The Identity Assertion JWT Authorization Grant (ID-JAG) is a profile of the JWT Authorization Grant [RFC7523] that grants a client delegated access to a resource in another trust domain on behalf of a user without a direct user-approval step at the authorization server.

Along similar lines to Solid-OIDC, this could be used to effectively let people log in to "the Fediverse as a whole" rather than forcing them to authenticate separately to every single server they want to use.

I'm glossing over a lot of details, of course.

(It's a shame this document feels the need to use the word "enterprise" no less than 68 times. This leaves me kind of itching to find something fundamentally broken about it.)