56 Tags
- AAuth Now Has a Mission Layer
- Open-World OAuth Still Needs Mission Shaping
- Mission Architecture on AAuth
View tag- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
View tag- The Identity Continuation Assertion
- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
View all 24- Welcome to Control Plane
View tag- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
View tag- Mission Shaping Is Not Enough
- The Mission Shaping Problem
- Why Mission-Bound OAuth Might Be the Wrong Answer
View tag- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
View tag- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
- Authorization Denied Is No Longer Enough
View all 20- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
- Authorization Denied Is No Longer Enough
View tag- ID-JAG Beyond the Enterprise IdP
View tag- Client Instances Are Actors, Not New Clients
View tag- Client Instances Are Actors, Not New Clients
View tag- The Identity Continuation Assertion
- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
- Re-Subjecting Is a Mint, Not an Attenuation
- Authorization Denied Is No Longer Enough
- Sessions Are Not Missions
Why Agent Harnesses Cannot Own the Mission Layer
View all 9- Client Instances Are Actors, Not New Clients
- Standardize `act` Across Assertion Grants and JWT Access Tokens
View tag- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
View tag- Welcome to Control Plane
View tag- Enterprise SaaS Needs OAuth Federation Now
View tag- SAML at the Post-Quantum Crossroads
View tag- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
View tag- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
View tag- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
View tag- The Identity Continuation Assertion
- Re-Subjecting Is a Mint, Not an Attenuation
- Authorization Denied Is No Longer Enough
- SAML at the Post-Quantum Crossroads
- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
View all 16- The Identity Continuation Assertion
- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
- Re-Subjecting Is a Mint, Not an Attenuation
- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
- Enterprise SaaS Needs OAuth Federation Now
View all 7- Welcome to Control Plane
View tag- The Identity Continuation Assertion
- Re-Subjecting Is a Mint, Not an Attenuation
View tag- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
- Mission-Bound OAuth
View tag- SAML at the Post-Quantum Crossroads
View tag- Client Instances Are Actors, Not New Clients
- Standardize `act` Across Assertion Grants and JWT Access Tokens
View tag- Standardize `act` Across Assertion Grants and JWT Access Tokens
View tag- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
- Sessions Are Not Missions
Why Agent Harnesses Cannot Own the Mission Layer
- Open-World OAuth Still Needs Mission Shaping
- OAuth for Open-World Ecosystems
View tag- Authorization Denied Is No Longer Enough
- AAuth Now Has a Mission Layer
- Open-World OAuth Still Needs Mission Shaping
View tag- The Identity Continuation Assertion
- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
- Re-Subjecting Is a Mint, Not an Attenuation
View all 22- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
View tag- SAML at the Post-Quantum Crossroads
- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
- ID-JAG Beyond the Enterprise IdP
- OAuth for Open-World Ecosystems
- Client Context and ID-JAG for Mission-Bound OAuth
View tag- Welcome to Control Plane
View tag- SAML at the Post-Quantum Crossroads
View tag- Standardize `act` Across Assertion Grants and JWT Access Tokens
View tag- Closing the Gaps in Least-Privilege MCP Tool Calls
AuthZEN, ARAP, and the Task Neither Names
- Two Models for Least-Privilege MCP Tool Calls
Carry Authority in a Token, or Decide at the Resource
View tag- SAML at the Post-Quantum Crossroads
View tag- Mission Shaping Is Not Enough
- The Mission Shaping Problem
View tag- Sessions Are Not Missions
Why Agent Harnesses Cannot Own the Mission Layer
- Agents Don't Need Your Passport. They Need Your Authority.
- From Passports to Power of Attorney
- Governing the Stay, Not Just the Entry
View tag- Sessions Are Not Missions
Why Agent Harnesses Cannot Own the Mission Layer
View tag- The Identity Continuation Assertion
- Authorization Is the Other Half of Executable Intent
Evals Made Intent Executable for Verification. A Mission Makes It Executable for Authorization.
- Re-Subjecting Is a Mint, Not an Attenuation
- Authorization Denied Is No Longer Enough
- The Agent Provider Is the IdP: A Standards Reading of WorkOS auth.md
View all 10- Standardize `act` Across Assertion Grants and JWT Access Tokens
View tag- Re-Subjecting Is a Mint, Not an Attenuation
View tag- Trusting Issuers in Open-World OAuth
Identity Assertion Trust Framework and Domain-Authorized Issuer Trust Method
View tag- Client Instances Are Actors, Not New Clients
View tag- The Identity Continuation Assertion
- Re-Subjecting Is a Mint, Not an Attenuation
- Enterprise SaaS Needs OAuth Federation Now
- ID-JAG Beyond the Enterprise IdP
View tag