I'm writing to +1 the spirit of this comment.There is prior art, existing specs that distill knowledge how to solve classes of problems in the authorization space. It was exciting to read some the proposed drafts, but I also constantly thinking - what do we have already, can there be more generic solutions to these problems.
Vladimir Dzhuvinov On 16/03/2026 14:55, [email protected] wrote:
On Monday at the OAuth meeting for IETF 125 a number of AI related proposals were made to extend existing OAuth mechanisms in different ways. However, it seemed to me that there was overlap in the desired goals across these proposals and I’m wondering if for the AI space we need to take a step back and define the desired requirements before making spec level proposals. Just in what was presented, there is fragmentations and this doesn’t include a number of other proposals that have been made (either to IETF or otherwise) but were not presented.General topics that seem to come up frequently: * identifiers - instance, owner, version, …* fine-grained authorization - RAR, scope extensions, transaction tokens, … * delegated authorization - delegation chain, delegation capabilities, on-behalf-of, for-the-benefit-of, … * context & intent - transformation of original intent for specific delegation task, ... * consent - levels of delegation before consent is required, back channel consent, …* privacy -I’m sure there are more. I know it takes more time, but I believe we should address these issues holistically rather than on a spec by spec basis.Thanks, George George Fletcher Identity Standards Architect Practical Identity LLC _______________________________________________ OAuth mailing list [email protected] To unsubscribe send an email [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
