2.1 Established

Fine-grained scope negotiation

A consent screen that renders a scope object as a plain-language permission a citizen can grant or narrow, with a sensible default bundle.

01 Emerging Challenges

As citizens authorize agents to act in government services, they will need to grant a single, bounded permission, such as "submit my annual tax return for the 2025 financial year but not access my superannuation records," rather than a coarse read-or-write grant. Conventional authorization scopes are blunt strings that cannot carry that nuance, so the difficulty is expressing and granting authority narrow enough to bound one transaction.

02 Assurance

An agency needs each grant to be narrow and inspectable enough to bound a single transaction, so that what the agent may do is exactly what the citizen authorized and no more.

03 Access

Granular per-scope consent overwhelms users with low digital literacy or limited time, who may abandon the grant or approve everything without reading it, defeating the point of narrow scoping. Keep the path open with a plain-language summary on every scope, a pre-selected standard bundle as the default fast path, and an assisted-digital route for citizens who cannot set up the delegation alone.

04 Response surface

Interaction design

City Digital Services

Authorize your assistant

Choose exactly what your assistant may do for your property tax relief application. You can narrow any of these now or change them later.

Standard bundle3 of 5 permissions granted

Make single payments on my behalf

One transaction at a time, up to $500. Each payment still needs my confirmation.

Read my income documents

Read-only, and only for this application. The assistant cannot change or share them.

Use my name and address

To pre-fill forms. Nothing sensitive beyond contact details.

Act without asking each timebroad

Ongoing authority with no per-action confirmation. Rarely needed, off by default.

Share my data with other servicesbroad

Pass your documents to third parties. Off unless you turn it on.

Or get in-person help at any service center.

The scope object (policy)

authorization_details: [
  {
    type: "payment_initiation"
    amount: "≤ $500"
    when: "single_transaction"
  },
  {
    type: "document_read"
    mode: "read_only"
    purpose: "this_application"
  },
  {
    type: "identity_read"
    fields: ["name","address"]
  }
]

This object updates live as the citizen narrows their grant. The surface and the policy are the same decision, seen two ways.

The response this pattern proposes

Each authorized action is rendered as a single plain-language permission in a toggle list, with a standard bundle pre-selected by default that the citizen can narrow before granting.

05 Maturity

Established Headline

For granting a typed, single-transaction scope.
Frontier

In government, where no service catalog yet defines actions as machine-readable scopes to grant against.

06 Precedents

OAuth 2.0 Rich Authorization Requests (RAR), RFC 9396 (May 2023). Introduces an authorization_details parameter carrying a JSON array of typed authorization objects, each specifying a type, locations, actions, and arbitrary domain-specific fields, narrowing as far as a single transaction.

GNAP, RFC 9635. A fine-grained delegation protocol supporting asynchronous authorization (no browser required) and software-only clients. Both matter for AI agents that may not have a user present at the moment of request.

07 Transferability

RAR's JSON authorization objects are directly transferable to government service scoping. A government service catalog could define authorization_details types for each service action (lodge, view, amend, withdraw). GNAP's async interaction model suits agents that operate without a browser session. The gap: no government currently publishes a machine-readable catalog of actions that could populate these structures.

08 Where things go wrong

Without scoping, the failure is an over-broad grant: an agent given general access reaches far beyond its task. Scoped, revocable grants narrow the blast radius, so an agent authorized only to lodge the 2025 return cannot reach superannuation or trigger a debt-recovery action.

09 Sources

2 references IETF