docs / architecture

System architecture

How the AuthR control plane, Issuing Authority, Verifier, and registries compose into a deployable system.

Overview

AuthR introduces a new control plane layer that sits above existing IAM infrastructure. It does not replace OAuth, SAML, or RBAC — it adds the authorship assertion layer that those systems cannot provide. The architecture separates three concerns: issuance (creating AuthR records), verification (enforcing invariants at resource boundaries), and audit (immutable logging of every authorship event).

Authorship layer

Issuing AuthorityAuthor RegistryAgent Registry

Enforcement layer

Verifier (per resource boundary)Policy EngineHITL Gateway

Audit layer

Immutable Audit Log (Kafka)Compliance Query APIDrift Monitor

Existing IAM (unchanged)

OAuth / OIDCSAML / LDAPRBAC / ABAC

Control plane

The AuthR control plane is responsible for minting, extending, and revoking AuthR records. It is analogous in role to an OAuth Authorization Server, but for authorship rather than access. In v0.1, the control plane is a single Issuing Authority. In v0.2, it federates across trust domains.

The control plane is not in the hot path of agent execution. Records are minted at authorship time (when a human or verified digital twin delegates authority), not at every API call. This means the control plane can be high-integrity and slightly slower without impacting agent throughput.

Issuing Authority

The Issuing Authority is the component that mints and extends AuthR records. It performs three functions: it validates that the requesting author is grounded (tied to an HR record or board approval), it constructs the AuthR record with correct provenance, and it signs the record using Ed25519 via an HSM-backed key.

# Issuing Authority interface (Python reference) class IssuingAuthority: def issue_root(self, *, author, actor, intent, scope, data_sources=None, correlation_id=None) -> AuthRRecord: # Validate author grounding # Construct record # Sign with HSM-backed Ed25519 # Return signed record def extend(self, *, parent, actor, attenuated_scope) -> AuthRRecord: # Assert scope narrows (invariant 4) # Assert depth within bounds # Preserve author and intent # Sign and return def revoke(self, authr_id: str) -> None: # Mark record as revoked in registry # Publish revocation event to Kafka

Verifier

The Verifier is a library embedded at every resource boundary — the last-mile enforcement point. It is not a service; it is a dependency that every resource server imports. This ensures enforcement happens structurally, not by policy, and cannot be bypassed by routing around a gateway.

The Verifier checks all six invariants in order and fails fast on the first violation. It consults the trust store for signature verification and the revocation endpoint for real-time status.

# Verifier usage at a resource boundary from authr import Verifier verifier = Verifier(trust_store=trust_store) def handle_wire_transfer(authr_chain: list[AuthRRecord], request): result = verifier.verify_chain(authr_chain) if not result.passed: raise AuthorizationError(result.violations[0]) # Proceed with wire transfer

Author Registry and Agent Registry

The Author Registry maps author DIDs to grounding evidence — HR records, board approvals, professional licenses. It is the source of truth for who is permitted to be named as an author in an AuthR record. In enterprise deployments this is typically backed by the HRMS.

The Agent Registry maps agent SPIFFEs to model manifests and attestation records. It enables the Verifier to confirm that the model running under a given agent identity matches the manifest in the AuthR record. Swapping the model under a stable agent ID is a known attack vector — the Agent Registry closes it.

Data plane — what travels with the request

AuthR records travel alongside existing OAuth tokens, not instead of them. The actor presents its OAuth access token for API authorization as normal. The AuthR record (or chain) travels as an additional header or body parameter. The Verifier at the resource boundary checks the AuthR chain before the request is processed.

Header convention (proposed)
X-AuthR-Record: <base64url-encoded AuthR chain JSON>
Authorization: Bearer <OAuth access token>

Deployment patterns

Recommended for v0.1

Single-tenant enterprise

Issuing Authority deployed as an internal service. Author Registry backed by HRMS (Workday, SAP). Agent Registry backed by internal MLOps platform. Verifier embedded in every internal service SDK.

v0.2

Multi-tenant SaaS

Issuing Authority hosted by Identient. Each tenant has an isolated Author and Agent Registry. Records are tenant-scoped by DID namespace. Cross-tenant chains require explicit federation agreements.

v0.2

Federated enterprise

Each business unit runs its own Issuing Authority. Records cross trust domains via OAuth Federation. Author Registries federate via DID resolution. Each domain verifies the full chain using its own trust store.

Production infrastructure stack

The v0.1 playground uses mocked signatures and in-memory state. Production replaces these with enterprise-grade components:

Signing

v0.1 playgroundDeterministic hash (mock)

ProductionEd25519 via AWS KMS or Hashicorp Vault

Workload identity

v0.1 playgroundStatic SPIFFE string

ProductionSPIFFE/SPIRE with real SVIDs

Audit log

v0.1 playgroundAirtable (demo)

ProductionKafka with immutable topic retention

Author Registry

v0.1 playgroundHardcoded CFO record

ProductionHRMS API (Workday, SAP SuccessFactors)

Agent Registry

v0.1 playgroundHardcoded manifest

ProductionMLOps platform with signed manifests

Revocation

v0.1 playgroundNot implemented

ProductionEvent-driven via Kafka + short TTLs

HITL gateway

v0.1 playgroundGmail / Slack webhook

ProductionDedicated approval service with audit trail