apd — AAuth Agent Provider

apd — Backlog

Forward-looking work for the AAuth Agent Provider (apd). Items are things that should or could become part of an agent provider but are not implemented today. Each entry records what, why, where it would land, the spec anchor, and a rough effort. Nothing here is a known bug — see the issue tracker for those.

Anchors use draft-hardt-aauth-bootstrap-01 (informational AP-implementer guidance) and the wider AAuth family (draft-hardt-oauth-aauth-protocol, draft-hardt-httpbis-signature-key).

Already shipped, deliberately not in this list: federated enrollment (OIDC / operator-JWT / X.509-CA / SPIFFE allowlist), static enrollment tokens, hwk single-key + jkt-jwt two-key refresh with naming-JWT jti replay guard, ps targeting, sub-agent tokens, AAuth Events (subscribe / deliver / inbox), AP signing-key rotation with JWKS overlap + prune (apd keygen --rotate --prune-days), admin revoke / reinstate / list, multi-instance storage (memory / file / redis), SSRF egress admission, and per-install random identity.


A. Spec-anchored (from the bootstrap draft)

A1. Platform attestation methods (WebAuthn / App Attest / Play Integrity)

A2. Periodic re-attestation on refresh

A3. Desktop enrollment / key-handling method

A4. Workload / headless identity enrollment (SPIFFE SVID, WIMSE, cloud IMDS)

A5. Assurance-tier claims surfaced to receivers

A6. Durable-key rotation & anomaly detection

A7. Optional account-linked identity mode


B. Operational & enterprise maturity (beyond the draft)

B1. Metrics & observability

B2. Rate limiting & abuse protection

B3. Data-retention policy & documentation

B4. Multi-tenant isolation

B5. Sub-agent depth policy


Prioritization sketch

  1. B1 / B2 (metrics, rate limiting) — unblock safe production operation.
  2. A4 (workload / SVID enrollment) — highest-leverage new capability for the headless/enterprise target audience; reuses existing verifiers.
  3. A5 (assurance tiers) — small, makes existing enrollment methods legible to receivers.
  4. A1 / A2 (platform attestation + re-attest) — larger, consumer-mobile focus.
  5. A6 / A7 / B3 / B4 / A3 / B5 — as demand and threat model dictate.