[Openid-specs-authzen] FW: Follow-up on the Tuesday side meeting on AI Protocols

[Lombardo, Jeff]

FYI

Jean-François "Jeff" Lombardo | Amazon Web Services

Architecte Principal de Solutions, Spécialiste de Sécurité
Principal Solution Architect, Security Specialist
Montréal, Canada

Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

From: Lombardo, Jeff <jeffsec at amazon.com>
Sent: November 4, 2025 11:02 AM
To: agent2agent <agent2agent at ietf.org>
Cc: Pieter Kasselman <pieter at spirl.com>; Lombardo, Jeff <jeffsec at amazon.com>
Subject: Follow-up on the Tuesday side meeting on AI Protocols

Hi,

As requested during the side meeting, here some additional pointers for the justifications that some of the elements of Authentication and Authorization are, as of now, worked on in other Area and SDO's:


  *   Delegation of Authorization is the core of the OAuth Working Group
     *   The Working Group is making some good progress on Cross Trust Domain boundaries
     *   https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/01/
     *   https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/06/
     *   We should not forget than Model Context Protocol decided to rely on OAuth to prevent defining a new way of dealing with Authorization in their specification. Such behavior accelerated the following draft in the OAuth WG:
        *   OAuth 2.0 Protected Resource Metadata  - https://datatracker.ietf.org/doc/rfc9728/
        *   OAuth Client ID Metadata Document  - https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/00/
        *   OAuth 2.1 - https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-14
        *   Best Current Practice for OAuth 2.0 Security - https://datatracker.ietf.org/doc/html/rfc9700
     *   We should also note A2A is completely capable of working with OAuth credentials
  *   When involving users, the OpenID Foundation as this at the heart of OpenID Connect
     *   https://openid.net/specs/openid-connect-core-1_0.html
  *   Agent authentication and identification is the core of the WIMSE Working Group
     *   Global repository: https://datatracker.ietf.org/group/wimse/documents/
     *   Architecture: https://datatracker.ietf.org/doc/draft-ietf-wimse-arch/
     *   Workload to Workload secure interactions (stop at the security, does not define the applicative layer of interactions): https://datatracker.ietf.org/doc/draft-ietf-wimse-s2s-protocol/
     *   Identifier: https://datatracker.ietf.org/doc/draft-ietf-wimse-identifier/
  *   Those two working groups are working de concert to ensure that all of this multi trust domain capable and credential exchanging capable
  *   On the Authorization side:
     *   The market, as part of Zero Trust, is embracing ABAC [NIST https://csrc.nist.gov/pubs/sp/800/162/upd2/final] in the form of policies that can handle expanded taxonomy
     *   Cedar Language emerged as a mathematically provable language for scalable policy evaluation
        *   https://github.com/cedar-policy
        *   Currently looking to be transferred to CNCF
        *   Automated Reasoning capabilities: https://arxiv.org/pdf/2403.04651
     *   The OpenID Foundation is currently standardizing how  a PEP can ask for an Authorization decision to a PDP. In your case, each Agent would be a PEP.
        *   This is happening through the AuthZEN Working Group : https://openid.net/wg/authzen/
        *   This currently going though final review for version 1.0 : https://openid.net/public-review-period-for-proposed-authorization-api-1-final-specification/

I hope those elements would allow you to improve the definition of the scope by understanding that those ICAM (Identification, Credentialling, and Access Management) problems should be out of scope and should remain build upon what is done and standardized into those other Area / WG / SDO.

Jeff

Jean-François "Jeff" Lombardo | Amazon Web Services

Architecte Principal de Solutions, Spécialiste de Sécurité
Principal Solution Architect, Security Specialist
Montréal, Canada
Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20251104/7eb0539f/attachment-0001.htm>