@techreport{mw-spice-actor-chain-05,
    number =    {draft-mw-spice-actor-chain-05},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-mw-spice-actor-chain/05/},
    author =    {A Prasad and Ramki Krishnan and Diego Lopez and Srinivasa Addepalli},
    title =     {{Cryptographically Verifiable Actor Chains for OAuth 2.0 Token Exchange}},
    pagetotal = 97,
    year =      2026,
    month =     apr,
    day =       25,
    abstract =  {Multi-hop service-to-service and agentic workflows need a standardized way to preserve and validate delegation-path continuity across successive token exchanges. This document defines six actor- chain profiles for OAuth 2.0 Token Exchange {[}RFC8693{]}. {[}RFC8693{]} permits nested act claims, but prior actors remain informational only and token exchange does not define how a delegation path is preserved and validated across successive exchanges. This document profiles delegation-chain tokens and defines profile- specific processing for multi-hop workflows. The six profiles are: Declared Full Disclosure; Declared Subset Disclosure; Declared Actor- Only Disclosure; Verified Full Disclosure; Verified Subset Disclosure; and Verified Actor-Only Disclosure. These profiles preserve the existing meanings of sub, act, and may\_act. They support same-domain and cross-domain delegation and provide different tradeoffs among visible chain-based authorization, cryptographic accountability, auditability, privacy, and long-running workflow support. Plain RFC 8693 impersonation-shaped outputs remain valid RFC 8693 behavior but are outside this profile family.},
}