[OAUTH-WG] Thoughts on cross-domain authz info sharing for agents? (draft-diaconu-agents-authz-info-sharing-00)
"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Fri, 13 February 2026 15:27 UTC
Return-Path: <fbrockne@cisco.com>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 84441B6FC66F for <oauth@mail2.ietf.org>; Fri, 13 Feb 2026 07:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -11.886
X-Spam-Level:
X-Spam-Status: No, score=-11.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYMR2t1SZsGc for <oauth@mail2.ietf.org>; Fri, 13 Feb 2026 07:27:23 -0800 (PST)
Received: from aer-iport-8.cisco.com (aer-iport-8.cisco.com [173.38.203.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BCCDCB6FC667 for <oauth@ietf.org>; Fri, 13 Feb 2026 07:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=6250; q=dns/txt; s=iport01; t=1770996442; x=1772206042; h=from:to:cc:subject:date:message-id:mime-version; bh=snlVXNnKG7jhFZ3tzxlOEsBTiVISjHBsfzlzpeYuhs0=; b=atxlGB6gkI4GzaRznnOUv2/iM9qcWK+wkeqsnvRkijydYsUR9TLCw0H1 oPjBl6tzWaSJ5Pl5af8xtoOpvvxtMBPF94vSJtyHNGLX2lKZrxbdE4G0a 4CAFInTW79g2Vl0IYs7x2pGuVxu26cZMf1QrU7tBT6b+/zrupIfQgFfzL nytp0elytpDL99QSCHEUCrergIMF7D0MiQRVqWXXpMF8H4Rja+cQN3x2i OztJj4d7DATo+ZMZtVaatLyz99yZxxV3UI47Oic0xw1JolUT+3Z/sHDds H4HeNesZGQYzMnVbiAFNqiW9p8Dme4RXvijgPJH0X/E+BL6S06IKLL96Y Q==;
X-CSE-ConnectionGUID: qkUYKt4PQa+W9lRowhALww==
X-CSE-MsgGUID: dzOjJED6TKuZpn+NWU1oMQ==
X-IPAS-Result: A0B4FgDTQY9p/9NK/pBRCRwBAQErCwYBAQQEAQECAQEHAQE6gSsCgTsxUweBAIEhhSCDSgIDhSyIeZdGhleBfw8BAQENAhQCLg0EAQGFBwIWjQgCJjQJDgECBAEBAQEDAgMBAQEBAQEBAQEBAQsBAQUBAQECAQcFgQ4Thk8BDIZdFhFWEgEMNwcCBC8mAQQODRMHgmGCHVYDAQIOoWwBgUACiit6gTKBAYNaAhBB23sGgU0BhQODUAEqgTUBAg6EBDiEQicbgUlEgVeCN4NQAQECAYExLoNZOoIvBIINFXoUHYwthyWBRCIDJjMsAVUTFwsHBYFmAyovLW4yHYEjPhczWBsHBYgLD4kHeG6BIHwDC209NxQbAwSBNQWNY0IZQYFAAYFVBFECgl6Weotgo3YKhBwFjBmVcBeqBGeZBiKNZ5sNAgQCBAUCEAEBBoFoPIFZcBWDI1EZD45fiFW8NIE0AgcLAQEDCZNnAQE
IronPort-PHdr: A9a23:V6lf5RSkUMKHkTzEYHUHh4LT99pso47LVj580XJvo6hFfqLm+IztI wmEo/5sl1TOG47c7qEMh+nXtvX4UHcbqdaasX8EeYBRTRJNl8gMngIhDcLEQU32JfLndWo7S exJVURu+DewNk09JQ==
IronPort-Data: A9a23:zKJHJaxYggnLJxFm0IZ6t+dzxyrEfRIJ4+MujC+fZmUNrF6WrkVTn TBMCziOOqvcZDb8c9slboTk/EMAvpDSmIRqSlNq+VhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJlqCCea/VH1buSJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kobVuKYw6TSCK13L4 4qaT/H3Ygf/hWYuazlMsspvlTs21BjMkGJA1rABTagjUG/2zxE9EJ8ZLKetGHr0KqE8NvK6X evK0Iai9Wrf+Ro3Yvv9+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+vpT2M4nVKtio27hc+adZ zl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CCe5xWuTpfi/xlhJFg1ALw75rpPOGgNy q0cEjcSbjmnmP3jldpXSsE07igiBMDmJsYb/3pn1zycVK5gSpHYSKKM7thdtNsyrpkSQbCEO pZfNmYpNk2ZC/FMEg9/5JYWku2ygXL8dTBwo1OOrq1x6G/WpOB0+OSxaoCPJIPQLSlTtkqKg WDk0kinPjIHBsSZihy6zyuro9aayEsXX6pXTtVU7MVCh1SO2mw7CRAKWx28u/bRt6Klc9tSM QkQvyEpt6V3rRTtRdjmVBr+q3mB1vIBZ+dt/yQBwFjl4oLf4h2SAS4PSTspVTDsnJZeqeACv rNRo+7UOA==
IronPort-HdrOrdr: A9a23:okuOyKtN94dp58IdZgIMWZ2B7skCK4Aji2hC6mlwRA09TyXGrb HMoB1L73/JYWgqOU3IwerwRJVoIUmxyXZ0ibNhW4tKLzOWx1dATbsSp7cKrAeQYREWmtQtsZ uIEJIOReEYb2IK8PoSiTPQe71Psbv3lZxA7t2utkuFODsaEJ2ImD0JcjpzfHcGIzVuNN4SLr bZzMxBoDarZHQQaeqGJlRtZYL+juyOvqjLJTodCTAayCTmt16VAbjBfCSw71M7aXdi0L0i+W /Kn0jS/aO4qcy2zRfayiv684lWsMGJ8KoNOOW8zuwubhn8gAehY4psH5eYuioune2p4FE21P HRvhYbOdhp4X+5RBD6nfKt4Xig7N8d0Q6g9baquwqgnSU/fkN+NyN1v/MYTvIe0TtlgDgz6t MN44vTjesoMfqJplWN2zGPbWAnqqJxykBSyNL6SBdkIM0jQa4UoooF8ExPFpAcWCr89YA8Ce FrSNrR/fBMbDqhHjnkV0RUsauRt04Ib2G7a1lHvtbQ3yldnXh/wUddzMsDnm0Y/JZ4T5Vf/e zLPqlhibkLF6YtHOlALfZERdHyBn3GQBrKPm7XKVP7FLsfM3aIr5Ls+r066OyjZZRNxpovn5 bKVk9eqAcJCgrTINzL2IcO/gHGQW27UziowsZC54Jhsrm5X7bvOT3rciFbryJhmYRrPiT2YY fABHsNOY6SEYLHI/c74zHD
X-Talos-CUID: 9a23:RntRS25AS+uksVqa0dss7U0pK+M5LkXkxTTvckuCDnlpYZmKVgrF
X-Talos-MUID: 9a23:GWrB+QpY+v/N41asKzoezz1wE8VKzojwNGMQo40A+O+7CHV3Hg7I2Q==
X-IronPort-Anti-Spam-Filtered: true
Received: from aer-l-core-10.cisco.com ([144.254.74.211]) by aer-iport-8.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 13 Feb 2026 15:27:15 +0000
Received: from rcdn-opgw-3.cisco.com (rcdn-opgw-3.cisco.com [72.163.7.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aer-l-core-10.cisco.com (Postfix) with ESMTPS id D65621800033B for <oauth@ietf.org>; Fri, 13 Feb 2026 15:27:14 +0000 (GMT)
X-CSE-ConnectionGUID: cFt3iXg+RtGe4IRGBCf6Xw==
X-CSE-MsgGUID: gucdWby/Q9OIJaKCImLzOw==
Authentication-Results: rcdn-opgw-3.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.21,288,1763424000"; d="scan'208,217";a="55337727"
Received: from mail-ph0pr07cu00606.outbound.protection.outlook.com (HELO PH0PR07CU006.outbound.protection.outlook.com) ([40.93.23.94]) by rcdn-opgw-3.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 13 Feb 2026 15:27:13 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jxFkkyH0cqs7j1rLgUATxK0F8vHWNPWqOMVHi5Nv2Nw3Rpuaq1uD1tq5xFyS1l4m6OgwX0T9TsMZKXMtYVdnom8ER7PPomhSnYdzcUnHMPZDFKleIOYjzQ+6IcNXq5FPMBFuVKebVFr7pYySvNGxBcTAiF8aKE6Nngw3bKUX4vknzluoqSAYCJM2l97DZ3UNGEh94naYGZDjsw4uCtZCoamsGbFf8qK/XsroZy36oNg1rkFfJDs7TUbEkDxlFuikpUvNZv9QMF0yW9i5PXT6hM5MgoMjPXkuqWpPBx8prtNva/XNffTesHom7UcSFiBeRbu3gPSdaMvXtYAtl0TdJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=snlVXNnKG7jhFZ3tzxlOEsBTiVISjHBsfzlzpeYuhs0=; b=SgPdwxmrz/iNGVmmhGBBQ/WVrE0KxzZUYALaND8Q83IASaJQfTQlnZlX3nf5Wg9x6EdJ9c68zrIxPM4vKxh+VKOnejnr+YrZ5n015EzizVKrM1bMATZwWXJfiIdaddMtaHY3ssSNVmqCQbha/24Dcy7ZLCr3rQlnK+je/RQLSKqj9dzlwSwtOxqK6gSdyxoVHF0a8tArAZGYYMxC2zC2Iv9Bb/ijCi64XWB8WwVhXdzSdKEAtBLvASXjEolQdmmZW6ikZuTlx4HxFyrQAfDyMD96JMI4aDDjcMcweUMoS7FWOw03y/FW21I2Q9VTb/ynoSugMgQLvHzXrB3mxWVJ5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from PH8SPRMB0057.namprd11.prod.outlook.com (2603:10b6:510:354::11) by CO1PR11MB5090.namprd11.prod.outlook.com (2603:10b6:303:96::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.14; Fri, 13 Feb 2026 15:27:11 +0000
Received: from PH8SPRMB0057.namprd11.prod.outlook.com ([fe80::ce4f:5683:6935:5096]) by PH8SPRMB0057.namprd11.prod.outlook.com ([fe80::ce4f:5683:6935:5096%7]) with mapi id 15.20.9611.013; Fri, 13 Feb 2026 15:27:11 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Thoughts on cross-domain authz info sharing for agents? (draft-diaconu-agents-authz-info-sharing-00)
Thread-Index: Adyc/Nuz3wv3LwHfRiWZkMsFwfPG1g==
Date: Fri, 13 Feb 2026 15:27:11 +0000
Message-ID: <PH8SPRMB0057827B5BFC9E03A54F4165DA61A@PH8SPRMB0057.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH8SPRMB0057:EE_|CO1PR11MB5090:EE_
x-ms-office365-filtering-correlation-id: d66f377b-276f-4b96-ad47-08de6b145b79
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|1800799024|366016|376014|13003099007|8096899003|38070700021|7142099003;
x-microsoft-antispam-message-info: pAEMsQA/iHAqNGQiFx4OKR58u0w6wtVmN4wgX02pqx3kYra1wnB+qHprTOVRwaIvkidOjLbyzHOWQgKDpHuZrljha+SqSGfLHqYkY09U+sgSAYveXRnGebfTUHa8sEcOn7hmq706z1aN13vDVvQTLqQ7QDXgmdUbS3I1BOPpqU0/Ci4imG3peRp4NTpw1NH0iPFrr86BLq+8y6dOuq5/VMwbAQtYYhN1LM0eGLYg1kfPO5CmUVXdjofOmF2q0jF0As8W+5FSNoDxEK3WQ1X0iEITmX/aVNFysg4aOQslZoCV2B7ABvX3fiCl6EK2kKpdoeyE8ctFc5HcEkGoassj911xT40YZ86KqhgqD8ZT2FEI7VFYb0eWqIua4AETp0gkuz+YGgoBdREumtfmxfGD52RpYoTeP4zUuj56kGDiSHf/zB2nrbnh8jwAOOKQcCbpjQcNAwgz4cWExDrWzwvk/7JlCTZ1pGRyE9FZ1yaxE1x75Jqi+NUg+PgIgE5Z8PzkoDeDTTt1KJRJ22sFkknpAO6BFcoPLdBhc5p3NV97QApIl8KiX4Tp72DoZOv4pfwzn8ciq5SFM/PaYzdFN/K4nRIIUeVRrNuye1jKR78KKdAmMIk//TcaYmaTcOEchvxmp9LgnhNqojbypigQDmuFheKGRFexBaq3upncE8NjoZXIbySfsM+XAwVxqcYNPL0qMGvNw381/pFQ6L90H0LjZt5Fz1n/VyXS3vQ9ZBhh3WlLnMSNrs9ru1Qv7ROvIEhiDO8tYrEePCi3yJBVMo0li3DJOj2zXNPlJHBIA9WY2dTA5EvP2FH8nCjh4yQEh3XpAONqJFElCeH4yDXwIY9Vigf5bsemtYjYDymjiOyEIKcxas46oanMSN4STXyUPdm0lgMQzDfHLLLn4/J9E8gE1FCwxVnn5/geru+2VEomx728UeSddIT6o8UCelnSUCOhcJ3hZqx85IQj3EMwHPM783SvfoynAUR/s08bJE8jf0Tah3PMAW5QWkFUL5BU5Ebq8EFxMrle3gHToXZqzb9Ic7lmrCSQnxSZmW2VSp6IAUiZq8tcgG7lDIPF07WF1HL/DLXxT+l15xKDzEfk9EshJDeGSbdOEP6FlyrxzgrblChwItOfAbFOD6N5AOVjpsn2rQkGC2Pj6kMCAZmLWlzTk/441Mc+9Vz8iAgFQ5YLWvfkWrYBImZsF4K3bkml+m4uLyPGTcRX+MLb0xXPuj9n7omIBeClXvQDIb5NReX/117LF36m7+XGhI4kNoDIPNaeLoMlOC6B+kzWvyEf/03ihTbdyv/gb5RBpsJFaXqKAcWOfxYF+9Gt2TU/ryrNWx3mzF0H93ZyMPEu5tuuf/tPSGZ4/Ry/2P1QIXzfe6LqpBqJovq0YFUHTcc14rmF+yHPHmxbjPQk7gQ+gstykTEyrMx9Gfxtfnl9vqj3drcmHWoDXpYub+PMYCaCfk1ecE0bdTHQpTPJL+cy5/KtLDNohhZQIam58bkiXU9LsdZquAkGef/l7OGINjsA1KJQcTBE0rno9FSYJ6BZRuaTvuTzIcr5K6174FBImjyvJaVj5cnveGbaRtlcLD1nUAYgCbfpmZIdLUMR1BqyqPJeW/mCXvKj+nO3qt3m7CVwJwu0bQU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH8SPRMB0057.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(1800799024)(366016)(376014)(13003099007)(8096899003)(38070700021)(7142099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 20atZpvznz8ISJLyBOxQ2dUZql6eB8/FgLCjqyfzfZKCIUWO6eKlotY8bMNUdOwq2qSONK65SDEt2Hg2J8oHM3Z9EaY3uBWY5hcb6Ye8VbvHKwGLt0jvb80T941Il4VZV/D98xBkGj4MUJqyWZpAm+rHKj7Algw3sBl6G8sEQC/navhfsAVu5PPyAA01AYDe2b0jkuRG2oWgeEK8wAgFqT5r/hkY3NyCC6S6T4GAR+jg1MBQ+1lw2LEZUbrigHKdkZMaaZ5aaL5/u4v8KvRYfhEd0cGRaD54NlDn/3DaLt51SZkCfs56dBE+SIWlwMcKK+z3/rVLBy4TiPR/WS6/pSDlCC0JFHlcfTMjid4TOOWV6Qx6xTCCD63FGrHCekAPxDUPlmEcziHEAv+gk/FWttGTZ0g1CBT9gD14vCo+TNGsu+6mx8wMFfR0lNNVVqbNKX1MquBfCtjWWl9R+J2JjQGM5suefowjsxQicwJEBnJg5PjJ5o+V8bGW0Fm5/ObHEAsncPBxsgg8zzTw6LtCghiUslVwx5Ss6PZ8/sGkyYcEE56gjdwLEYIL/UgvqLDP8f3m9/2OD1bVD+YDPqBpBeC0FkQKfYWmI0jrkY+orwxv6/HoA2nHByWu9cqlqxhW0PD6Hxjh8XOKABK/Al0IC+7UavRVNesa09OmiqBqAlwjAlJSWtEIeI5GuCkmjxSXVb3xLjzvEred7sy/kWtlrvedr0a1KlLlITge4w/vKI4GLPxkWiryi2/XYi0x265o1wZSZKuW1ebIo/ORa14dYUE/FXFLKyPQXAVyncADs/V0YBvLYv9h58JG2/CYQDhv7inCZXFHijOiNmgP/TNb/yStFy81fnd3gO0GDAja7nweygwg1T+1oKDTqgiukl9TF2QkxpJf80DKZioEE0JnvMEbrKxhdLC74/3CFVtCqmul3iAiziFg/Jvt/qYRZofXME+yp9LGqE6xsGRuSjASzHOzc1cqtViUJp/pA510zs0OgJAVSI+egr+kYl761xUOPqF2TI7h2QxSwne+AbAnf783jzoPpTYu1B07wjrbyFDpuA2sjUqMW04PQSeBe+KWy3xbAHxiC7ng5aPUuu3q3LOp16CDQVLP2izbWreyaF8MK6IukQMf50fuiDDVmxrsFu8OTrGsRs92n/i9enDcKox4WPRMwAT9A+pDG2KCNtPgmCwCJULldtKeBWESCUHbOFmzGZF1TYWSDNlDOKzWHTvO9ZN7IiFhwbJkUUVrTYNeuwphvxK5qgTqjy0R4dWEjlMPlkBjShTCZrEnhlYNcd4wvBD5KyRQOf1kAJ39PJFBKoaspuDEYH6MJHb2fQtYFiSRY6WfM4nbEISK41M1rZjQO2SI5QuJnD2aaj9ITACMy63qvmZkYtaIjyaRCyjbDzF4cw+2LJHqrT3wqRxT2Sv6mXnYlMpqvvaG8fs0z8wESkkQVeFE/S9rAcIqSkxjxJTHE2WDVNhEWuSYOzsfWbcp2x0VGilveBv7yvJwi6/cWJV0iUkbHFEu2ChjB4WaNG388ZkzxPcxE4CqYl+EHogwzmVuYdqYPEnDDESXRP9IwyrQNANJEZ0lyYuZNdbm082IqJxiSTGaohSJlZds99abHWX6yKvO0Y9dJfcuP3U0EW5+J8inv9zJpgwIVzZR6Obk2HhJqCGXD6b68KBVBf90oCg3D0KF/FF4yY7FtFOPOsAknN4Pd/tY0uPC+2yunHaSHUYa3QIdWoPgtVTjBS2GsvqUN4U3379dQj64miHF+WW4/aNuv6DslA3e1/wP
Content-Type: multipart/alternative; boundary="_000_PH8SPRMB0057827B5BFC9E03A54F4165DA61APH8SPRMB0057namprd_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH8SPRMB0057.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d66f377b-276f-4b96-ad47-08de6b145b79
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2026 15:27:11.1093 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q82+7oFHl0uGfRRUXD0qmsXLJTlIyg/+sZsktiW9ozJ1DdKXKOz3J2ArrGCvBBJdDmUesTwGOu6Ba2tRHBrJLg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5090
X-Outbound-SMTP-Client: 72.163.7.164, rcdn-opgw-3.cisco.com
X-Outbound-Node: aer-l-core-10.cisco.com
Message-ID-Hash: ZF756VY43DPVY3DTMASB5HDP34FHNBJD
X-Message-ID-Hash: ZF756VY43DPVY3DTMASB5HDP34FHNBJD
X-MailFrom: fbrockne@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Jean Diaconu (jdiaconu)" <jdiaconu@cisco.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Thoughts on cross-domain authz info sharing for agents? (draft-diaconu-agents-authz-info-sharing-00)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/O4WQuL3PmEOgp5J2jSpLlwXBNkM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
We recently published a new draft https://datatracker.ietf.org/doc/html/draft-diaconu-agents-authz-info-sharing-00 which discusses challenges and solutions for securely and flexibly acquiring and sharing authorization information for agents across domains. These solutions include the use of dynamic identity, interoperable claims, and verifiable credentials. Are there additional use cases and related requirements beyond those listed in sections 4 and 5 that should be considered? Are you aware of other solution approaches targeting authorization sharing for agents across domains beyond those discussed in sections 6.1 to 6.3? Besides the discussion of requirements and solution approaches, the draft proposes a pragmatic approach based on draft-ietf-oauth-sd-jwt-vc and draft-ietf-oauth-client-id-metadata-document. This approach uses verified credentials to address decentralized authorization information for distributed agents in a structured manner. The draft reuses VCs and the associated data model, but it doesn't extend to the larger distributed identity ecosystem of W3C (i.e., DIDs) - unless you want to. Any thoughts or comments are very much appreciated. Cheers, Frank
- [OAUTH-WG] Thoughts on cross-domain authz info sh… Frank Brockners (fbrockne)