+1 On Mon, Mar 16, 2026 at 12:57 PM <[email protected]> wrote:
> On Monday at the OAuth meeting for IETF 125 a number of AI related > proposals were made to extend existing OAuth mechanisms in different ways. > However, it seemed to me that there was overlap in the desired goals across > these proposals and I’m wondering if for the AI space we need to take a > step back and define the desired requirements before making spec level > proposals. Just in what was presented, there is fragmentations and this > doesn’t include a number of other proposals that have been made (either to > IETF or otherwise) but were not presented. > > General topics that seem to come up frequently: > * identifiers - instance, owner, version, … > * fine-grained authorization - RAR, scope extensions, transaction tokens, … > * delegated authorization - delegation chain, delegation capabilities, > on-behalf-of, for-the-benefit-of, … > * context & intent - transformation of original intent for specific > delegation task, ... > * consent - levels of delegation before consent is required, back channel > consent, … > * privacy - > > I’m sure there are more. I know it takes more time, but I believe we > should address these issues holistically rather than on a spec by spec > basis. > > Thanks, > George > > George Fletcher > Identity Standards Architect > Practical Identity LLC > > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
