https://notes.karlmcguinness.com/tags/mission-bound-oauth/Recent content in Mission-Bound OAuth on Control Plane by Karl McGuinnessHugoen-uspublic@karlmcguinness.com (Karl McGuinness)public@karlmcguinness.com (Karl McGuinness)Fri, 22 May 2026 14:00:00 -0700https://notes.karlmcguinness.com/notes/mission-bound-oauth-minimum-profile/Fri, 22 May 2026 14:00:00 -0700public@karlmcguinness.com (Karl McGuinness)https://notes.karlmcguinness.com/notes/mission-bound-oauth-minimum-profile/Agent workflows expose a missing OAuth layer: durable task authority. The Minimum Profile adds five concrete protocol surfaces: a mission_intent RAR envelope, a resource_access RAR type, a Mission record at the AS, a mission claim on access tokens, and Mission-state enforcement across derivation. Everything else composes with existing OAuth, RAR, PAR, Token Exchange, ID-JAG, AuthZEN escalation, and shared signals.