As API adoption matured in enterprise organizations, a natural pattern emerged and we are seeing something similar in AI agent architectures: using layers to contain complexity. Dealing with team boundaries, business flows, communication patterns, etc can get complex very fast. Starting with basic building blocks and then layering in concepts around reusability, encapsulation and separation of responsibilities help to reduce cognitive overload.| ceposta Technology Blog
In our recent engineering face-to-face, one of our engineers raised what seemed like a simple question: “Why can’t we just pass the user’s OIDC token through to the agent? Why complicate things with separate agent identities if we don’t need to?”| ceposta Technology Blog
This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.| www.rfc-editor.org