Hi everyone,
Over the past year I’ve been working on a set of standards around permissioned execution (ERC-8102/8103), and one thing that keeps reappearing across multiple proposals (including recent “agent authorization” discussions) is the same missing layer:
We lack a general, first-class authorization primitive that exists independently of execution.
Most systems today conflate authorization with:
-
execution,
-
scheduling,
-
automation,
-
or implicit contract state (approvals, allowances, sessions).
This makes permission difficult to reason about as a persistent object.
I’m proposing Authorization Objects (AO) as a minimal root primitive:
-
an EIP-712 typed object,
-
signed by a grantor,
-
granting a grantee permission within an opaque scope,
-
with explicit time bounds and revocation,
-
and no execution semantics.
This ERC intentionally does not define:
-
how or when anything executes,
-
what assets are involved,
-
or whether any action happens at all.
It only defines:
how consent exists as machine-verifiable state.
Downstream standards (e.g. token pulls, agent delegation, API access, governance) can define profiles that interpret scope, without redefining the primitive.
PR here:
Discussion welcome, especially around:
-
scope representation,
-
registry vs pure off-chain objects,
-
and how people see this composing with existing standards.
– Mats