Paper 46: OAuth3 as Open Standard — Why AI Agency Needs a Permission Layer
OAuth3 is to AI agents what OAuth 2.0 is to web apps: the standard that makes delegation safe, auditable, and revocable. This paper argues why the ecosystem needs an open standard — not a vendor API.
The delegation problem
When an AI agent acts on your behalf, three questions must be answerable: who authorized the action, what was the agent allowed to do, and how can authorization be revoked?
Most current AI products cannot answer all three. They have authorization in the sense of 'the user is logged in' but not in the sense of 'the agent has a scoped, time-limited, revocable permission to perform this specific action class.'
Why open standard, not vendor API
Token-revenue AI vendors (OpenAI, Anthropic, Google) cannot implement OAuth3 in their interest. OAuth3 reduces token usage by enabling recipe replay — which cannibalizes the per-token revenue model.
The ecosystem needs a proposed standard for the same reason the web needed HTTP: so that the permission layer is not owned by any single vendor. Solace is building and implementing OAuth3 as a source-available reference implementation under FSL.
- Scoped permissions: what the agent can do, not just who it is
- Time limits: TTL on every delegation
- Revocation: stop the agent at any time
- Evidence: every delegated action produces a sealed receipt
- Open source: not a vendor API — a community standard