Client Context and ID-JAG: Encoding Mission at the Authentication Layer
Rich Authorization Requests are the natural first instinct for encoding agent missions, but access tokens are audience-bound and cross-domain authorization server interoperability is limited. The OpenID Connect Client Context draft takes a different approach: encoding mission intent at authentication time so the ID Token becomes the portable trust anchor for cross-domain access via the Identity Assertion Authorization Grant pattern. Three enforcement layers result: the OpenID Provider enforces mission policy at authentication, the agent runtime enforces it before any external call, and downstream authorization servers enforce it at access time.