As the identity community gathers at Identiverse 2026, authorization is emerging as one of the defining challenges of the agent era. The OpenID Foundation is pleased to share a significant step forward. 

The AuthZEN Working Group has approved the AuthZEN Access Request and Approval Profile (AARP) and AuthZEN Profile for Model Context Protocol Tool Authorization (COAZ) official Working Group Drafts.

The AARP draft addresses a challenge that is becoming central as applications, services, and AI systems grow more autonomous: what should happen when policy cannot authorize an action yet, because a prerequisite must first be satisfied. Approval, consent, delegated authority, an attestation, a risk assessment, or additional justification may be required before a decision can be reached. AARP defines interoperable patterns for requesting, tracking, satisfying, and re-evaluating these prerequisites, so applications, authorization systems, governance platforms, and agents can coordinate while policy remains the ultimate authority.

The COAZ draft adds a profile for standardizing the mapping from different source information models into the AuthZEN Subject-Action-Resource-Context (SARC) structure which makes up the Authorization API 1.0 via metadata to allow different enforcement points such as API or AI Gateways, services meshes or downstream systems to know how to authorize requests against a compatible PDP. The initial target has been to enable Model Context Protocol tools to expose the authorization checks required to call a tool to bring a control to agentic workflows. 

Why now

Authorization has long been treated as a single allow-or-deny decision. In practice, organizations have always relied on human-in-the-loop governance around access: approvals, consent, exception handling, delegated decisions, and policy review are already part of enterprise security.

What is new is the frequency and the speed. Traditional applications ran inside predefined workflows; when extra approval was needed, a person stepped out, completed a separate process, and returned. Agents do not work that way. They discover tools dynamically, invoke services at runtime, coordinate across systems, and pursue goals rather than fixed scripts. As a result they routinely reach a point where policy cannot yet authorize an action, and there has been no interoperable way to express "not yet, and here is what is required." Today that gap is filled with proprietary integrations. The industry needs a common pattern instead.

Approval as an input to authorization

Historically, authorization systems answered one question: can this action be performed right now?Increasingly they must also answer: what is required before policy can authorize this action?

This is a shift in shape, not in authority. The goal is not to bypass policy or to turn authorization systems into workflow engines. It is to let applications, agents, governance platforms, and trust services cooperate in gathering what policy needs, and then to ask policy again. Approval, consent, delegation, attestation, and risk evaluation each become an input to a decision; policy remains the decision-maker, evaluated at the moment of enforcement.

Consider an AI agent helping with vendor payments. When it attempts a transfer above a set threshold, policy does not simply deny the action; it signals that the request is approvable and what is needed. The agent records a handle to the pending request and can hand off or resume later. A manager approves through the organization's existing process, policy is re-evaluated, and only then does the action proceed. The denial was never an opening to act; approval was one input to a fresh decision. 

This is to authorization prerequisites what Client-Initiated Backchannel Authentication (CIBA) is to authentication approval. Like CIBA, AARP defines a standardized, asynchronous, out-of-band interaction, here generalized to policy and able to be satisfied by a person or an automated governance system.

A consistent OpenID Foundation story

For more than two decades the OpenID Foundation has defined how trust is established across independent systems, and AARP and COAZ extend a clear progression:

• OpenID Connect standardized how systems establish identity.
• OAuth standardized delegated access.
• CIBA standardized asynchronous, user-mediated authorization and approval across devices and channels.
• Verifiable Credentials work standardized portable trust, authority, and attestations.
• AARP standardizes how systems acquire and manage the prerequisites that policy needs before it can authorize an action.

AARP and COAZ build directly on the AuthZEN Authorization API, which established a common interface for authorization requests and policy decisions and helped organizations separate authorization logic from applications. The API makes the decision interoperable; AARP defines the steps required when a decision cannot yet be reached and COAZ makes it portable to other information models. Together they move authorization toward the interoperability that OpenID Connect and OAuth brought to authentication and delegated access.

Industry participation

The OpenID Foundation is encouraged by participation from across the identity, authorization, governance, and AI ecosystems. Organizations contributing to the development and review of this work include:

• Axiomatics AB (axiomatics.com)
• C1 (c1.ai)
• Cerbos (cerbos.dev)
• Indykite (indykite.ai)
• Keycard (keycard.ai)
• Okta (okta.com)
• SailPoint (sailpoint.com)

With participants ranging from established enterprise security vendors to emerging AI infrastructure providers, their involvement reflects a growing recognition that authorization now depends on interactions spanning applications, governance systems, trust infrastructure, and policy services.

“Authorization has been overlooked for too long. It’s time we tackled the ‘what can happen’ question in a standardized way. Siloed, hard-coded, and brittle authorization is already a problem in today’s apps. AI is compounding the challenge at an unprecedented scale. The solution will come from well-designed, highly-decoupled and standards-based authorization systems that provide hooks into all the components of a modern AI architecture. AARP alongside other standards such as AuthZEN, Shared Signals, and ALFA, are the foundation for a future-proof AI authorization framework.”

— David Brossard, Co-chair, AuthZEN & CTO, Axiomatics, a Leonardo Company.

"Authorization is no longer just about answering 'allow' or 'deny'. Modern systems, especially AI agents, often need approvals, attestations, delegated authority, or other prerequisites before a decision can be made. AARP provides a standard way for applications, governance systems, and authorization services to coordinate those interactions while ensuring policy remains the ultimate authority."

— Alex Olivier, Co-chair, AuthZEN & Co-founder, Cerbos

“The new AARP and COAZ profiles for AuthZEN pave the way for true Agentic Workflow governance, and recognize the fact that AI Agents are truly different entities from anything we have encountered before in the Access Management world.”

— Alex Babeanu, Co-chair, AuthZEN & Lead PM, Indykite

"AI agents need a proper way to handle 'no.' Today an agent that hits a policy boundary works around it in increasingly complex ways. That behavior doesn’t belong in the workplace. AARP and COAZ give agents a real way to respond to denial and proceed only after policy clears them. That's what lets organizations give agents the least privilege possible while keeping them useful, and Okta is proud to support this work to advance safe adoption of AI in the enterprise."

—  Nick Davis, Vice President, Product Management, Okta

"Enterprises are moving rapidly to put AI agents to work, but adoption depends on securing those agents first, and security depends on control. Real-time governance and authorization is where that control lives. AuthZen and related standards give organizations a way to keep policy at the center of every agent action, so agents can request what they need, wait for approvals or attestations, and act only once policy allows it. That is how we extend least privilege and governance to autonomous systems for real-time control, and SailPoint is proud to support this work."

— Levent Besik, Chief Product Officer, SailPoint

Looking ahead

The Working Group will continue refining the drafts through community review, implementation feedback, and interoperability testing, with the goal of a practical standard that lets applications, authorization systems, governance platforms, and AI infrastructure coordinate around authorization prerequisites using common patterns.

For more than twenty years the industry has standardized how systems authenticate users and grant access. As software increasingly acts on behalf of people, the next step is helping systems securely acquire what they need when authorization cannot yet be determined. The approval of the AuthZEN Access Request and Approval Profile and COAZ profiles for MCP as Working Group Drafts are an important move toward authorization infrastructure built for the agent era.

The OpenID Foundation welcomes vendors, enterprises, implementers, researchers, and standards contributors interested in shaping this work.

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy-preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, OAuth2 - the FAPI standard for interoperable, high security - has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue that enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.

To learn more about conformance testing and self-certification, please visit the OpenID Foundation’s FAQ section.