Great post! The impersonation vs. delegation framing is spot on.
Even in enterprise SSO, proper delegation is clunky. We've toyed with OAuth 2.0 Token Exchange (RFC 8693), but support is patchy and confusing. An actor claim baked into tokens would add much-needed auditability.
Even in enterprise SSO, proper delegation is clunky. We've toyed with OAuth 2.0 Token Exchange (RFC 8693), but support is patchy and confusing. An actor claim baked into tokens would add much-needed auditability.