Skip to main content

Authorization Concepts

WL-APDP implements a novel Intent-Goal Authorization model designed specifically for AI agent ecosystems.

Traditional vs Intent-Goal Authorization

Traditional Authorization

Traditional authorization models like RBAC and ABAC answer: "Can this user perform this action on this resource?"

User Alice → Action: Read → Resource: Document123 → Allow/Deny

Intent-Goal Authorization

Intent-Goal Authorization extends this by considering the context of why an action is being performed:

Agent → Intent: Summarize sales data
     → Goal: Quarterly report generation
     → Action: Read
     → Resource: SalesDatabase
     → Allow/Deny

Core Concepts

Principal

The entity requesting authorization. In AI agent ecosystems, this is typically:

  • User: The human who initiated the agent task
  • Agent: The AI agent performing the action
  • Service: A backend service acting on behalf of agents

Action

The operation being performed:

  • read, write, delete - Standard CRUD operations
  • execute - Running tools or functions
  • delegate - Granting permissions to other agents

Resource

The object being accessed:

  • Documents: Files, databases, APIs
  • Tools: MCP servers, functions
  • Agents: Other AI agents (for delegation)

Intent

The immediate purpose of the action. Examples:

  • "Summarize this document"
  • "Query customer data"
  • "Send notification email"

Intents are typically provided by the agent and validated against allowed patterns.

Goal

The broader objective the action serves. Examples:

  • "Generate quarterly report"
  • "Handle customer support ticket"
  • "Perform security audit"

Goals establish the business context for authorization decisions.

Delegation Chain

A chain of trust showing how permissions were delegated:

Admin Alice → Agent Coordinator → Research Agent → Tool Agent

Each link in the chain must be authorized. This ensures:

  • Agents can only act within their delegated scope
  • Actions are traceable to the original authorizer
  • Permissions don't escalate through delegation

Authorization Flow

┌─────────────────────────────────────────────────────────────┐
│                    Authorization Request                     │
│  Principal: User::"alice"                                   │
│  Action: Action::"read"                                     │
│  Resource: Document::"quarterly-report"                     │
│  Context:                                                   │
│    intent: "summarize financial data"                       │
│    goal: "quarterly earnings call preparation"              │
│    delegation_chain: ["alice", "finance-agent"]            │
└─────────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│              Step 1: Delegation Chain Validation            │
│  - Verify each delegator had permission to delegate         │
│  - Check delegation didn't exceed scope                     │
└─────────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│                  Step 2: Intent Validation                  │
│  - Check intent matches allowed patterns                    │
│  - Verify intent is consistent with action                  │
└─────────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│                   Step 3: Goal Validation                   │
│  - Verify goal is permitted for this principal              │
│  - Check action is appropriate for goal                     │
└─────────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│              Step 4: Policy Selection & Evaluation          │
│  - Select applicable policies based on metadata             │
│  - Evaluate Cedar policies                                  │
│  - Return decision (Allow/Deny + reasons)                   │
└─────────────────────────────────────────────────────────────┘

Policy Evaluation

Intelligent Policy Selection

Before evaluating policies, WL-APDP filters to only applicable policies:

  1. Principal Match: Policy applies to this principal type
  2. Action Match: Policy covers this action
  3. Resource Match: Policy applies to this resource type
  4. Context Match: Required context fields are present

This achieves 20-30x performance improvement over evaluating all policies.

Cedar Evaluation

Selected policies are evaluated using the Cedar engine:

  • permit policies grant access
  • forbid policies deny access
  • forbid takes precedence over permit
  • No matching policies = default deny

Example Request

{
  "principal": "User::\"alice\"",
  "action": "Action::\"read\"",
  "resource": "Document::\"financial-report-2024\"",
  "context": {
    "intent": "summarize Q4 financial data",
    "goal": "prepare earnings call materials",
    "delegation_chain": [
      {"from": "User::\"alice\"", "to": "Agent::\"finance-assistant\""}
    ]
  }
}

Example Response

{
  "decision": "allow",
  "reasons": [
    {
      "policy_id": "finance-read-policy",
      "description": "Finance team members can read financial documents"
    }
  ],
  "diagnostics": {
    "policies_evaluated": 3,
    "policies_applicable": 1,
    "evaluation_time_ms": 2
  }
}

Next Steps