Topic · 2 posts
Authorisation
Every Inline Code post tagged Authorisation, ordered most recent first.
AI · Authorisation
OAuth scopes weren't built for AI agents: the delegation model that holds up under prompt injection
OAuth scopes assume a human approves once, an app does narrow work, and the trust horizon is months. AI agents break every part of that assumption. The architecture that holds is a two-principal model with short-lived delegation tokens, ReBAC for structure, ABAC for context, and per-action consent gating destructive operations. Here is the design and the rollout.
AI · Authorisation
MCP and the new authorisation surface nobody is reviewing
Model Context Protocol turns every internal API into a tool an agent can call on a user's behalf. The authorisation model most teams ship with is naïve, and the audit log usually proves it.
Browse other topics
Get started
Bring AI risk under board oversight in two weeks.
A thirty-minute discovery call costs nothing. We confirm fit, scope, and timing, then issue a fixed-fee statement of work within two business days.