Series

5 Articles

Mission-Bound OAuth

Superseded by the Mission-Bound Authorization draft family, kept as history. Four posts on Mission-Bound OAuth: the core architecture, the Client Context / ID-JAG companion profile, the AAuth mapping, and a final critique of the architecture itself.

Mission Shaping

Many current agent deployments skip the step that turns approved intent into bounded authority. This two-part series covers the Mission shaping problem and why even a well-shaped Mission is not enough once an agent is running in the world.

Open-World OAuth

OAuth succeeded in closed worlds. Agents are pushing it into open-world authorization, where discovery, resource binding, and first-contact trust have to work before governance can. This series separates the substrate problem from the Mission shaping problem and explains why agent authorization needs both layers to hold.

Least-Privilege MCP Tool Calls

Least-privilege MCP tool calls have two natural authorization paths: carry narrow authority in a token, or decide each call at the resource. This series compares the models, explains the standards around decisions, failure signaling, and requestable denials, and isolates the gap none of them closes: the missing task object.