[OAUTH-WG] New I-D: Attenuating Authorization Tokens for Agentic Delegation Chains (draft-niyikiza-oauth-attenuating-agent-tokens-01)
Niki Aimable Niyikiza <niki@tenuo.ai> Mon, 15 June 2026 16:19 UTC
Return-Path: <niki@tenuo.ai>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BD20710199E33 for <oauth@mail2.ietf.org>; Mon, 15 Jun 2026 09:19:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1781540364; bh=C9nUf10haW6o7Y07LsCIah55ua1ZJq3vPQMGleqLdJM=; h=From:Date:Subject:To; b=JbPytuk60xvFeDzl1rUr9AT78d8sARvTIU8Nn/sNW3iwXHiBTqJ1LwcQWVh/efm0l UCFjzf+PKYlYmPpbwoGhsNIZsfTg5vQs2+Qg7EA4sv+DokdEcMlzpOFdIvghWOaIor zhJ0wsT9IoAdQWGVQ9GhJxLVSewDmLMb5awwlQ9U=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.613
X-Spam-Level:
X-Spam-Status: No, score=0.613 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tenuo.ai
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFQy4leZq5l5 for <oauth@mail2.ietf.org>; Mon, 15 Jun 2026 09:19:24 -0700 (PDT)
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 986B710199996 for <oauth@ietf.org>; Mon, 15 Jun 2026 09:19:02 -0700 (PDT)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-7e1c3f47d78so37821217b3.0 for <oauth@ietf.org>; Mon, 15 Jun 2026 09:19:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1781540342; cv=none; d=google.com; s=arc-20240605; b=E+LoDcij7RlN8NB+4JPolYP5XazGXs3/vyHiR5Si5ou+Ldwtkr+UpHhhktbCm+EbY2 I4Kwa9NDyVW/XGReuBAg63itK4E5YQWX/ZPDvJENbdsl0AuZxaviXYvcmu14Dv8OdOUr 9oXabfziGGsIxzRc6/RzgVWnQ2onNRBmJIoEpQzZZ3eVUBN/9IVtjIAlL9Gw3rLYJ8BJ LApqY0gL3igq4Ry2k2G8LHrefcU/6/BVZ6ZqaNOf7bQmpX+pff+T6lhwcRPPTakNWt17 CGqZ0HW2M6ab8aM+i0T1tbl+ptHR5V5PIFF9x8/jxG38Il9UQ9sTtzaFHPHLk+W8cuEC 0Jeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=Xb3BC/TaYcfdGoC1M2LMcKDRCKUbE34cyT+pZ1zOKOY=; fh=HRwJNtTTtPgtfgvXyPaPq+Te1JrkxlJZMfmgN30AIzQ=; b=cGJd3qaM84zcUe9f6iCjxhxRCu9j77GCJAEWaFisQZfFHMXhcXJQJBt5PrfnmonPK8 GuAUiP13e7DNw4vKsfzZlhbB53UF7LQGKXbzFh/5tHdrHKDKLgzXF62VoMCbnVnzV3fM xBPoFF+/WkHfwef9I6q3yXTPaUPC+ArmcrYLqx0fMAS65JdX7goGazPgtOwn49GhQU2I wEs5/kBp0hN27TGZSGGXhaxsaxzOLenpnrxCQ++NmeDQ5kPyh22NmnXT6vdaRT8X+Uci MSbsWwhgEXTtcA5h0LCaC6HsiU1TIXHoNs+hvQYxxVCqL+BgbchC2tYypKzsvG3kclQP z5ew==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenuo.ai; s=google; t=1781540342; x=1782145142; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Xb3BC/TaYcfdGoC1M2LMcKDRCKUbE34cyT+pZ1zOKOY=; b=WG1Hdsf2/ASgmdI+NWHjAcoBrnaxrGrRvA1sVIyt0bvSlqZfFHaXeB/EjUgNjWgrSP l0OY9+XNd+Kv9KzLdNwMD3xivilkLiaW8zGkiuKOohUtMEKhMpbjnaiecK1aDfOlVHnH TscNiRWqA75fU88THbK3tPxYGsPtfpCNY86lAjkIfNDhSKpBozUUdZp50Dm0QY7wWMi6 ltKlJ3ULAIzw/kNKe2iau+7Q2ynMkiAkiqpEh6OkMlI0uHh4EIuc17GmIvkFbHwZf4bt xUfwqFVvRA6IxCfLQ0T5GN5+W/5Z8xdgN8OktIRSafh3mxvPNSjJS8bebXPa3urRQoM8 TDtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781540342; x=1782145142; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Xb3BC/TaYcfdGoC1M2LMcKDRCKUbE34cyT+pZ1zOKOY=; b=paJJmITwduf96uCFvC1GV86E8wcNhzFb+NK2uFsdeBDcAm+LzSBuFb5ntBBK3Go2zW moxKClAbpGIX9NC0OL2YFjMXOWTuaMf7T4YWktEyPXThWiamhHMH14Qz9RbDBoKXokyu egsS8vNapcwJjpUis+lDa1bpYgrVdu9EXYyhBGnVGb3Ic6VdF+bUV+yYM7rQ5scJPSAn KNIq6fiolDRP/KoumG+gMuh0NhcBy6J7Xi8SvqR+y7k68K14eixJD2h4BgDa7JvvsCt+ 5Xw9zq8393rq1FoRcv5/t8/y0ha/dLOkKjqEfKlJgz9+99fohVstiyxvPCUN/M6VvnG0 IygA==
X-Gm-Message-State: AOJu0YwstLbS1JjFq6ExAMTnwfh1iS3pTmwtIdOkxCRqxYLSXDlft8EV nPuBBFWJBvaDWuCjRaL7sewHYWpPiTdVe2yVuT5FfTHdHTXuzG8esnb02oQYmVp5/6tvJvGZbWb UM/Fe6Wk72dHpTraovdgdQyF0ExL+d8QpvWELFVD+xCgHyzmygNnCxpE=
X-Gm-Gg: Acq92OHm1vzWUDz/LZj8BpuEFJBE09JoO4rg1UcRoN8FsA4yM4cxvFuG+Q1Ze044yef xGUTgzn2Vo09hLXS5GHyGZqlMreMu62wpJlEofQfaNSyPYPBQeXeDHAEYP270Mh3krdVmffhlbK tyW9RXdnChFX0kI4Bs/uLeuXu8vCy89bptchx6c8eNCSoslvOJVSo6e0JuB0z5aZ6vzIPsWOu15 tN0cBrn7nbh8jBUXTsn9gIEbK3S7esRFYiC9WFjCAK+/5tjN8WDl1QtpwX3VT1QT75uZTtcegdF vdrlrQcSoYK01gwe5WVV3ihHCpTQv6akiLixGGy2yw==
X-Received: by 2002:a05:690c:9b11:b0:7dc:2161:825e with SMTP id 00721157ae682-7f7b6a33f23mr145082877b3.19.1781540341611; Mon, 15 Jun 2026 09:19:01 -0700 (PDT)
MIME-Version: 1.0
From: Niki Aimable Niyikiza <niki@tenuo.ai>
Date: Mon, 15 Jun 2026 09:18:50 -0700
X-Gm-Features: AVVi8CeqXQpzi1hb1d0Wd_zvkZ48Er_hlw_RezXu4g3DtpEYBiMZV4TuHOohGkM
Message-ID: <CALGH9Z_qkdYoqeChYOzbQ62r2WtMBz0-znnA+KQmmgRugNHR+w@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000370d6806544d2f3f"
Message-ID-Hash: K57PURBWRIQQGNN535Y2WUMDPWBJAP4X
X-Message-ID-Hash: K57PURBWRIQQGNN535Y2WUMDPWBJAP4X
X-MailFrom: niki@tenuo.ai
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] New I-D: Attenuating Authorization Tokens for Agentic Delegation Chains (draft-niyikiza-oauth-attenuating-agent-tokens-01)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-MX77Hk2_QqiSHe1NgSh-TLhWKA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi all, I've posted a draft defining Attenuating Authorization Tokens (AATs) <https://datatracker.ietf.org/doc/draft-niyikiza-oauth-attenuating-agent-tokens/>, a token format for delegation across multi-agent systems that draws on capability-based authorization. It profiles existing OAuth mechanisms where possible, and I'd value the WG's review. The problem: in multi-agent workflows, an agent receives authority scoped to a session, principal, or workflow and carries it unchanged, across every tool call it makes and every sub-agent it delegates to. The draft defines: - a profile of RFC 9396 authorization_details for tool-level capability claims, with typed argument constraints; - offline derivation of child tokens by a token holder, with no AS round trip; - attenuation invariants enforcing that derived tokens can only narrow authority across capability, delegation depth, and lifetime; - cryptographic parent-to-child linkage, verifiable against the root trust anchor; and - proof-of-possession binding at invocation time. It builds on RFC 9396 and RFC 9201, differs from RFC 8693 Token Exchange in making the attenuation chain offline-verifiable rather than AS-mediated, and is meant to complement WIMSE's workload-identity work. There is also a reference implementation covering token derivation and chain verification; the draft's Implementation Status section has details. I'd particularly welcome review of the attenuation invariants, the constraint-subsumption model, and the offline chain-verification model, along with views on whether the WG sees this problem space as in scope. Draft: https://datatracker.ietf.org/doc/draft-niyikiza-oauth-attenuating-agent-tokens/ Thanks, Niki -- Niki Aimable Niyikiza Tenuo
- [OAUTH-WG] New I-D: Attenuating Authorization Tok… Niki Aimable Niyikiza
- [OAUTH-WG] Re: New I-D: Attenuating Authorization… Neil Madden
- [OAUTH-WG] Re: New I-D: Attenuating Authorization… Niki Aimable Niyikiza