User-defined access policies
A policy-management console where a citizen sets conditional sharing rules in advance that the authorization server evaluates when an agent later requests access.
A citizen often will not be present when their agent needs to act: a tax agent files months after being authorized, an assistant checks a payment status overnight. The agency needs a way for the citizen to set, in advance, what an agent may do and under what conditions, so access can be granted or refused later without the citizen in the loop.
The challenge is to let a citizen express those standing rules in terms they understand, not raw permission grants.
An agency needs a citizen to be able to express standing, conditional rules in advance that it can evaluate when an agent later requests access, granting or refusing without the citizen present.
Policy-based delegation shifts the burden to the setup phase, where citizens who cannot reason through conditional rules risk setting policies that grant too much or block the access they intended, often without realizing it. Keep the path open with government-provided policy templates for common delegation scenarios ('I'm authorizing a tax professional' becomes a pre-built policy set), expressed in plain language rather than raw permission grants, with the option to customize for advanced users.
Conditional rules such as access only during business hours and only for tax preparation are offered through a guided template picker the citizen can edit, rather than left as raw policy to author.
No surface has been built yet; the approach above is the brief for one.
Emerging for letting a citizen set standing, conditional rules that an agency evaluates without the citizen present; the response exists as a worked-out approach but has seen limited adoption.
UMA 2.0 (User-Managed Access). An OAuth-based protocol that separates the resource owner from the requesting party. It allows a user to delegate access to software that someone else is using; the resource owner sets sharing policies through a central console (the authorization server); access decisions can be made asynchronously (the resource owner need not be present when access is requested); it supports multi-user sharing where one user's policies affect another's access; and policies can express conditions ("User B can access my tax records only during business hours and only for the purpose of tax preparation").
UMA's model of asynchronous, policy-based access delegation is highly relevant for AI agents. The citizen sets policies in advance ("my tax agent can view my returns but not amend them; my AI assistant can check my Centrelink payment status but not change my bank details"). The agent requests access, the authorization server evaluates the request against the citizen's policies, and grants or denies access without the citizen needing to be present.
Limitations: UMA has seen limited adoption compared to standard OAuth, partly due to its complexity. Government services would need to invest in the policy management UX, helping citizens set meaningful policies without overwhelming them.
Without server-side policy limits, an agent can expand its reach into unrelated records during an automated run. Pre-set, conditional policies evaluated server-side mean it only ever gets the narrow access the citizen defined.