<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-chen-oauth-agent-authz-use-cases-01" category="info" submissionType="IETF" xml:lang="en" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Authorization use cases">Agent Authorization use cases and gap analysis</title>
    <seriesInfo name="Internet-Draft" value="draft-chen-oauth-agent-authz-use-cases-01"/>
    <author initials="M." surname="Chen" fullname="Meiling Chen">
      <organization>China Mobile</organization>
      <address>
        <postal>
          <city>BeiJing</city>
          <country>China</country>
        </postal>
        <email>chenmeiling@chinamobile.com</email>
      </address>
    </author>
    <author initials="J." surname="Chen" fullname="Jia Chen">
      <organization>China Mobile</organization>
      <address>
        <postal>
          <city>BeiJing</city>
          <country>China</country>
        </postal>
        <email>chenjia@chinamobile.com</email>
      </address>
    </author>
    <author initials="J." surname="Yao" fullname="Jiankang Yao">
      <organization>CNNIC</organization>
      <address>
        <postal>
          <city>BeiJing</city>
          <country>China</country>
        </postal>
        <email>yaojk@cnnic.cn</email>
      </address>
    </author>
    <author initials="Y." surname="Jiang" fullname="Yuning Jiang">
      <organization/>
      <address>
        <email>jiangyuning2@h-partners.com</email>
      </address>
    </author>
    <author initials="C. P." surname="Liu" fullname="Chunchi Peter Liu">
      <organization>Huawei</organization>
      <address>
        <email>liuchunchi@huawei.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Security</area>
    <workgroup>OAuth Working Group</workgroup>
    <keyword>OAuth</keyword>
    <keyword>Agent</keyword>
    <keyword>AI</keyword>
    <keyword>Artificial Intelligence</keyword>
    <keyword>Authorization</keyword>
    <keyword>Delegation</keyword>
    <keyword>Revocation</keyword>
    <keyword>Gap Analysis</keyword>
    <abstract>
      <?line 59?>

<t>This document provides a systematic analysis of these emerging agent-based use cases. It categorizes them into distinct scenarios, details their specific authorization requirements, and performs a comprehensive gap analysis against the existing OAuth 2.0 framework <xref target="RFC6749"/> and its common extensions. The analysis identifies fundamental mismatches, the goal of this document is to articulate these gaps clearly, providing a foundation for future work on new extensions within the OAuth Working Group to address the authorization needs of the next generation of ai agents.</t>
    </abstract>
  </front>
  <middle>
    <?line 63?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The OAuth 2.0 Authorization Framework <xref target="RFC6749"/> has become the de facto standard for delegated authorization on the internet. Its success is rooted in a well-defined model where a resource owner grants a third-party client limited access to their resources without sharing their credentials. This model primarily assumes a user-present, interactive flow where a static set of permissions (scopes) is approved upfront.</t>
      <t>However, the landscape is rapidly evolving with the advent of sophisticated AI-driven "Agents". These are not simple clients but autonomous or semi-autonomous entities that perform complex, multi-step tasks on behalf of a user or another system. Their operational characteristics include:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Delegated Autonomy:</strong> Agents act with authority delegated from a principal (user or system) over extended periods.</t>
        </li>
        <li>
          <t><strong>Complex Task Decomposition:</strong> An agent might take a high-level instruction (e.g., "plan my business trip") and decompose it into numerous discrete actions involving multiple resource servers.</t>
        </li>
        <li>
          <t><strong>Asynchronous &amp; Long-Running Operations:</strong> Tasks may run for hours, days, or indefinitely, often without direct, real-time supervision from the principal.</t>
        </li>
        <li>
          <t><strong>Dynamic &amp; Emergent Needs:</strong> The exact permissions required may not be known at the start of a task but emerge as the agent plans and executes its steps.</t>
        </li>
        <li>
          <t><strong>Composition &amp; Chaining:</strong> Agents may delegate sub-tasks to other agents, forming a chain of authority.</t>
        </li>
        <li>
          <t><strong>Cross-Domain</strong>: Chained or composited task orchestration often require calling of resources in different administrative domains.</t>
        </li>
      </ul>
      <t>This document does not propose new solutions or protocols. Instead, its purpose is to:
*   Define the key actors and concepts in agent-based authorization scenarios.
*   Describe a set of core use cases that exemplify the new challenges.
*   Conduct a gap analysis for each use case, identifying where the current OAuth 2.0 framework and its extensions fall short.
*   Summarize the key security considerations.</t>
      <t>By clearly articulating these gaps, this document aims to provide a shared understanding of the problem space and stimulate focused work on developing interoperable solutions for the next generation of delegated authorization.</t>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <t>In addition to the terms defined in <xref target="RFC6749"/>, this document uses the following terms:</t>
      <dl>
        <dt><strong>User (Resource Owner):</strong></dt>
        <dd>
          <t>An entity capable of granting access to a protected resource. In the context of this document, the user is the person who delegates authority to an agent. Conforms to the definition of "Resource Owner" in <xref target="RFC6749"/>.</t>
        </dd>
        <dt><strong>Authorization Server (AS):</strong></dt>
        <dd>
          <t>The server that authenticates the User and issues access tokens to the Agent after obtaining the User's authorization. Conforms to the definition in <xref target="RFC6749"/>.</t>
        </dd>
        <dt><strong>Resource Server (RS):</strong></dt>
        <dd>
          <t>The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. Conforms to the definition in <xref target="RFC6749"/>.</t>
        </dd>
        <dt><strong>Delegation Chain:</strong></dt>
        <dd>
          <t>A sequence of delegation events, where one actor grants a subset of its authority to another. For example: User -&gt; Agent A -&gt; Agent B.</t>
        </dd>
        <dt><strong>Intent:</strong></dt>
        <dd>
          <t>A high-level description of a goal or task that the user wants the agent to accomplish (e.g., "book me a flight to Hawaii for next week").</t>
        </dd>
        <dt><strong>Tool:</strong></dt>
        <dd>
          <t>A specific API or function that an agent can call to perform an action (e.g., a <tt>search_flights</tt> API, a <tt>send_email</tt> function).</t>
        </dd>
      </dl>
    </section>
    <section anchor="core-use-cases-and-gap-analysis">
      <name>Core Use Cases and Gap Analysis</name>
      <t>This section explores different categories of use cases, providing a concrete example for each, and analyzes the gaps in the existing OAuth 2.x framework. For each use case, we examine what can be achieved with existing tools and, more importantly, what is missing.</t>
      <section anchor="category-1-personal-consumer-scenarios">
        <name>Category 1: Personal &amp; Consumer Scenarios</name>
        <section anchor="use-case-1-personal-digital-assistant">
          <name>Use Case 1: Personal Digital Assistant</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A user gives a high-level, natural language command to their AI assistant. The assistant must decompose this command into multiple steps and interact with various services to fulfill the request.</t>
            </li>
            <li>
              <t><strong>Example:</strong> Alice tells her AI assistant, <em>"Help me plan a picnic for this Saturday."</em> The assistant needs to:
              </t>
              <ol spacing="normal" type="1"><li>
                  <t>Check Alice's calendar for availability (requires <tt>calendar.read</tt>).</t>
                </li>
                <li>
                  <t>Check the weather forecast for Saturday (requires <tt>weather.read</tt>).</t>
                </li>
                <li>
                  <t>If the weather is good, suggest nearby parks (requires <tt>maps.search</tt>).</t>
                </li>
                <li>
                  <t>After Alice chooses a park, book a picnic spot if required (requires <tt>parks.book</tt>).</t>
                </li>
                <li>
                  <t>Finally, add the event to Alice's calendar (requires <tt>calendar.write</tt>).</t>
                </li>
              </ol>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Intent-to-Permission Translation:</strong> The system must translate the high-level intent ("plan a picnic") into a series of specific, just-in-time permission requests.</t>
                </li>
                <li>
                  <t><strong>Interactive, Multi-Step Consent:</strong> The agent needs to "talk back" to the user for intermediate decisions (e.g., "The weather looks great! I found three parks nearby. Which one do you prefer?"). Authorization for the next step (booking) should only be granted after the user's choice.</t>
                </li>
                <li>
                  <t><strong>Task-Level Revocation:</strong> Alice should be able to say, <em>"Cancel the picnic planning,"</em> and have all permissions related to this specific task instantly revoked, without affecting other tasks the agent might be performing.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> The OAuth Authorization Code flow can be used to get the initial permissions (like <tt>calendar.read</tt>). Refresh Tokens can keep the agent's session alive.</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Fundamental Paradigm Mismatch:</strong> OAuth is a <strong>"pre-authorization"</strong> model. It asks the user to approve a static list of scopes (<tt>calendar.read</tt>, <tt>weather.read</tt>, <tt>maps.search</tt>, etc.) all at once at the beginning. It cannot understand the <em>intent</em> ("plan a picnic") and dynamically grant permissions as the task unfolds. This is the core gap.</t>
                    </li>
                    <li>
                      <t><strong>No Standardized Interactive Flow:</strong> There is no standard OAuth mechanism for an agent to "pause" a task, ask the user for a decision, and then use that decision to request a new, specific permission. This logic is currently left to complex, proprietary application-layer implementations.</t>
                    </li>
                    <li>
                      <t><strong>Impractical Revocation:</strong> OAuth Token Revocation (<xref target="RFC7009"/>) revokes a single token. To achieve task-level revocation, the application would need to manage a complex mapping of tasks to tokens. There is no standard way to say "revoke everything related to 'picnic planning'."</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-2-smart-home-automation">
          <name>Use Case 2: Smart Home &amp; Automation</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A central home hub agent manages various IoT devices based on pre-defined rules or real-time events.</t>
            </li>
            <li>
              <t><strong>Example:</strong> Bob sets up a "Good Morning" routine. When his alarm goes off at 7 AM on a weekday, the home hub agent is authorized to:
              </t>
              <ol spacing="normal" type="1"><li>
                  <t>Slowly turn on the bedroom lights (device: <tt>bedroom_light</tt>, capability: <tt>brightness</tt>).</t>
                </li>
                <li>
                  <t>Set the thermostat to 70°F (device: <tt>thermostat</tt>, capability: <tt>set_temperature</tt>).</t>
                </li>
                <li>
                  <t>Start the coffee maker (device: <tt>coffee_maker</tt>, capability: <tt>on_off</tt>).</t>
                </li>
              </ol>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Persistent Delegation:</strong> After a one-time setup, the agent must be able to perform these actions daily without Bob's intervention.</t>
                </li>
                <li>
                  <t><strong>Fine-Grained Device &amp; Capability Permissions:</strong> The agent should be authorized to control the <tt>brightness</tt> of the <tt>bedroom_light</tt>, but not, for example, to unlock the <tt>front_door</tt>.</t>
                </li>
                <li>
                  <t><strong>Conditional or Event-Driven Authorization:</strong> The permissions should only be usable when specific conditions are met (e.g., <tt>time=7AM</tt> AND <tt>day=weekday</tt>).</t>
                </li>
                <li>
                  <t><strong>Bulk Revocation:</strong> When Bob sells his house, he needs a simple way to revoke all permissions for all devices from his home hub with a single action.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> Refresh Tokens are well-suited for persistent delegation. Scopes can be defined with high granularity (e.g., <tt>device:bedroom_light:brightness</tt>).</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>      </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>"Scope Explosion" and Usability:</strong> In a home with hundreds of devices and capabilities, presenting the user with a list of thousands of scopes to approve is unmanageable. The OAuth consent screen was not designed for this scale.</t>
                    </li>
                    <li>
                      <t><strong>No Standardized Policy Enforcement:</strong> OAuth grants <em>what</em> an agent can do, but not <em>when</em> or <em>under what conditions</em>. The logic to enforce <tt>time=7AM</tt> is outside the protocol and must be custom-built into the agent or the device's resource server, leading to inconsistent and non-interoperable implementations.</t>
                    </li>
                    <li>
                      <t><strong>No Standardized Bulk Revocation:</strong> <xref target="RFC7009"/> is for revoking one token at a time. There is no standard API to "revoke all tokens for user Bob" or "revoke all tokens issued to the home hub client." This is a critical administrative and security gap, forcing reliance on proprietary AS-specific APIs.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-3-agent-as-users-full-proxy-to-access-third-party-tools">
          <name>Use Case 3: Agent as User's Full Proxy to Access Third-Party Tools</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A user authorizes an agent to use a third-party service on their behalf. The service, however, was designed for human interaction and has no built-in awareness of automated agents, leading to potential misuse or policy violations.</t>
            </li>
            <li>
              <t><strong>Example:</strong>  Charlie authorizes his personal research assistant agent to use his subscription to an academic paper database. The agent, acting as Charlie, begins downloading hundreds of papers for a literature review. The database service detects this high-frequency activity, flags it as a potential DDoS attack or data scraping, and temporarily locks Charlie's account, disrupting both the agent's task and Charlie's own access.</t>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Agent-User Differentiation:</strong> : The third-party service must be able to reliably distinguish between requests coming directly from Charlie and requests made by his agent.</t>
                </li>
                <li>
                  <t><strong>Agent-Specific Policies:</strong> The service needs a way to apply different policies (e.g., stricter rate limits, restricted API access) to the agent without impacting the human user's normal access rights.</t>
                </li>
                <li>
                  <t><strong>Delegated Authority with Constraints:</strong> The authorization given to the agent should be a constrained subset of the user's full permissions (e.g., "can search and download, but no more than 100 papers per hour").</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What (partially) works:</strong>  OAuth allows a user to delegate access to a client (the agent). The scope parameter can limit which APIs the agent can call.      </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>What Works (Partially):</strong> OAuth allows a user to delegate access to a client (the agent). The <tt>scope</tt> parameter can limit which APIs the agent can call.</t>
                    </li>
                  </ul>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>      </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>No Standard Agent Identifier:</strong> There is no standard OAuth claim or parameter that explicitly signals "this request is from an automated agent." Resource servers are left to guess based on non-standard signals like User-Agent strings or unusual traffic patterns.</t>
                    </li>
                    <li>
                      <t><strong>Inability to Express Constraints:</strong> The standard <tt>scope</tt> mechanism is binary (permission is granted or not). It cannot express or enforce nuanced constraints like rate limits, data volume caps, or time-of-day restrictions as part of the authorization grant itself.</t>
                    </li>
                    <li>
                      <t><strong>Confused Deputy Risk:</strong> Without clear differentiation, the service provider cannot tell if high-volume activity is malicious (account takeover) or a legitimate but overly aggressive agent. Their only recourse is often to block the user's account entirely.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-4-agent-as-users-proxy-to-access-operating-system-resources">
          <name>Use Case 4: Agent as User's Proxy to Access Operating System Resources</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> An agent running on a user's device (e.g., a laptop or smartphone) needs to perform tasks that require access to local resources like files, applications, or system settings.</t>
            </li>
            <li>
              <t><strong>Example:</strong> Diana asks her desktop agent, <em>"Clean up my downloads folder and free up disk space."</em> To do this, the agent needs permission to read and delete files within <tt>/home/diana/downloads</tt>. However, to be "helpful," the agent might also try to clear system-wide caches, which requires elevated, system-level permissions.</t>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Fine-Grained Resource Access:</strong> The agent should be granted access only to the specific files or settings needed for a task (e.g., a single folder), not the user's entire home directory or full system access.</t>
                </li>
                <li>
                  <t><strong>Task-Scoped Permissions:</strong> Permissions should be granted for the duration of a specific task ("clean downloads folder") and automatically revoked upon completion.</t>
                </li>
                <li>
                  <t><strong>Secure Privilege Escalation:</strong> If a task requires elevated permissions, there must be a secure, user-approved mechanism for the agent to request them just-in-time, rather than running with high privileges constantly.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> Modern operating systems have their own permission models (e.g., app sandboxing, runtime permission prompts).</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Architectural Mismatch:</strong> OAuth is a framework for network-based delegated authorization. It is not designed to manage local, process-level OS permissions. There is a fundamental mismatch between the two models.</t>
                    </li>
                    <li>
                      <t><strong>Lack of a Standard Bridge:</strong> There is no standard protocol to connect an agent's high-level intent (often determined in the cloud) to a secure, fine-grained grant of local OS permissions on the device.</t>
                    </li>
                    <li>
                      <t><strong>Over-Privileging by Default:</strong> Due to the lack of a standard bridge, developers often resort to a dangerous workaround: the agent's local component is installed with broad, persistent permissions (e.g., running with the user's full rights or even as a system service). This completely bypasses the principle of least privilege and creates a significant security risk.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="category-2-enterprise-business-process-scenarios">
        <name>Category 2: Enterprise &amp; Business Process Scenarios</name>
        <section anchor="use-case-5-complex-business-process-automation">
          <name>Use Case 5: Complex Business Process Automation</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A task is passed through a chain of specialized agents, each performing one step of a larger business process.</t>
            </li>
            <li>
              <t><strong>Example:</strong> An automated insurance claim process:
              </t>
              <ol spacing="normal" type="1"><li>
                  <t><strong>Agent A (Intake):</strong> Receives a claim from a customer and is authorized to read the customer's policy. It passes the claim to the next agent.</t>
                </li>
                <li>
                  <t><strong>Agent B (Verification):</strong> Receives the claim from Agent A. It is authorized to access external databases to verify the details of the incident. It then passes the verified claim to Agent C.</t>
                </li>
                <li>
                  <t><strong>Agent C (Adjudication):</strong> Receives the verified claim from Agent B. It is authorized to run a risk assessment and approve or deny the claim. If approved, it delegates the final action to Agent D.</t>
                </li>
                <li>
                  <t><strong>Agent D (Payment):</strong> Receives the approved claim from Agent C. It is authorized <em>only</em> to execute a payment to the customer's bank account for the approved amount.</t>
                </li>
              </ol>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Verifiable Delegation Chain:</strong> The final agent (Payment Agent D) and the resource server (the bank's API) must be able to cryptographically verify the entire authorization path: <tt>Customer -&gt; Agent A -&gt; Agent B -&gt; Agent C -&gt; Agent D</tt>.</t>
                </li>
                <li>
                  <t><strong>Principle of Least Privilege at Each Step:</strong> Agent B should have no payment authority, and Agent D should have no access to the customer's policy details. The permissions must be strictly constrained at each step in the chain.</t>
                </li>
                <li>
                  <t><strong>Auditable Context:</strong> The entire process must be tied to a single, auditable <tt>claim_id</tt> that is securely passed along the chain.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> OAuth 2.0 Token Exchange <xref target="RFC8693"/> introduces the <tt>act</tt> (actor) claim, which provides a primitive to show that one agent is acting on behalf of another. This is a foundational building block.</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>No Native Support for Chains:</strong> A standard OAuth token represents a simple, two-party delegation (User -&gt; Agent A). It cannot natively represent a multi-step chain (<tt>User -&gt; A -&gt; B -&gt; C</tt>). While the <tt>act</tt> claim from <xref target="RFC8693"/> helps, there is no standard for how to nest these claims to create a verifiable, multi-hop chain. This is a major architectural gap.</t>
                    </li>
                    <li>
                      <t><strong>Lack of Standardized Context Passing:</strong> There is no standard field in an OAuth token to carry the <tt>claim_id</tt> securely through the process. Developers resort to custom claims in a JWT, which harms interoperability.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-6-coordinated-task-group">
          <name>Use Case 6: Coordinated Task Group</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A coordinating agent decomposes a user's request into subtasks and assembles a group of specialized sub-agents to execute them. Unlike the delegation chain in Use Case 5, where each agent derives its authority from the previous agent hop by hop, here every member's authority stems from a single grant obtained centrally by the coordinator <xref target="I-D.song-oauth-ai-agent-collaborate-authz"/>. The execution order of subtasks (sequential, parallel, or mixed) is independent of this authorization structure.</t>
            </li>
            <li>
              <t><strong>Example:</strong> A user asks a health assistant for real-time health advice. A leading agent resolves the request into three subtasks: collecting the user's health data, predicting the user's health status, and generating advice. It selects a sub-agent for each subtask, each needing access to different resource servers (a wearable data API, a prediction service, a guideline repository). Sub-agents may all be selected upfront, or incrementally during execution as intermediate results reveal which further subtasks are needed.</t>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>One Grant, Many Members:</strong> The coordinator must be able to obtain authorization once, on behalf of the whole group, rather than each member running its own flow against the authorization server and the user.</t>
                </li>
                <li>
                  <t><strong>Member-Level Least Privilege:</strong> Each member must be confined to its own subject-audience-scope binding within the group's overall authority.</t>
                </li>
                <li>
                  <t><strong>Late Binding of Members:</strong> Members selected mid-execution must be able to receive authority under the existing grant without a full re-authorization round trip.</t>
                </li>
                <li>
                  <t><strong>Group Lifecycle:</strong> When the task completes or the coordinator is compromised, the entire group's authority must be terminable as one unit.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> The Client Credentials grant and Token Exchange <xref target="RFC8693"/> allow individual agents to obtain tokens, and Rich Authorization Requests <xref target="RFC9396"/> can express fine-grained permissions per request.</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Per-Member Authorization Does Not Scale:</strong> N members individually authenticating and obtaining tokens for what is logically one user grant means N authorization server interactions and potentially N consent prompts for a single request. There is no standard way for one party to request authorization on behalf of an enumerated set of clients.</t>
                    </li>
                    <li>
                      <t><strong>No Group Construct in the Token Model:</strong> Tokens describe one client acting for one subject. There is no standard representation of group membership, nor of per-member subject-audience-scope bindings under a common grant, that a resource server could verify.</t>
                    </li>
                    <li>
                      <t><strong>No Late Binding of Members:</strong> Members that cannot be enumerated at grant time have no standard way to be admitted to the group's authority, for example via a verifiable task assignment bound to the original grant.</t>
                    </li>
                    <li>
                      <t><strong>No Group Lifecycle Management:</strong> There is no standard way to terminate a group's authority atomically, nor an enforced rule that a member's effective permissions remain a subset of the group's.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-7-automated-dnssec-ds-record-maintenance-agent">
          <name>Use Case 7: Automated DNSSEC DS Record Maintenance Agent</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> This case follows the multi-agent RRR (Registrant-Registrar-Registry) model defined in <tt>draft-ietf-dnsop-ds-automation-09</tt>. A corporate domain owner deploys chained agents to fully automate DS record updates during DNSSEC KSK rollovers, zone bootstrapping, and zone deletion, relying on CDS/CDNSKEY signals between child authoritative zones and parent registry systems.</t>
            </li>
            <li>
              <t><strong>Example:</strong> The whole workflow runs unattended under a one-time delegated permission from the domain registrant, forming a delegation chain: <strong>Registrant --&gt; Registrar Agent --&gt; Registry Agent.</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Zone Agent:</strong> Publishes consistent CDS/CDNSKEY records on all name servers after key rollover.</t>
                </li>
                <li>
                  <t><strong>Registrar Agent:</strong> Pulls and validates CDS data, forwards DS update requests to the registry.</t>
                </li>
                <li>
                  <t><strong>Registry Agent:</strong> Applies DS records to the parent zone and sends operation notifications.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t>Cryptographically verifiable multi-hop delegation chain for a full audit trail.</t>
                </li>
                <li>
                  <t>Fine-grained permission limited to a fixed set of domains, only allowing DS updating without modifying other DNS records.</t>
                </li>
                <li>
                  <t>Support task-specific revocation: revoke all DS automation permissions without affecting other agent workflows.</t>
                </li>
                <li>
                  <t>Standard audit context identifier passed across all agent hops for compliance logging.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> Client Credentials can assign identities to registry/registrar agents. RFC 8693 token exchange supports simple single-hop agent delegation.</t>
                </li>
                <li>
                  <t>**What's Missing (The Gap)      </t>
                  <ul spacing="normal">
                    <li>
                      <t>**Current DS automation does not use OAuth. OAuth only supports two-party delegation and lacks standard multi-hop RRR delegation syntax; proprietary JWT claims hurt interoperability.</t>
                    </li>
                    <li>
                      <t>**OAuth has no standardized task/bulk revocation. Securing DS automation via OAuth would require repetitive single-token revocation in incidents.</t>
                    </li>
                    <li>
                      <t>**No reserved OAuth JWT claim for cross-agent audit IDs, breaking consistent compliance logging for DS automation.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="use-case-8-managed-services">
          <name>Use Case 8: Managed Services</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> The managed service model refers to an integrated end-to-end managed service solution delivered by a prime service integrator through the aggregation of infrastructure and services from multiple sub-providers. End users interact with a single, unified resource platform instead of multiple separate sub-modules. However, coordinating resources across different administrative domains introduces complex authorization challenges.</t>
            </li>
            <li>
              <t><strong>Example:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t>Telecom operator delivers a managed global secure SD-WAN orchestration service, which requires coordination of many localized regional telecom operators/ISPs and security service providers.</t>
                </li>
                <li>
                  <t>Telecom operator delivers a managed smart home + security solution through a home-hub, which integrates controls over IPTV, streaming services, smart IoT (security cameras) etc.</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Cross-domain Authorization:</strong> The fast provisioning of an integrated service (take SD-WAN as an example) requires acquiring authorization from different service sub-providers in their respective administrative domains.</t>
                </li>
                <li>
                  <t><strong>Batched Authorization:</strong> The fast provisioning of the integrated service requires requesting a batch of authorizations from different service sub-providers.</t>
                </li>
                <li>
                  <t><strong>Delegated Authorization:</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t>Prime service integrator may need to conditionally delegate network configuration modification privileges for specific branches to the on-site O&amp;M teams of local sub-providers. This delegation MAY be hierarchical.</t>
                    </li>
                    <li>
                      <t>End-users are often times tenants that only have renting privileges instead of ownership rights. Thus technically the prime service integrator is delegating the access privileges to the end-user to access each modular sub-service.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works:</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Cross-domain Single Authorization:</strong> The OAuth allows cross-domain authorization through <xref target="RFC7523"/> OAuth 2.0 authorization grant and <xref target="I-D.ietf-oauth-identity-chaining"/> Identity Chaining. But it MUST require one access token at a time.</t>
                    </li>
                    <li>
                      <t><strong>Single Domain Workflow:</strong> The OAuth allows workflow orchestration through <xref target="I-D.ietf-oauth-transaction-tokens"/> Transaction Token. It only allows workflow inside one trust domain.</t>
                    </li>
                  </ul>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Batched Authorization:</strong> How to request access permissions to a batch of resources from the user at once, while precisely delegating fine-grained privileges to the respective sub-agent responsible for executing each sub-task.</t>
                    </li>
                    <li>
                      <t><strong>Cross-domain Workflow:</strong> How to request access permissions across different trust domains, while ensuring secure propagation of important contextual information (claims, caller identity, rich authorization contexts...).</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="category-3-security-administrative-scenarios">
        <name>Category 3: Security &amp; Administrative Scenarios</name>
        <section anchor="use-case-9-automated-security-incident-response">
          <name>Use Case 9: Automated Security Incident Response</name>
          <ul spacing="normal">
            <li>
              <t><strong>Scenario Description:</strong> A security agent detects a security threat and must take immediate, automated action to contain it.</t>
            </li>
            <li>
              <t><strong>Example:</strong> A security system detects that an employee's laptop has been compromised by malware. An automated security agent is triggered to:
              </t>
              <ol spacing="normal" type="1"><li>
                  <t>Immediately revoke all active login sessions for that employee across all company applications (e.g., email, code repository, HR system).</t>
                </li>
                <li>
                  <t>Isolate the compromised laptop from the corporate network.</t>
                </li>
                <li>
                  <t>Temporarily suspend the user's account to prevent further unauthorized access.</t>
                </li>
              </ol>
            </li>
            <li>
              <t><strong>Authorization Requirements:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>Privileged, System-Level Authority:</strong> The security agent needs broad, pre-approved authority to perform high-impact administrative actions.</t>
                </li>
                <li>
                  <t><strong>Global Token Revocation API:</strong> The agent must be able to make a single API call to the Authorization Server to "immediately revoke all access and refresh tokens associated with user ID <tt>employee-123</tt>."</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Gap Analysis:</strong>
              </t>
              <ul spacing="normal">
                <li>
                  <t><strong>What Works (Partially):</strong> The OAuth Client Credentials grant is suitable for giving the security agent its own system-level identity and authority.</t>
                </li>
                <li>
                  <t><strong>What's Missing (The Gap):</strong>
                  </t>
                  <ul spacing="normal">
                    <li>
                      <t><strong>Critically Inadequate Revocation API:</strong> This is the most significant gap for this use case. The one-token-at-a-time revocation endpoint in <xref target="RFC7009"/> is completely insufficient for a security incident. The need to make potentially thousands of individual API calls to revoke tokens is too slow and unreliable during an active attack. The lack of a standardized bulk revocation API is a major operational and security failure point.</t>
                    </li>
                  </ul>
                </li>
              </ul>
            </li>
          </ul>
        </section>
      </section>
    </section>
    <section anchor="summary-of-major-gaps">
      <name>Summary of Major Gaps</name>
      <t>The use cases above highlight several fundamental gaps between the needs of AI agents and the capabilities of the standard OAuth 2.x framework:</t>
      <ol spacing="normal" type="1"><li>
          <t><strong>From 'Pre-Approval' to 'Continuous Dialogue': A Paradigm Shift.</strong> OAuth's model is to get all permissions upfront. Agents need a continuous, interactive authorization model where permissions are granted dynamically and just-in-time as a task evolves from a high-level intent.</t>
        </li>
        <li>
          <t><strong>Lack of a Standardized Interactive Channel.</strong> The framework has no built-in mechanism for an agent to "pause" and securely ask the user for an intermediate decision or to respond to a real-time authorization challenge from a resource server.</t>
        </li>
        <li>
          <t><strong>Inability to Represent Delegation Chains.</strong> Standard tokens cannot securely represent a multi-step delegation chain (<tt>User -&gt; Agent A -&gt; Agent B</tt>). This is a critical blocker for automating complex, multi-agent business processes.</t>
        </li>
        <li>
          <t><strong>Insufficient Revocation Mechanisms.</strong> The single-token revocation API is inadequate. The lack of standardized APIs for task-level and bulk (per-user or per-client) revocation is a major operational and security deficiency.</t>
        </li>
        <li>
          <t><strong>Authorization Is Modeled Per-Client, Not Per-Group.</strong> OAuth has no notion of a set of clients acting as one task group under a single grant: no group membership representation, no admission of late-selected members, and no group-level lifecycle or atomic revocation.</t>
        </li>
      </ol>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>As we design new authorization mechanisms for agents, security must be the primary concern. The autonomy of agents amplifies the risk of any vulnerability.</t>
      <ul spacing="normal">
        <li>
          <t><strong>Risk of Over-Privileging:</strong> The current lack of dynamic authorization tempts developers to request broad, long-lived permissions ("god tokens"), dramatically increasing the damage if an agent is compromised. Future solutions must make it easy to follow the Principle of Least Privilege.</t>
        </li>
        <li>
          <t><strong>Delegation Chain Vulnerabilities:</strong> Without a standard for secure delegation chains, custom implementations are prone to "Confused Deputy" attacks, where an agent is tricked into misusing its authority.</t>
        </li>
        <li>
          <t><strong>Revocation Timeliness:</strong> In a world of powerful, autonomous agents, the ability to instantly and completely revoke all permissions for a compromised user or agent is not a "nice-to-have"; it is an absolute necessity.</t>
        </li>
        <li>
          <t><strong>Non-Repudiation:</strong> For enterprise and B2B scenarios, actions taken by agents must be cryptographically auditable and non-repudiable, creating a strong digital paper trail.</t>
        </li>
        <li>
          <t><strong>Coordinator as a Single Point of Authority:</strong> In coordinated task groups, the leading agent both requests authorization on behalf of all members and assigns their tasks. If the coordinator is compromised, the blast radius covers the entire group; its authority to act as an applier for others must therefore be separately authenticated, authorized, and auditable.</t>
        </li>
      </ul>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
    <section anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>The analysis and use cases in this document are derived from observations of emerging AI agent technologies and their application trends across various industries. Thanks are due to the OAuth community for their past and ongoing efforts in building a secure and interoperable authorization framework, upon which this work is built.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-informative-references">
      <name>Informative References</name>
      <reference anchor="RFC2119">
        <front>
          <title>Key words for use in RFCs to Indicate Requirement Levels</title>
          <author fullname="S. Bradner" initials="S." surname="Bradner"/>
          <date month="March" year="1997"/>
          <abstract>
            <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="2119"/>
        <seriesInfo name="DOI" value="10.17487/RFC2119"/>
      </reference>
      <reference anchor="RFC8174">
        <front>
          <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
          <author fullname="B. Leiba" initials="B." surname="Leiba"/>
          <date month="May" year="2017"/>
          <abstract>
            <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="8174"/>
        <seriesInfo name="DOI" value="10.17487/RFC8174"/>
      </reference>
      <reference anchor="RFC7009">
        <front>
          <title>OAuth 2.0 Token Revocation</title>
          <author fullname="T. Lodderstedt" initials="T." role="editor" surname="Lodderstedt"/>
          <author fullname="S. Dronia" initials="S." surname="Dronia"/>
          <author fullname="M. Scurtescu" initials="M." surname="Scurtescu"/>
          <date month="August" year="2013"/>
          <abstract>
            <t>This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="7009"/>
        <seriesInfo name="DOI" value="10.17487/RFC7009"/>
      </reference>
      <reference anchor="RFC6749">
        <front>
          <title>The OAuth 2.0 Authorization Framework</title>
          <author fullname="D. Hardt" initials="D." role="editor" surname="Hardt"/>
          <date month="October" year="2012"/>
          <abstract>
            <t>The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="6749"/>
        <seriesInfo name="DOI" value="10.17487/RFC6749"/>
      </reference>
      <reference anchor="RFC8693">
        <front>
          <title>OAuth 2.0 Token Exchange</title>
          <author fullname="M. Jones" initials="M." surname="Jones"/>
          <author fullname="A. Nadalin" initials="A." surname="Nadalin"/>
          <author fullname="B. Campbell" initials="B." role="editor" surname="Campbell"/>
          <author fullname="J. Bradley" initials="J." surname="Bradley"/>
          <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
          <date month="January" year="2020"/>
          <abstract>
            <t>This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="8693"/>
        <seriesInfo name="DOI" value="10.17487/RFC8693"/>
      </reference>
      <reference anchor="RFC9396">
        <front>
          <title>OAuth 2.0 Rich Authorization Requests</title>
          <author fullname="T. Lodderstedt" initials="T." surname="Lodderstedt"/>
          <author fullname="J. Richer" initials="J." surname="Richer"/>
          <author fullname="B. Campbell" initials="B." surname="Campbell"/>
          <date month="May" year="2023"/>
          <abstract>
            <t>This document specifies a new parameter authorization_details that is used to carry fine-grained authorization data in OAuth messages.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="9396"/>
        <seriesInfo name="DOI" value="10.17487/RFC9396"/>
      </reference>
      <reference anchor="RFC7523">
        <front>
          <title>JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants</title>
          <author fullname="M. Jones" initials="M." surname="Jones"/>
          <author fullname="B. Campbell" initials="B." surname="Campbell"/>
          <author fullname="C. Mortimore" initials="C." surname="Mortimore"/>
          <date month="May" year="2015"/>
          <abstract>
            <t>This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for client authentication.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="7523"/>
        <seriesInfo name="DOI" value="10.17487/RFC7523"/>
      </reference>
      <reference anchor="I-D.song-oauth-ai-agent-collaborate-authz">
        <front>
          <title>OAuth2.0 Extension for Multi-AI Agent Collaboration</title>
          <author fullname="Yurong Song" initials="Y." surname="Song">
            <organization>Huawei</organization>
          </author>
          <author fullname="LUN LI" initials="L." surname="Lun">
            <organization>Huawei</organization>
          </author>
          <author fullname="Yuning Jiang" initials="Y." surname="Jiang">
            <organization>Huawei Singapore</organization>
          </author>
          <author fullname="Faye Liu" initials="F." surname="Liu">
            <organization>Huawei Singapore</organization>
          </author>
          <date day="30" month="June" year="2026"/>
          <abstract>
            <t>   This method extends OAuth 2.0 by adding fields to token and message
   flows, enabling sub-agents to act as a task group.  It simplifies
   authorization for task groups, avoids repeated interactions between
   sub-agents and the authorization server, and bounds the authority
   delegated to the group and to each member while maintaining
   compatibility with existing OAuth 2.0 workflows.


            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-song-oauth-ai-agent-collaborate-authz-02"/>
      </reference>
      <reference anchor="I-D.ietf-oauth-identity-chaining">
        <front>
          <title>OAuth Identity and Authorization Chaining Across Domains</title>
          <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
            <organization>Defakto Security</organization>
          </author>
          <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
            <organization>Defakto Security</organization>
          </author>
          <author fullname="Kelley Burgin" initials="K." surname="Burgin">
            <organization>MITRE</organization>
          </author>
          <author fullname="Michael J. Jenkins" initials="M. J." surname="Jenkins">
            <organization>NSA-CCSS</organization>
          </author>
          <author fullname="Brian Campbell" initials="B." surname="Campbell">
            <organization>Ping Identity</organization>
          </author>
          <author fullname="Aaron Parecki" initials="A." surname="Parecki">
            <organization>Okta</organization>
          </author>
          <date day="26" month="June" year="2026"/>
          <abstract>
            <t>   This specification describes a mechanism for preserving identity and
   authorization information across trust domains that use the OAuth 2.0
   Framework.  A JSON Web Token (JWT) authorization grant, obtained
   through an intra-domain OAuth 2.0 Token Exchange, facilitates the
   cross-domain acquisition of an access token.  The relevant identity
   and authorization information is chained throughout the flow by being
   conveyed in the respective artifacts exchanged at each step of the
   process.  Chaining across multiple domains is achieved by using the
   same protocol every time a trust domain boundary is crossed.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-identity-chaining-16"/>
      </reference>
      <reference anchor="I-D.ietf-oauth-transaction-tokens">
        <front>
          <title>Transaction Tokens</title>
          <author fullname="Atul Tulshibagwale" initials="A." surname="Tulshibagwale">
            <organization>CrowdStrike</organization>
          </author>
          <author fullname="George Fletcher" initials="G." surname="Fletcher">
            <organization>Practical Identity LLC</organization>
          </author>
          <author fullname="Pieter Kasselman" initials="P." surname="Kasselman">
            <organization>Defakto Security</organization>
          </author>
          <date day="2" month="March" year="2026"/>
          <abstract>
            <t>   Transaction Tokens (Txn-Tokens) are designed to maintain and
   propagate user identity, workload identity and authorization context
   throughout the Call Chain within a trusted domain during the
   processing of external requests (e.g. such as API calls) or requests
   initiated internally within the trust domain.  Txn-Tokens ensure that
   this context is preserved throughout the Call Chain thereby enhancing
   security and consistency in complex, multi-service architectures.

            </t>
          </abstract>
        </front>
        <seriesInfo name="Internet-Draft" value="draft-ietf-oauth-transaction-tokens-08"/>
      </reference>
    </references>
    <?line 343?>

<section anchor="references">
      <name>References</name>
      <dl>
        <dt><xref target="RFC6749"/></dt>
        <dd>
          <t>Hardt, J., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, DOI 10.17487/RFC6749, October 2012, <eref target="https://www.rfc-editor.org/info/rfc6749">https://www.rfc-editor.org/info/rfc6749</eref>.</t>
        </dd>
        <dt><xref target="RFC7009"/></dt>
        <dd>
          <t>Lodderstedt, T., Ed., Dronia, S., and M. Scurtescu, "OAuth 2.0 Token Revocation", RFC 7009, DOI 10.17487/RFC7009, August 2013, <eref target="https://www.rfc-editor.org/info/rfc7009">https://www.rfc-editor.org/info/rfc7009</eref>.</t>
        </dd>
        <dt><xref target="RFC8693"/></dt>
        <dd>
          <t>Jones, M., Nadalin, A., Campbell, B., Ed., Bradley, J., and C. Mortimore, "OAuth 2.0 Token Exchange", RFC 8693, DOI 10.17487/RFC8693, January 2020, <eref target="https://www.rfc-editor.org/info/rfc8693">https://www.rfc-editor.org/info/rfc8693</eref>.</t>
        </dd>
        <dt><xref target="RFC9396"/></dt>
        <dd>
          <t>Lodderstedt, T., Richer, J., and B. Campbell, "OAuth 2.0 Rich Authorization Requests", RFC 9396, DOI 10.17487/RFC9396, May 2023, <eref target="https://www.rfc-editor.org/info/rfc9396">https://www.rfc-editor.org/info/rfc9396</eref>.</t>
        </dd>
        <dt><xref target="I-D.song-oauth-ai-agent-collaborate-authz"/></dt>
        <dd>
          <t>Song, Y., Li, L., Jiang, Y., and F. Liu, "OAuth2.0 Extension for Multi-AI Agent Collaboration", Work in Progress, Internet-Draft, draft-song-oauth-ai-agent-collaborate-authz-01, 28 February 2026, <eref target="https://datatracker.ietf.org/doc/html/draft-song-oauth-ai-agent-collaborate-authz-01">https://datatracker.ietf.org/doc/html/draft-song-oauth-ai-agent-collaborate-authz-01</eref>.</t>
        </dd>
      </dl>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA61963LbVrbmf1f5Hfaoq2JJQ9KXpJOOek6fliU7UTp2XJa6
U5lUKtoENklEIMDBRTJz6rzTPMM82axvrbUvAKnYTjrVnVAksLEv6/KtK6bT
6cMHbWer/Gdb1pU7MV3Tu4cPik3DH9vu2ZMnXz559vBBZrsTU1SLmq7v5+ui
bYu66rYbuuXixdXLhw9s4+yJuXRZ3xTd9uGDu+WJ+e6071bm+7q5Kaql+aqp
+83DBw8f5HVW2TXdmTd20U2zlaumtaVLp3bpqm6Kj79O+9ZNM9u6dvrkKe7q
iq6ke05xicHAdVP8ajuahqFLDV9qaCVmaTf0X1tu26Klec3njbs9ue+Ohw9K
W9FUXfXwwc3dycMHxkxl3vKRH6cfL/S/TVcsiqywpbmoOleWBV2TOf0xfYx8
de5Kt0z+futu6yz5+yua72mYL82Yh6CpTI1s0ytXlNjAs5XjW+qGJny2Kipr
XtXzouRHZ7TrJ+a5K76hS/mLuq+6ZqtX4hu3tkV5YrDfaxny7xl+W/Mgs6xe
x2d+U9h/5/N+KexvPqu6oVMwP9g6Pu/164uzj3vQ1ta/3Pw9q6oim2VVHP+H
vsL24THL5PJf8PeWf3v299V0Y5uuck07nNvZqq9o4uaN61xjvi36MMGve3vn
imS8sugzufrvK/5NRjL0D3EUsU6zplO/dUxkb1+ePXv69Ev/+S9Pv/jMf/6C
WM5//vyLz+I1n3/5qf/85adffh6u//Mz+f5iej5r62rpmalQfsrqsrTzurGd
E94KVxeuW+jVRU6X0lYTO9oCe7Lvoq6xVWsz0O60q29c1Z6AYmm7plNj5y39
nnX4+2pVtIb4vF+DWzdNfUvjE3uadtt2DvuQBR419cJ0K0cc6dauWeKoZN5z
YtA8surMXHT0qXNLMBiNRjetSSZ1tcmLtiuqrDNt5irbFHU7Mbnr6Fj4qqIx
7cZl4FpjB3Kgcf+nLxqHWdItkB4b1+CkMFc6vk3jiHpbOrWBWKEJ0ia1HQY3
7h0/fani7tnsiVk0RDx3JPfMj3qIP/HgRddi1DU92b3rMHBd0bquaJQwtBzE
oqAFLvoqt5gbiRoSubRtxEs0Tzx1WdOXvHPpTtNn2g6i5CLrS9oq3ViaOz24
dLYptxM9Dt5ns6jxDN4LWjY9sesbZ3jq9FXl7pKJmruCnlbx4/eIdn5ynjeu
5U0f7XTlXO6Pmv541xk6Y9fIj/S1LeTU25mnp3WR55A1Dx/8CYK2qfM+E6kJ
+nLJdg9l+8s9m7+yrZk72nreEaINsyBKrQ3rPtvkvPhcBDXR3HDqtSyZKM01
letAh61p+yzDSmnHm7rGTbQz1tyRPpjmblFU9M26piHN3crRllqitbbum8yZ
+o4WbpbESx3IjPa0yVn8bOmMChxjWawLnoc8gyYqVOyHkKOoeyL4FZE7nYD8
njWOqceWTFU0N5nCpinWdF25NbZtiVLwWOKrZkr03dINE1kcOJsofVHWd2HW
tENg1tZ1OCXiDtX9rTlss3rj2iNsgd2AqMCtm0VDwIAP8ev6zt26RuiV1Gze
ZnbjeMfspshpNqQJy1tMH8sRoslvsQH0qLberMBYGZ/I6cU0b2hylTlgldwe
MNsQbRPwMFVNO1GsN6XTHaTTps2hY6yrel33RHgkAty6mCZfsbwrWI7YzvM9
M33p3k3Mui+7YkrSigjbtjctyGDuVrZcMLny/mFYSw+nvVLJxrOik6CdEdom
LiWJiq11DS+HSKbKyj53LDqPSTscH58HyjuV+W1Pjo8Fe9Deklzj/VGqJDKJ
lEq7vabJ0AFXWbGhhx36ecl8jgwdSyNMnDsWb0Wdg8nkyWeyXHNFSySkgtXX
bYGJ8wwqYUrixeWKpJ29AUms6I9pSUdbGgjBRtjSHLrZcjYxBxs6arPe0gm0
xAUg36bYHByxAMz1CUQFnYjuisixwXGQDCfyJZEl+gXb5KmDjwKHG1iI1ngL
Xe2XcdpuSfES5WGkT8y30IJv+4r1/nf+KFos6YrPcm23pulF5hEfNdAXdkv/
pr+LivmXGBDCsl7QzgV2y0lZZMQuBHbLaVeQOGl7Gv62aFmC4jBAxeE4wgTP
t4QniI8+MS+g5LCnryEReUqsRHDMKXupasp5riDwuTM3FckOY0XvEGc2ndAi
CJQpnjUobaFKYH4OzkOQsXtH8LwjioceAmUP6UAPnuZ45jFApELMwpMdLXo+
FaagExTyF+E9wY6uRbUwkOD5ebqNT2vqtp2e1wScquPjE3keLZV231Mg/cWr
qhvovC4oCpyGbg2BgZKBMT0jSkZ6Zl4sFiS9aO02p8kUcjtJtpyfKCpmCFHy
mm7FLpMcY/qE6mvrshdapInRD11NUAo4hKje2XzC+7jpGyFobMaJrPCcFQCf
wY3bgqLrRo4gq8lU2HQ8zRTlDDVOgDEzPx7xRjFneSyCOKtp/dHuYRFGx0vM
XCy2qmPvcARl6aql8wOd1RW0KI0zgDNgA2ezVRhx4mHIlqUz6wIMStYd7+s+
qOMBTgIYFvR4UlF10+nzL/s1FNGvcW9atRixMy09VFmVj+j51oOWCGlU2Smo
mYzwjy3WTJOKOLFfJHyhl4ipG9b2SjDCpvW8JAzZbmzmeP4koNcCnBY0JA7G
Q6Ec8q7e4G7WlSzg6e6ESLCL96Cbe6DFTNDNFdi+qst6ucUXFxVwlPCiqH5D
D6SFeVxBtBOgzXgHeiEHLKAkPc7bhZtF2xz/E9rh8K2Xo98BihwRmz98cAJp
LzYAkcCG10YzZ5jCDB2wiGVeIDlIU/F8B6YQCiHtj/WPoamgAFZOhUyQNpCs
FSKuOmxPm+g4PEh5ZAa6FVSu+6ESWnf3YLieg8EGzWThQ4x4yfrDHJ5e+sVD
CItWEWbCRLAbGU8Lz+StYyInDIWp+g2BHeQnJu4Ju4C1WM87EaPh9kft6Px/
a2F7FhHW6ef/dt/8V3Xr2WTPSRHPJMeLRWzkfCu+ZlMLiwgTje5lyUvSuDXQ
7cvhFnzsYqJfROS/p0JaBj2kylzCOLjI3YqGEWlUV07kagTSpJVUOkIMjSiJ
tdTMvISke2cBek7kRKd/8z6l+PG5ThH+naoLE0uAT84SeROsF7XHGlFaTEGB
3u94flEhYz4Z48yiXQXYNK/rG7OGyFqUgrZq87W9s0XBgoWFyp1zNwdHOrmr
ui7jnnn79vTNhWFDrhJUJsTscVxGn6A1+XgV8eLHAYKz5rolqZutfpaZtNcY
Vb+v8p/Z33EdHnGkUoyOv2EyN2fBFzf2bbHSJZEvB/puU9ItbaKvvXnv2FQM
+m1os0KHMlLUgwzqSyx41mrqHxDLV23WHUP9XdReShlDHXgnj4Aqv8M2Yveg
hLNV4WDsMCoPo3Z0Hrxqsh2wE2SPkOKjsweM5PthjwHeVUvZsj/RTvF6t+bp
iXnD8pCo6BMwEsy0xlx6ICDX/yls7+CG82JZwEdwSmNDx3XRsvADKITYBGQv
pLkkVNQOIP3EVLbrGxoNjtGeyIY9FtjYYIaeXsCOlEep98L/SVi97RKYzzrA
D8CAP4B5BqBGv2fjUzb0FvPtW5ZmBRAd3bToy0UBsl0FGTSLi3yhDI11lXSL
gVe2NYCl6VQn5vjga1duwGVspJAiK7KKmEY0N830EmsnS2B2cDxal/gvGOHB
o/d0ZuAfzW7kiSTYia0cfAk8mL0lFrHzooT8OVS82pprf9GMDIj8GpyDwZ6F
wbC+O2cZUdM4juiw4wH9xNLB9MLhWJ/SWBeLwUC0rmVdE1m2/ZKgINZim/nW
bGxDCD4ZcE3MMhPWD+N9RuOdsjqTrc1Wdc3czbdPDIutsJGkPojMF9F4SUbn
x81wfRj8zzT4y4JIGCxCmEfY9FaF5M7O7tvIOxLx7voooYahpn+bePhYWuK5
cqFI92lXT98Eu8tcwcVZWs8nrFbZkhbK7vRnAbADSxiDmcODAWWR2ctED9zu
pZoX1RPzC404LSoxJKPtF7TsbDxb9dBMzCt2TlzCOQFZIUpKKJblvKdWc0By
gUxDm90ceK3MjL9gQxfI0OUFlkMsW6hfRxXSVUJCJZ0aURFRWvc/zIV4DWmw
xjmlIiGpmfl+VZAIhXLOa7OtexLcjmT7f5LWGrnpBmiZ3SyHoA0SjkcwGfqS
zMGKkD8JXNbwwM5Mh34NoIxVTSQy2CbY99Nv+UhioCVKBh0ZUhwICC5Au4Vg
OLOEOETAKC3jIIHeJiQLIKVWlixI6M6hlV4yrOe9hW7zephxANwjrADoulsC
ScSD3pNgSeVlrDfEflZzOpygeFzmzqtprzRklaleHVH199A0cMzSSb6B2QTu
OvLkIapveBJnda5OP1VwbPjQipauU89ngWGG3r+yuHG7Ao02fUEMujJXAosx
4o2DD82v7BEku9C5LYmYZ+PJ0wWvREuaQ0yZ1noU1hgvfZk4x2mdNi+Wa9zI
XnIsV5YK5yRdfUB0OB1g7wO6hL2jHFcIu8/cAY4Vj2b0gBJYE78kez3N4Wjp
k5E8ngzF6cS4LpsdMf3Q+cAL4P04c7csmNA0wFHBDRHtVb7mWMTL8R75wm41
8S7hpIVZBkel3iCmyJ4Qepl777BaYuxMIKQ0G+/x69pcqoecbPbcJDLIvCSC
Uapq2PtRJe502fu1y1a2oiMRnVhF/HuwsbTRB+q6mhgBzYlsskEgCaiDMcbI
jPGs/w1DqbCkOyp3N4kMGHdAF0vmNX0NOCJODNqr0i14OsHpC+8PyenOEiQj
CigLkR/T0m6hSHEVk5z3UQy362K94d2hgxgJH9kP5onkF3P4o8b7fjpSCcF2
DNECyya6muZee8DJe6XqpgmDiGGdTNbcsYiDCsDaCHkBxFm/SPpis/FOEO/D
8xbc3sO8s1sVlOZAZgkd3WwRDFqmEvDRSHI+mh3s4NZnJ+ZyDcfl1wjGfMIO
77X1cZ33gVb6oQM2XeHmVT/3wpLX2AboeFFfwWHD6FH8a7QtkADeg9L0pWOv
XnTkinm5H1U+r+dwvJHZu6GNPPiK0JR5VTdY44FpSJzToNB9dLqgNFtasquW
Nev7Bfj8C3P6CnOwbMLlUDmMH4bLKKJ7gDc0wZqXxG1EsAQCQzxq7vKmrtdG
bDRzKAs+Mdf6w8/8w7Wa+wxF8WODb+GXH8DPSxX1EGDrGiIPB/rFk//3f18m
I8dfx8PS7vxMIIld7X3jBnD0kh3VImhI6zk6rhs4L8Kw8vXP/PV44Lr6mX79
fQAPBhJJbWxtdDYwITGQsMAp6sV3Xb+ZpOoXYC9BCd5YFtejD1HkFjE1r9KJ
Sh61gqpAS+LfSxQWEcn0q0Y83ee8dph6YbEmotB2iOYS0JKSB/vamlpAS3qw
3r+5QwkIEZB2mYjFLPQ9wUh9VdZqflxzAO/nvK6b68H84TsuNKRFt7/AGqfn
EpQbHImffKqDRoiub3lj78AxQWJn/gEtB/XWRJKKRa9xSP/xxemra3P6+txc
EwP9hzJSoDSZ5POe4O5Q9jJbCgezVUhcRpOBfc/oE0DZ+uihijqVcmOwx4qp
LINo4XiPjKd8LHE6L8GFTP4obBshKmwNR5nbnqMkmNQmEnp0mM3MpUAVRXVe
9vEcYbkwVOhJVrGRqjutTDmgnJOR0PidiO2A52NewO2DDT1gzf7P1jM7rRWu
b9lNmSXBoEbzBvymcxTFM00hviEOYnuXp/jc5CA8aAODtohAJwguAXl0hH0l
SgR0OUugcibmlUFwEoFAK2Gi3LXFstLtF+QPPPheBPWmJjW9NS/gKM1YaEV4
oI7MY/iKjoc+u7wOzIvfXXUMFjxmlKi+qcA8xzJ9gTu0SCfPSpkISTd9h3BL
cBIjtMV76yVfRv+t19N5X5Qaqo3SUU03OZJH7TguOyFgZb0Xuag4siPUiQdU
hKeGIZT34arxJu5h8gCkjIazmIUZ5lQKpaCHCW/SJtyDc+A6BTZNuF+d+xiQ
yYrEyAFWv+cajgp4J1mUCJKPMDsIgJuAGDEcY8RRdJIDUD4cRnCcxXSmGKuw
7BGvBhD19HKaOn7b2Q7c+tRnTBLdagTiZU+TftPU71jUnYoL/4qTUN5wEgoc
y+0HuxCDSmoHCB9YfZjbov48hS9Fo9kUsxC6oB9JJvukEXDagMtWPXFoTFQB
mmKrnA+RyXSKoOodCUhOO5DIM8AlXAcank4Ic1N3kisDpyymC0Eq7Hlb1GUS
h9zBgwhYNHSw6eJxvBvvkYVEgt2XOBAHO8MCo5/HGIJGuzKbO6QJbCwNRfCi
s4Cvs4gFJqxU4AZv/SQmYkEi1HZHalzWl0pOHky1F0nETjEaWKRwdzK4f1Q4
pdwh9tOKbGM/16KRuAzHs4tbIlIi0NIukU6A6dhkR8/P60vit85miODz6JCg
FoaHGnQO7nFJSgL2CMt5xJE15HhOkBPS9BKemtc+Q0idCGzOYqR4HydHMD3P
fN7lR2NG5pYpR4bOfViiCGJG4mz7qHoMGJll57Q4yU1c9oj1zF1351x08MEm
w+IkrYQuZkQRiIsjcnrlmijDzLdiX3BQdHfWl14WsJYh3Rg8mDpJj3YU5sBo
3CbRl43e5sEASaYCeUsGqaOSlNYi90W/F4kpG35kBgrCQ2KS7EqvLBSZg9V3
VyEftvQhRAYYQ4fnIClKQ3ms1uHx7ICju4iTB8e7ZEw6mFACoVmld4rDY8ww
cSsu+hHw8y5RqGLP2HC7KMN53Sxxn25FVz198sTz3cZJjtHB0UcgwcNNwICc
gsArVZxgEdj3KXxYZsjLSWP0mkp4GPbgSCUtgzAa3q45pxlr4qMlHAHfLfRI
snE+Yhg4aqia74et/465XvNkr3/3bD8aoiZIQ/XmhU/Hbd7j7MpKW6xZh4TJ
alYOPDMFuBvKzJIJcsBC1TuuCjUkIP+H+opQw9tRxhvDf++2WvbYweDgALAK
k/LPYjctxNlU1gPerZbs++irvu2JBYkXFuwxI4Htmn1+rcqbqPRQgu+c4ruH
C8PD/blFByAtcl5UwCyHSaADkSn17SPEXePcow/U6ZNgqyqGrXrAoDyycKcr
HEgoVje3ddmvEcndSFofgN+0XkwRRPMizLtHN5pJt5u2LN5UGtURUhnvC/Id
2Fd+7jY97c7bor1hi1OlHycvRflaJP46L5E1Uanxa0bkEgE01ri6BK9uOX5s
QUzwcR2qluSsTCR5HhlR8AQGaK3YD0gl/IL8qeUSe8kwU1JqNE+14uBEhhxI
JmzJsKNzngePgEpF/zyshLQbsvnMDt78bBdvjqGm5mMSJ15KYM3T+IdgTo8w
G03uZJ+aTlDMkZjFUNpNV284FxYex82KTIGjGBoLLh31/ROv+sTCKJtoEwTO
aXYhE9uiKGF3Jj5XITENFJJCwfJa2aAd8HhOUN5KwAGBH8K4N5imwrvjgzOi
mgqexvU2aBigtzLX/KMFwm70OyGLG8ld43B1jZAbJEvqx5LVJizH0MTmmo1b
Io2Cl+OT+68fw3R5nGOSj8Pjr2cmZnPXUKMHK1duSFFODnaCViR2aCINn7mw
gGzM9A4GZ2aliEHkd4jo0lRuIfkm/mLxcydaON3OD4ZzA6dbEKZCifc52UK4
UaiAWUTBRLC2ZM84q1wOm3daLRVNyA2EqO4gOcKjCVvxCWMJQ4nJKEgQGSGc
xIP0SSGqAa5NQp3sU8nHvsM3u663ZGE+9Jr3Sf3FKHR5eJAxHY4pUCNOqqk0
5qTRTSJKGkziDDvuTy4NdCQNSJaRjHLmBTwmAVlfhDzmHZJIiYBpu0ngtljM
ZARxPUOoQxiGnga5V17vdigfSkPwE2iRlejtKkiY6C7b+Km3on84sptS5e9y
772qaVcrXzBAD5QDbyXeLJYyDJuEhzlsGVAprdnAtzWv37F1RRMfJxTQpqw3
XXv0e2HRKSHeAvYgJwbdE2SNmcCSr9bhs6Y335f/Cm1fjDxqMWbFwpeDcqB9
lQjfXQ6EQoRkdm+9VLC5OLpxV+vm7ejyb9lUBREGAPi8KfKluxf2Ba+ZeOIr
l8VEu0ftvtwQ0a2wrBHPl0ReDouUdZ8fGc0TEXKGr3a6VMElKIRmJ+pouAU+
HiTqb2dh35HQnnquY0t6i/x025fsejzvnRduZdiCsMY5b8HEZz8DgPoU/LZu
JJWR4Fa1lBoOnLhtkBxyMrDVZdqcE1ZpoItTI8rS+6PnDdtRiSN7j/01YMmx
vSYWJINFWH82Vht6sHWkgWAVUA6hiO3Gtj5jWqs2JDGWhF/bRZYXtzPyXzRE
u6wgK3EswWXXkD6eST1kmtr37MS8gNOKxmoR8Xnu62LeCF3/RpLfn0+ML9DZ
uevjAqeSjgKk23Jyx4pOablKqzRY/BO6/DXxlnE+ZExAYV8qp+owlZS2oXOP
dT7Kp/ck5qXWDR0+SRI4NMVq0juTeKe6NGjmhxcVEK6GQjKnGYtyo5Y/ia86
pGePwmSMd5jP9DIiGXH0sfxJKEAGVXbgxKTU1fIsmddzc/gv1zAJcA7sYHZx
KJ6frsQLu+HkFGSgaKKB59A74hh93uIRW+VuKWdVKwWUmjOOv+gkOSJZBt9W
wEzy65EpnCVBWb+QM3N4mv/S5/cuZDRYsqLn+1eEuirLzGB4Su3ae/59uIVr
Latt3KcZq3/V3SirSSoCcNECOYI+Szks5zxJUfTLOYd63eKJuysJ4GBnJWd7
VnIM3HfMARQpm+KURx7aU0hCT3Nb3QQLKUAO/0C7xve/J4QtRMZOxT358gxf
dXN4IX7xfoeOfPLMOEQjvhbMmiZ/+ubiaMeBmTVbMp9I82xWivISalTIOrSV
N4SeTsz1mWfGvZn18eNZ/Hg+jDS/SQXxtyyII2wkHPUCYgnJj6E+jcZVmMuo
idS0P6pQBiBuZ08lo6sHhba7csJz32wnru13TfwJ5XbgXIT3B1Nlkel1PY5u
6Lsl5ut418+kdibUBMomq3AMj+oKlRxqV9DCwgjXTNo/F/m1GLSSbd/DXPei
H40+loOp/CH4GivBJLvpxTsAbzqnH7VlwU+AP1y8rWx4TXx8DfcFmTlHwove
GkwaBaBkueCwGFKPVvWdLIjLPkKyjCZQDgpzfaVHjLfFGnfiEwSKOELC/o0/
4Cd8LUG7y36DNH/meWbLVhTuyDsoEcjGaaw6phxMAEo1lpAUuxyOalMGjrGK
H812l45HwyX1yqLTD6/DGPgXc94ZUjS/XxWlS44iEYfx0GDeB2trhHylavYO
J1OpJdWqJG9FdDj28KruAGX6eupVrdNLD2htf4HVPDAy9qUjeow+CAYr05g3
lo/tXrhOOqyUIv1qcCaYr20akWsJ/wS+8VhJI+UMcZC/4wFxhMIiN/xGcD+A
b76/8sS9ss26TYsH2aW6G7L9HKCvptVVjJW4Mjv0znlvgpy/M7TRiMUYbXSV
Bd8z4vptPxcfGOtoEhLreckXL7mtwwgbovZX8GGqG2FMz8w/K/aPCV4JtCzk
SP+LuNZXcbF49NNsWFMPa7eSkmoyb2BjyNWgI0TD6g3SeBrNSCSzfz1Py+wQ
oGNjWoGiemLUnuL6POABySpke0Dz1HQXiSx//OC2Kj/NtJQbW8JulQYuO+yf
3+FDqW2D/JxwoIAsoJJ9h+vincuPxDLK3QbV+lWsohyVB3PNPVHnPVBbA/N8
pLQ7tuzSQPRikPbof87ZeKR7fYRc/axE3KUHUAOqkex/v7ITg+1w2SALB1aw
DA9Uy4k6eXHfJcgq7LUJiy+exTR0YhcwtEoOSdtIg7FyWSeiNgucccOi1Rjl
HDcRIFWEOgdJReHQgVa7+elix316AjFFTxqqRE0YSV9UqpONR0L1MrIFSuWR
GAJYwFOOfTG0wUAmYI9JLu+5gUekGtsOKzNoviQ6wbO3tFMqTBZ9w66qyLuN
Uxfk74GZ39Fyvmq4RuqVJWT+ivkoeEhTfhjjROGinZYp2KyBYsaJ361q5r4a
yZaps40PTZg3WPkQBHB8cWVC2nBnxAyCZz3OBVENtLosRUtCRmAS63uRPDrk
PtWV5Mohf0mnQTv9C53lFGAL1alTCaTOC6mXTXrj8PqQjkDz4nz/pP9Bqszo
bJ8XoSA92XL9GKlnXeTTSCC7qQZs5CQyT/LCurTmUUReqD5Rn8moJsI0UthD
KmUwV+nv822xcNk2EyHDWZWhrMC7VFqfGpZSjLpcSAIXLcy7xIDwWxWnHlAu
+8h4ibZl2NdXRfdH0SqI+UyCzWexV45uDkjoXhDLgWzIZiKdvPcGV5twgOSB
iQB7y7HpHe7jTI4ftX/XTxyt9kHOgb8vtTCQPhBLHn8XWn1D9C80NZrTOVLU
XxOivETyIjbotbJCmywV4cNYDe9rxZPq9pgk58tcOfmQ7+STa32/IxodzUhe
7+fhJLdLwEhIKKKBXodUTPVma6hFVbrfovtLGHA5ZiNYO60cGXd7Sq0JolRU
4jIU8703pMXQvjRFYRQJjaPPhkoEoSp4+kumQtmw3Hf1wKw0BUJNGj9XFTr3
rCrA/xDFEcSmR7gqNog1Ndq4aapC7rcFWavCw/pGZUtRC1JHvuNGyNiMFs/A
vg35ACnXaWm19rhJ9pu+F6oRpKK2+rguBZIwJ1sxlOHtESuDjHdzW9iBcaK5
ZC28uuw0mIsYlMFogCW7WHgu9596EI9QoSQdfHLvb9XUqJRjY2lXFpL01Kou
OUemRk6EkAoWfygB9TopKrx1oxrFNWvoUbKTPm/XAPnixDuXkdrw+vLyxZk5
v4QvjWQ6LY7DGey91e6Y7zNLxOuOoaUpiaBJMQgFxr19+xZdSZacDEvY2n9s
/KftkbYyS3qgXEv/UO5PmFdtvZnm7dQGt/j0yZfXMzaJmg2jdG3/o/3XCGSX
9bYV6yT4vLXYXEQebwGW3sjS+03OLkmFbLo1/7j8B+lNWhfA5MT8Cr6d13WH
+W9iwiN/zxF3TgKBaanOi7Pzy8dnNNg/XvwQ0nZ81IpM4jIEzTpxOWAklY9W
Ea3skQ8d7jcLrgIAQ5iGURVBLfA78n64O5hn/VAXE+N2STQx2GS6n004t7T9
09gAPDHoX+KvNNPp30w4ZfVyJN9t5auZV2ZTuvt/Ywf5aw5x93P0z9BgrAaN
0q2UQ+PwGFAY+nnGLCouAEL/IX9ys/ic0bTkYaX0djC3ZAYLFdCz1K6hRd9Z
PIq+ERqJeZsqRPwR7T5mG59yioQS10aKC7frQTMNSZo41zL4zmYIoIZYRPtx
BsCUkNBeT6+Ixui22bHoRf8ykGQPJBLJijKs8OV+RBOaG7ILcwGz1ytWbc81
kZQL6/sX+V31MBsAloSBNqeS8mk6c79nYQLeNcdlkyG7IVZOnqR1PvSQKDoG
4vO+im3NdFVeSh7rZbxsim+IFPp6NsETm6ENmpQEe6eGoBppDsMilpDU8t9Q
+70H9AJ9is7TuUkzxDrQ6uMmMIK25kS7WQM8rL4z53FyK1vd+joqAWVMNt67
E8qSPqx+aCfXTjuPDc8ptG1DUj179Wbq3GMSCtPa62MFIyHm3Ua1HKkdGim5
tt0Synr310H1xTffX3lf34rM8X2uveEaZGZasdCmTkyQ6OM5yloiec60m7Zw
QLJowBcZSip9fdYawUHXic9c9997nUPBMfvhJHK4F78CTjaIWMn4YYVCldy1
T85TaPvinJh13jjLlTaJHN4lYB5hsI5d4PGXE4VOOTe4Kj4oJRAEs9a7QjI+
QwXuPNFqaQUOZymwkmQnmn44FDuNbvTN3HD0tI/oYDLfajQiJm36sdjWjc5h
zrFcBixeVIvGBlediu0mqRyMnXD6+dQnghKTvai463HTjhrjxIBPX0lINqDx
TWk7TmYspDUhnh+Hd/A0attG2hrUPif5fAOXccx0VOn0vl6KaXTHV5gPDaqk
CaHZB0yiNLiCv4M2RvSadOQtRF+Hk1qW9ZywuHjnzeX59PvT16MmkcFZN0ox
jAuVA1rD08WpKcyDkHYcIupG02gfX1y+aYflWeP83TQz70OWwRmpkvL3P5NR
PfnF/AxcMl31c7+aQMetL/8VR5O5eHP1Ly7ZcJYRmKe1iT4LNfGHsduihZHV
HnFbit/hMJQOngoA91b/LiR/ppbeqGr+DRnRb+IhN5bVs7RcR6am2lE8PZvh
A2PLYR8ZsFKk0sDJKU+pHS4dlDdqIt3bGzSu8jl33M4/YoGSm7GzwrAKxYUC
keecoBY7pMr47Qct6bdLZcJMhzL+zX1ijHvMulBV7uu8y6Tnqyb0iW906TNH
GYf5xhNJgiSkfYBcc+T6rFxAs6hTIAhovvvkFTGbXbcxtW0kCqVJa1TDr05/
gL2/IhTF4cLMliM1RsJzKsITHnHNZi/Q8pqN1q71cWRaG3sUODOfjiOZfCJE
2VaEJ8VXKNGUeoyVrSoFy5o6tn9jk+lr1ENDEsnjdFeczjzNCmLfNCS2Zb/N
VJ+QCtIPgoN7nIIDDr4UJ9peOh8U8mTpXUNG9DLrv/5LX0rw3/+dZAfsK6uA
RP3xfe8h+ElLcEho+bbEM/MctWWdefXPy6sAf6QjZGxImdT7jteuy5UGxLxD
i9jNZrjgYCsPdYxf7Hj6u29I+Elaimny0pU0dbnoEhsneUjBPXClZrnhTno8
Rb+Aj/D8vk+CfS3x++ADVapM7B62z4KIisAgmP8SZew02HPHWQWbBq15XBQc
DP0GluAO4ScyOQb2pBVpW8x9f0cJfyBSpuE+7kA921nxgK7To33/incgT3oG
rV+iQ/KiaFjGIDAJbAL7fNtHb/khWBBe/4HUDrEZJlyoBq+3kveEREy2GoMn
GaOdzWZHe3JLP42v3EEvnaFGuz+v9MvUwxcGuFDLAHUS2Hv3IQkHAVF4O6/z
MVr/AwLFtou9BVjZF2sNb07SoreQ4Idlc9LAfW0eE8wkOb6xXln6naIVdr11
KAvWOiB5B4Sr0mAU0P3alqgZnw1TVEfrKriN/XLJJsGgM8+FX0mogxCLXgga
gZDKNzzzLaKRF6bTS50AmBcgaVpX5FOfuecqsHqexp0n5uu3vtF/kqR60dah
RWG6WN2IwMDRM6rKPckPvUrqs9u+RULCvmIwbhMsHRt9SLqvkizKULby8c17
vJzIJ1oopjHcUA0cq5sHRyUlTz6hHCHOkIaZtgT25V+cpy91yjsNGbK0H4Wq
W7E/dlp5nb65GNYTjaO0a3l5goarUDntG/FiW/e2p0YziuI+8mLpJSXi0h9G
w3C2beusYBpmq5Gl9MW5ufYkN3367NNr6cz1ByOpoijvjadyjwNNTAThL4tb
D4LG3OVj7Gnpl5eLvt5oTwz9I2KgZ9p0o4ScsznRHeh+3wHGvnhodTVI9UfT
/NDwxfcJlqwfdpnjBKa2m1rxnieOF2KfTV1UnW+EHXqVJMUIyIpHIW7hE1sS
IRrzva+0a1GgqTRIOuhzkwSrPbm1SXej0LcEnYtNy1kW8DxU2rrA+TiHNogG
Q3BHB+0vs1Mtwgw/cmLxk5Mkv/S9KAODekHyjbUpdinV6v4ftJiW1wdsOZDI
w9Fht/59QMlb4ObIMgdjSyft1nEmxqA+iBtDp7VB4QVFaBmsb15RmZe2G/JG
3ii/c9BMmnvtSxXDS8jaR29ICp2yFLLlI+6Uh6zFouqR0HZOR1cve/cIfbxD
J8vLVbFA+EPGf+Tf5CMveEJjznFzKv/mHf/CDqYRbnagDxq+5GcIM9I3FQ0Q
UROrBtMmk9iZQfdaLrfhMCq/08eFjLudMijWBVJKsVtztdNlkiB/Vbly5m3u
UGM27vvyAb0mPbk5fg/SuOFktb8fLie01L4zvoDimD13j6fLL34ULeelS/HF
oKT+bUjjHef4t1h4CCh0oacqv/DIr+WeLOCdeE2SELyTln99lCbkhg5FnCTt
d0g9t+zpHbwkSbZ6XAfkRO1/putNZFsidV/5Y2v9Ed/nulZBUgThPRRDAyHE
XSEW2o1fqQ/Hz8IJDQim/i1J+CypF0cDP/kHSCxEorGeTHJ4/zzbhTc0C076
kALdqWjKCWfc4G/OGwg87kkasbxQkzvIOEl6/7CFCCKWjA8fuE3zW08w2Dgh
ZJQzMuHih9yH5uCGQTprTDyTGyfauEuG0w0tQ74DiINTFdLohbwUIBgXZ4PX
u+DH0xYN9qXsk99WMxJJgTKE+rQkLWx/SBRT9wv0Ar9dp6lmvicMv0qLd1IF
Or8fp/DprChRYqfk1tz2ZTXMyRbY8FavGVdRhsxIDUt5MlQhOXaNOE5YSqoo
E0NUkSrKMqbwEw/Tvw4PlrXn/IOjCd6ZGuuuOZPUth5VkXJD2WyxiPJvmHs3
My/lBX/xpTW8jYwjClSrtCyQJE2Dx/ytWpz4dquR2DL/SrZT+xB9H1IPB3UE
akSPhRXMY8mmHzWHY5VE6+GubuZg1ILjQCFKeE1IuhEo0blx/jUE6Pnl00x3
31CViKgrEvQlS7bQoZA0UMnuwU19R2ZEX07Sd815UmVvX5TysRm4vAgq4L7f
6jY5sN/CK+f8iqAGrDmoigwCcwp/5sFf+dVq0oxtzucMbAOBnK7vdV1NSe30
eextxS/AiIWqmOTzZ8/TV2r61DxY8BUHxjTh2afN7iQSxMok3/mvkYdySQjX
iYgrnGyumhthyZsspP+ZzydQBJ+klDLcUC/eG8bVAG6pYXhRxXiPf5cYSy89
mGGaO3cXCzkbv5UQSIfkMyS1XILEl3/LKKdiz/z7F96XAzsvwU3Aez1+vZVk
uGFu7F/3vMsm6zRIwo4C1c6ck6BHwUU7eH2EpKBL9G+YxYk5RDNdX5ziD0tl
98Xp69M9cnv44jRVWnxttJdx+2mG19WR7pNUuIDT40tUq+TtrhKiGbzLi8VC
wxKR8VQ9B4xSMUBnEV4X6xG7uOXxHq3CBfROx5I2x+4aTp1Rt4tvGE2mUo8S
PscOfltpQn0ei+N9N9D1GnnIW1/jWXA2h3i3iIBrdlAuFpx0QCsK1Wa+sD++
7yR0vxyHsxThTqSbhkT9eGcY96KREjBveE0q3u0gG/7WsdtSo+bhdUt4QdDX
JG4JeHwzm5gXuX+5w3tfoHow4YQPjDIx599dmKdPZk+/+OwvXzzWsSfmu6yr
kVT67MnTZxPzv1Zdt2lPHj++u7ubNYtsSmCaqH9WN8vHcIE+pu9w399mfoZs
B2OG39Y5d7x3mOeVn+c5SYXCTszlTEj0FZra9k3n2qynVYyLD6PU1qlj+N2p
y7en/RLMQjP/9MNmjtvizDktHDP/Bul4E5oaATubW1IVNDb9cUZoY+5K0g3P
/XKeE7OXbisHwb0LZ+gjTqZEjZ4PO+vxeei6GjxydzXy7Te26gGBnj159uTD
loP74nI4I33vQSCXHXkCfs7PZ8nSkin/Rs67zh/P2J2/fPvK8tw/8Chwj879
w8uzsLrLGvmYP9BSvi3o//Rffi24fIXVvZzhLd9+YVjXC/8+Q+Z5efMKSRwt
Yg5PEaL7nnm0QpcGbrg1EWu2cmiVbRfdRF96/0Eznj55OjHP/mJeunnjD/fz
ZIOQfYhXbpOFxjEo3iKSn49X3bp8/HEPwm7+f4rm8bMPgAAA

-->

</rfc>
