Fixing Auth for Personal AI Agents
vivekhaldar.comGreat post! The impersonation vs. delegation framing is spot on.
Even in enterprise SSO, proper delegation is clunky. We've toyed with OAuth 2.0 Token Exchange (RFC 8693), but support is patchy and confusing. An actor claim baked into tokens would add much-needed auditability.