Dear OAuth working group The AI Agent Authentication and Authorization draft ( https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/) proposes a model for authentication and authorization of AI agent interactions.
It leverages existing standards such as the OAuth 2.0 family of specifications, SPIFFE, and new standards such as the Workload Identity in Multi-System Environments (WIMSE) architecture, among others. Rather than defining new protocols, this document describes how existing and widely deployed standards, including OAuth, can be applied or extended to establish agent authentication and authorization. By doing so, it aims to provide a framework within which to use existing standards, identify gaps and guide future standardization efforts for agent authentication and authorization. We are sharing this here because a large section of the document references work originating in the OAuth working group. We have also shared this with the WIMSE working group and the agent2agent mailing list. Any comments and feedback are welcome! Pieter, Jeff, Yaroslav and Brian ---------- Forwarded message --------- From: <[email protected]> Date: Mon, Mar 2, 2026 at 6:38 PM Subject: New Version Notification for draft-klrc-aiagent-auth-00.txt To: Jean-François Lombardo <[email protected]>, Brian Campbell < [email protected]>, Pieter Kasselman <[email protected]>, Yaroslav Rosomakho <[email protected]> A new version of Internet-Draft draft-klrc-aiagent-auth-00.txt has been successfully submitted by Pieter Kasselman and posted to the IETF repository. Name: draft-klrc-aiagent-auth Revision: 00 Title: AI Agent Authentication and Authorization Date: 2026-03-02 Group: Individual Submission Pages: 26 URL: https://www.ietf.org/archive/id/draft-klrc-aiagent-auth-00.txt Status: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/ HTML: https://www.ietf.org/archive/id/draft-klrc-aiagent-auth-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-klrc-aiagent-auth Abstract: This document proposes a model for authentication and authorization of AI agent interactions. It leverages existing standards such as the Workload Identity in Multi-System Environments (WIMSE) architecture and OAuth 2.0 family of specifications. Rather than defining new protocols, this document describes how existing and widely deployed standards can be applied or extended to establish agent authentication and authorization. By doing so, it aims to provide a framework within which to use existing standards, identify gaps and guide future standardization efforts for agent authentication and authorization. The IETF Secretariat
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
