CIBA (CIBA)

security

Client Initiated Backchannel Authentication — an OAuth 2.0 extension (RFC 9126) that enables authentication and authorization flows initiated by a backend service rather than a user-facing browser. The user receives a push notification or out-of-band prompt to approve the request.

In shiftagent, CIBA is used for agent action approvals. When an AI agent attempts a high-risk operation (such as a financial transaction or credential rotation), the system initiates a CIBA flow that sends an approval request to the human operator. The agent pauses execution until the human approves or denies the action, ensuring human oversight for sensitive operations without requiring the human to be actively monitoring the agent.

Related terms

AI Agent Zero-Trust Architecture (ZTA)
← Back to Glossary