Hi all, It was great meeting many of you in Montreal and chatting about the Entity Profiles draft. Several of you mentioned interest in the problem space, so I wanted to bring this back to the list now that everyone is home: https://datatracker.ietf.org/doc/draft-mora-oauth-entity-profiles/
We’d really appreciate any comments, questions, or directional feedback -- especially on whether the WG sees value in standardizing a lightweight way to describe client and subject context (including AI-agent scenarios). In particular, does the proposed structure for describing OAuth clients and subjects seem useful? Thanks again, and looking forward to your thoughts. Thanks, Sreyanth On Fri, Oct 17, 2025 at 1:05 PM Sreyanth <[email protected]> wrote: > Hi all, > > Pam Dingle and I are proposing a new Internet-Draft: OAuth 2.0 Entity > Profiles ( > https://datatracker.ietf.org/doc/draft-mora-oauth-entity-profiles). > > This draft introduces a mechanism to categorize and describe the two key > entities in OAuth flows: clients initiating the flows and subjects (or > resource owners) represented in tokens. > > The draft doesn’t prescribe specific behaviors but instead provides > contextual metadata that authorization servers and resource servers can use > to make informed policy decisions. We envision that future OAuth extensions > and profiles could reference these entity profiles and define verification > and handling mechanisms for the entity profiles they target. > > The primary motivation stems from the emerging AI-agent scenarios, where > it’s becoming increasingly critical to know 1) when an OAuth client is an > AI agent, 2) when an AI agent is acting on behalf of another agent or a > human, and 3) how this context can be consistently represented and > interpreted in OAuth flows. > > We’d greatly appreciate the WG’s feedback and suggestions. > > Thanks, > Sreyanth and Pam > -- *Sreyantha Chary M*
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
