accessPhase 3

PS-Asserted Access (3-party)

The resource issues a resource token whose aud is the agent's Person Server URL — not an AS. The agent sends the resource token to the PS, and the PS issues the auth token directly, asserting identity claims (sub, optionally email, tenant, groups, roles) and consent for the requested scope. No Access Server is involved. The auth token's iss is the PS itself, and the resource applies its own policy to the asserted claims.

§ PS-Asserted Access (Three-Party)

GET https://api.example/data-auth401

Agent token contains ps claim: ps="https://ps.example" — resource knows the agent's PS.

Resource issues 401 + aa-resource+jwt. KEY DIFFERENCE: aud = PS URL (https://ps.example), not an AS URL.

Because aud=PS, the PS will handle token issuance directly — no Access Server is needed.

1 / 3

speed

Step 1: Signed GET /data-auth → 401 + resource token (aud=PS)

Request / response

GEThttps://api.example/data-auth

Host

api.example

Signature-KeyAAuth?

sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQ…

Signature-InputAAuth?

sig=("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed2…

SignatureAAuth?

sig=:Hh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4…

HTTP Signaturescheme=jwt

Covered Components

@method

@authority

@path

signature-key

Signature Base

"@method": GET

"@authority": api.example

"@path": /data-auth

"signature-key": sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQrand0In0…"

"@signature-params": ("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed25519"

Signature-Key Header

sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQrand0In0…"

Signature-Input Header

sig=("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed25519"

Agent Tokenaa-agent+jwt

Header

{"alg":"EdDSA",
"kid":"agent-key-1",
"typ"?Token type identifier. aa-agent+jwt = Agent Token, aa-resource+jwt = Resource Token, aa-auth+jwt = Auth Token:"aa-agent+jwt"
}

Payload

{"iss"?Issuer — who created and signed this token:"https://agent.example",
"sub"?Subject — who or what the token is about:"aauth:local@agent.example",
"dwk"?Discovery Well-Known — the metadata document path for key discovery (e.g. aauth-agent.json):"aauth-agent.json",
"jti"?JWT ID — unique identifier for this token (prevents replay):"a6ae301d-1dc7-4b75-8f8b-5612197664a7",
"cnf"?Confirmation — proof-of-possession claim binding this token to a key:{"jwk"?JSON Web Key — the public key bound to this token:
},
"iat"?Issued At — Unix timestamp when the token was created:1776222894,
"exp"?Expiration — Unix timestamp after which the token is invalid:1776226494,
"ps"?Person Server URL — the PS that represents this agent's user:"https://ps.example"
}

sig: 8byvGd-PR3uOLeS_HYOpbW7OD_8whUuD…

Resource Tokenaa-resource+jwt

Header

{"alg":"EdDSA",
"kid":"resource-key-1",
"typ"?Token type identifier. aa-agent+jwt = Agent Token, aa-resource+jwt = Resource Token, aa-auth+jwt = Auth Token:"aa-resource+jwt"
}

Payload

{"iss"?Issuer — who created and signed this token:"https://api.example",
"aud"?Audience — which party should accept this token:"https://ps.example",
"dwk"?Discovery Well-Known — the metadata document path for key discovery (e.g. aauth-agent.json):"aauth-resource.json",
"jti"?JWT ID — unique identifier for this token (prevents replay):"ec12c052-ab17-49e1-88d3-5e2317ba82c4",
"agent"?Agent identifier in aauth: URI format (e.g. aauth:local@domain):"aauth:local@agent.example",
"agent_jkt"?JWK Thumbprint of the agent's signing key — used for key binding:"tcP75aIbpvVmzZ0P-LIZeoLua8SuE8RGM4tO_2OkRpg",
"scope"?Authorized scope/permissions granted by this token:"read",
"iat"?Issued At — Unix timestamp when the token was created:1776222894,
"exp"?Expiration — Unix timestamp after which the token is invalid:1776223494
}

sig: 6QznE3sOp9JX6RY4a0olsuHZSIKAn5t4…