https://notes.karlmcguinness.com/series/open-world-oauth/Recent content in Open-World OAuth on Control Plane by Karl McGuinnessHugoen-uspublic@karlmcguinness.com (Karl McGuinness)public@karlmcguinness.com (Karl McGuinness)Sat, 21 Mar 2026 10:00:00 -0700https://notes.karlmcguinness.com/notes/open-world-oauth-still-needs-mission-shaping/Sat, 21 Mar 2026 10:00:00 -0700public@karlmcguinness.com (Karl McGuinness)https://notes.karlmcguinness.com/notes/open-world-oauth-still-needs-mission-shaping/Open-world OAuth can improve discovery, resource binding, and first-contact trust. That still leaves the harder agent problem: how approved intent becomes bounded authority that stays governed across delegation chains, unfamiliar tools, consent expansion, revocation, and task termination.https://notes.karlmcguinness.com/notes/oauth-for-open-world-ecosystems/Fri, 20 Mar 2026 10:00:00 -0700public@karlmcguinness.com (Karl McGuinness)https://notes.karlmcguinness.com/notes/oauth-for-open-world-ecosystems/OAuth was built for closed worlds, and that constraint is why it became mature. Agents expose the limits of that deployment model. This post traces what the newer OAuth standards get right and which substrate gaps still need to close.