number of other proposals that have been made (either to IETF or otherwise) > but were not presented. > > General topics that seem to come up frequently: > * identifiers - instance, owner, version, … > * fine-grained authorization - RAR, scope extensions, transaction tokens, … > * delegated authorization - delegation chain, delegation capabilities, > on-behalf-of, for-the-benefit-of, … > * context & intent - transformation of original intent for specific > delegation task, ... > * consent - levels of delegation before consent is required, back channel > consent, … > * privacy - > > I’m sure there are more. I know it takes more time, but I believe we should > address these issues holistically rather than on a spec by spec basis. > > Thanks, > George > > George Fletcher > Identity Standards Architect > Practical Identity LLC > > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
