Internet-Draft OAuth Mission Progressive Authorization July 2026
McGuinness Expires 8 January 2027 [Page]
Workgroup:
Web Authorization Protocol
Internet-Draft:
draft-mcguinness-oauth-mission-progressive-latest
Published:
Intended Status:
Experimental
Expires:
Author:
K. McGuinness
Independent

Mission Progressive Authorization for OAuth 2.0

Abstract

Mission Expansion for OAuth 2.0 widens an agent's authority only through a fresh human approval that creates a successor Mission. An open-ended agentic task often cannot have its full authority enumerated at the initial approval, which leaves a deployment choosing between over-provisioning a broad standing Mission and interrupting the user for a fresh approval at every step. This document defines an experimental third option, progressive authorization: at the initial approval the Approver additionally consents to a bounded authority ceiling and a drawdown policy, and the Mission Issuer may then adjudicate an expansion that stays within that ceiling by policy rather than by a fresh human approval. Authority can grow within the consented envelope at runtime while the active authority any single Mission yields stays narrow. Authority classes named by the runtime profile's high-consequence classification always require a fresh human approval, even within the ceiling.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-oauth-mission-progressive.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-mcguinness-oauth-mission-progressive/.

Source for this draft and an issue tracker can be found at https://github.com/mcguinness/mission-bound-authorization.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 8 January 2027.

Table of Contents

1. Introduction

Mission Expansion for OAuth 2.0 [I-D.draft-mcguinness-oauth-mission-expansion] (the "expansion profile") defines the governed path from an authority shortfall to a new approval: a successor Mission, freshly consented, that supersedes its predecessor. Every expansion under that profile is adjudicated by a fresh human approval. For a task whose growth is anticipated, that discipline has a human cost: each expansion is another approval moment, and an Approver asked too often stops reading what is asked (the consent-fatigue residual of [I-D.draft-mcguinness-mission-security-model]). This profile is the structural mitigation: one considered consent to a ceiling replaces many hurried consents to increments, without widening what any single Mission actively holds.

An open-ended agentic task often cannot have its full authority enumerated at the initial approval, which leaves a deployment choosing between over-provisioning a broad standing Mission and interrupting the user for a fresh approval at every step. Progressive authorization is a third option: the Approver consents once to a bounded envelope and a rule for drawing authority from it, so authority can grow within the envelope at runtime without a fresh human approval each time, while the active authority any single Mission yields stays narrow.

2. Status: An EXPERIMENTAL Extension

This document is OPTIONAL and experimental: adopt it for evaluation, not as a stable interface. It removes the per-expansion human from a consented envelope, which is the highest-consequence capability in the expansion family; deploy it only with the rate bounds, prohibited-class rules, and audit linkage this document requires, and prefer plain expansion where task authority can be anticipated per step.

A Mission Issuer that does not implement this document adjudicates every expansion as a fresh human approval and is a fully conforming expansion-capable Mission Issuer ([I-D.draft-mcguinness-oauth-mission-expansion]). Nothing here places a new requirement back on the expansion profile or the issuance profile.

3. Relationship to the Expansion Profile

This document depends normatively on the expansion profile [I-D.draft-mcguinness-oauth-mission-expansion] and on the issuance profile [I-D.draft-mcguinness-oauth-mission], and is not implementable alone. It reuses, without restating, the expansion profile's expansion request, adjudication, predecessor member, superseded state, and reconciliation, and the issuance profile's approval event, integrity-anchor envelope, and subset rule. It uses Predecessor Mission, Successor Mission, and Expansion request as the expansion profile defines them.

4. Conventions and Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Authority ceiling:

The pre-consented maximum authority any expansion of a Mission may reach without a further human approval (Section 5).

Drawdown policy:

The policy under which the Mission Issuer may adjudicate an in-ceiling expansion by policy rather than by a fresh human approval (Section 5).

5. Progressive Authorization

At the initial approval event ([I-D.draft-mcguinness-oauth-mission]), the Approver MAY additionally consent to:

Where present, authority_ceiling and drawdown_policy are recorded on the Mission and committed by a ceiling_hash, computed with the issuance profile's integrity-anchor envelope ([I-D.draft-mcguinness-oauth-mission]) under the typ mission-authority-ceiling over an object carrying both members. They are not committed under authority_hash: authority_hash commits only the consented Authority Set ([I-D.draft-mcguinness-oauth-mission]), and the ceiling is a bound on future expansions, not present authority. The consent disclosure MUST render the ceiling and the fact that in-ceiling expansion is policy-adjudicated ([I-D.draft-mcguinness-oauth-mission-consent-evidence]). A Mission that carries no authority_ceiling has no progressive authorization: every expansion of it is an ordinary, freshly approved expansion ([I-D.draft-mcguinness-oauth-mission-expansion]).

5.1. In-ceiling expansion

An in-ceiling expansion is an expansion, adjudicated per the expansion profile ([I-D.draft-mcguinness-oauth-mission-expansion]), whose successor Authority Set is within the predecessor's consented authority_ceiling. A requested successor Authority Set is in-ceiling when every one of its entries is a subset of some authority_ceiling entry under the issuance profile's subset rule ([I-D.draft-mcguinness-oauth-mission]); a constraints-bounded ceiling uses the same subset semantics. When the predecessor consented to a drawdown policy that authorizes the requested widening, the Mission Issuer MAY satisfy the adjudication's approval event by policy rather than by a fresh human approval, exactly as a parent Mission's Authority Set may permit policy-approved child creation ([I-D.draft-mcguinness-oauth-mission-child-delegation]). This is an explicit override of the expansion profile's consent step for the in-ceiling case only. The successor is created as the expansion profile requires: its Authority Set freshly derived and bound by the ceiling, its predecessor member set, the predecessor superseded.

When the adjudication is by the pre-consented drawdown policy, the Mission Issuer MAY complete the authorization request without prompting the Approver, issuing the authorization code directly on redemption of the expansion's request_uri. The successor is still created through the full approval-event machinery of the expansion profile; only the interactive prompt is skipped.

This does not widen authority without consent ([I-D.draft-mcguinness-oauth-mission-expansion]). The consent is the human consent given at the initial approval to the ceiling and the drawdown policy; policy adjudication only draws within that pre-given consent and can never exceed the ceiling. The Mission Issuer MUST refuse, with out_of_ceiling (Section 6), a requested authority that is not within the consented authority_ceiling; exceeding the ceiling requires a fresh human approval that raises it, which is an ordinary expansion.

Policy adjudication is bounded, so a pre-consented ceiling cannot become a standing grant a compromised agent walks up to unattended. A deployment MUST rate-bound policy-adjudicated expansions per Mission, and MUST record each as an approval event whose approver context is the drawdown policy that authorized it (Section 7).

Some authority classes always require a fresh human approval even within the ceiling. To make that testable, a deployment MUST publish a mapping from its action identifiers to the runtime profile's action classes ([I-D.draft-mcguinness-mission-runtime]), or an equivalent declared classification. A drawdown that grants authority mapped to an irreversible, external-commitment, or privileged-administration class, or that grants cross-domain authority, MUST be adjudicated by a fresh human approval; the drawdown policy MUST NOT permit policy-only adjudication of those. An in-ceiling request the drawdown policy does not authorize is not refused with out_of_ceiling; it falls back to an ordinary, freshly human-approved expansion.

5.2. What it bounds, and what it does not

The ceiling is broad by construction, since it must cover the open-ended task. What stays narrow is the active authority any single Mission in the chain yields: each in-ceiling successor is derived for the authority actually needed at that step and is independently gated and revocable. A compromised agent cannot instantly wield the ceiling; it can exercise only the current active authority and request in-ceiling drawdown, which is policy-gated, recorded for audit (Section 7), rate-limitable, and enforced per action by the runtime layer ([I-D.draft-mcguinness-mission-runtime]). Progressive authorization bounds, and does not eliminate, standing-authority exposure; a deployment SHOULD pair it with short successor lifetimes, constraint-bounded ceilings, and runtime enforcement. The drawdown policy is enforced by the Mission Issuer and is part of its trusted governance: a misconfigured policy can over-grant within the ceiling, so it is reviewed and versioned like other approval policy.

5.3. Realizing an approved access request

Progressive authorization grows authority that a deployment anticipated well enough to express as a ceiling. The runtime enforcement layer handles the unanticipated case: it can let an agent request authority it discovers it needs at the point of use, through an access-request and approval workflow ([I-D.draft-mcguinness-mission-runtime]). That workflow yields a permit for the single re-evaluated action. To persist the newly approved authority for the rest of the task, rather than have the agent re-request it on every call, the Mission Issuer MAY realize an approved access request as an expansion:

  • a request whose authority is within the Mission's consented ceiling is realized as a policy-adjudicated in-ceiling expansion (Section 5.1); and

  • a request whose authority exceeds the ceiling is realized only on the fresh human approval the request carries, as an ordinary expansion that creates the successor and, where the Approver consents, raises the ceiling.

Realizing a request as an expansion is subject to every rule of the expansion profile: the successor's authority is freshly derived and bound, the predecessor is superseded, and authority is never widened without the consent the request carries ([I-D.draft-mcguinness-oauth-mission-expansion]). An access request not realized as an expansion grants only the single runtime permit and no durable Mission authority.

6. The out_of_ceiling Denial Reason

This document extends the expansion profile's closed set of expansion denial reasons ([I-D.draft-mcguinness-oauth-mission-expansion]) by specification, as that profile's IANA considerations anticipate, with one value, carried in mission_expansion_status exactly as that profile's reasons are:

out_of_ceiling:

The requested authority is not a subset of the Mission's consented authority ceiling (Section 5), so it cannot be granted by policy drawdown; raising the ceiling requires a fresh human approval.

A consumer that does not implement this document treats out_of_ceiling as it treats any unrecognized reason code: the expansion stays denied.

7. Audit Linkage

Each policy-adjudicated in-ceiling expansion is an approval event and MUST be recorded as one: the approver context is the drawdown policy (its identifier and version) rather than a human principal, and the successor's predecessor member links the drawdown chain for an authorized auditor exactly as for human-approved expansions ([I-D.draft-mcguinness-oauth-mission-expansion]). A deployment MUST retain the consented authority_ceiling, drawdown_policy, and ceiling_hash with the Mission record for the audit horizon, so an auditor can verify every drawdown was within the consented envelope.

8. Conformance

A Mission Issuer that claims Expansion with Progressive Authorization is a conforming expansion-capable Mission Issuer ([I-D.draft-mcguinness-oauth-mission-expansion]) and MUST:

9. Security Considerations

The expansion profile's security considerations apply in full. This document adds the drawdown surface:

10. Privacy Considerations

The ceiling discloses, at initial approval time, the full envelope a task may grow into, which can reveal more about the anticipated task than any single Mission's Authority Set. The expansion profile's predecessor-chain correlation considerations apply to the drawdown chain; access to the ceiling and drawdown records SHOULD be scoped to parties with a governance need.

11. IANA Considerations

This document has no IANA actions. Following the expansion profile's restraint, out_of_ceiling is documented here as a specification-defined extension of that profile's denial-reason set, authority_ceiling and drawdown_policy are Mission record members defined by this profile, and the mission-authority-ceiling anchor typ follows the issuance profile's collision-resistant typ convention, none of which require registration.

12. References

12.1. Normative References

[I-D.draft-mcguinness-oauth-mission]
McGuinness, K., "Mission-Bound Authorization for OAuth 2.0", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-oauth-mission.html>.
[I-D.draft-mcguinness-oauth-mission-expansion]
McGuinness, K., "Mission Expansion for OAuth 2.0", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-oauth-mission-expansion.html>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.

12.2. Informative References

[I-D.draft-mcguinness-mission-runtime]
McGuinness, K., "Mission-Bound Runtime Enforcement", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-mission-runtime.html>.
[I-D.draft-mcguinness-mission-security-model]
McGuinness, K., "Mission Security Model", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-mission-security-model.html>.
[I-D.draft-mcguinness-oauth-mission-child-delegation]
McGuinness, K., "Mission Child Delegation for OAuth 2.0", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-oauth-mission-child-delegation.html>.
McGuinness, K., "Mission Consent Evidence for OAuth 2.0", , <https://mcguinness.github.io/mission-bound-authorization/draft-mcguinness-oauth-mission-consent-evidence.html>.

Acknowledgments

This document is part of the Mission-Bound Authorization for OAuth 2.0 work and extends Mission Expansion with an experimental pre-consented drawdown mechanism.

Author's Address

Karl McGuinness
Independent