You Don't Give Agents Credentials. You Grant Them Power of Attorney.
You’ve been giving AI agents credentials. You should have been giving them Power of Attorney. Three posts on the structural gap in enterprise IAM and what it takes to close it.
You’ve been giving AI agents credentials. You should have been giving them Power of Attorney. Three posts on the structural gap in enterprise IAM and what it takes to close it.
Superseded by the Mission-Bound Authorization draft family, kept as history. Four posts on Mission-Bound OAuth: the core architecture, the Client Context / ID-JAG companion profile, the AAuth mapping, and a final critique of the architecture itself.
Many current agent deployments skip the step that turns approved intent into bounded authority. This two-part series covers the Mission shaping problem and why even a well-shaped Mission is not enough once an agent is running in the world.
OAuth succeeded in closed worlds. Agents are pushing it into open-world authorization, where discovery, resource binding, and first-contact trust have to work before governance can. This series separates the substrate problem from the Mission shaping problem and explains why agent authorization needs both layers to hold.
Least-privilege MCP tool calls have two natural authorization paths: carry narrow authority in a token, or decide each call at the resource. This series compares the models, explains the standards around decisions, failure signaling, and requestable denials, and isolates the gap none of them closes: the missing task object.