Letters of Marque for AI Agents: The 600-Year Authorization Architecture You're Reinventing

If you've implemented OAuth scopes, you've already touched the edge of a 600-year-old governance system. In January 2025, South, Marro, Hardjono, Mahari, and Pentland published arXi:2501.09674 - a three-token architecture for AI agent authorization extending OAuth 2.0 and OpenID Connect: User ID-token - standard OIDC identity. Who owns the agent. Agent-ID token - the agent's capabilities, limitations, and unique identifier. Delegation token - cryptographically signed, scoped, revocable. The authorization itself. They didn't reference privateering.