Abstract

This publication discloses methods and systems in which the right to perform an action — an action entitlement — originates from a validated decision outcome rather than from any property of the party presenting the request. In one embodiment, when a decision outcome establishes that a particular action with particular values is warranted, an action entitlement is derived whose scope is determined entirely by what was decided, excluding all identity-derived factors from the entitlement scope. This decision-derived authorization model inverts the identity-based authorization baseline: instead of asking “who is requesting this?” and matching the answer against permissions, the system asks “what was decided?” and derives the right to act from the decision outcome alone, addressing the confused deputy problem by enforcing least privilege through capability-based security. In one embodiment, the action entitlement includes a parameter binding digest that structurally binds the entitlement to specific action parameters so that any alteration renders it invalid, achieving parameter-bound authorization at the level of exact action values rather than broad permission categories. The entitlement may be progressively restricted by adding conditions without re-derivation from the originating decision. In one embodiment, a structural separation between an analysis domain and an effect domain ensures that components in the analysis domain cannot directly invoke operations that produce external effects — the action entitlement serves as the sole bridge between domains, with ordered multi-step verification at the effect boundary confirming entitlement validity before any effect is produced. In container and microservice security, the structural separation between analysis and effect domains functions analogously to a sandboxed execution environment with network policy enforcement, preventing lateral movement from a compromised component regardless of that component’s credentials. An execution proof artifact records that an authorised action was performed with non-repudiation, establishing decision-to- execution traceability from decision outcome through action entitlement to verified execution under zero-trust authorization principles. The disclosed approaches provide identity-independent execution authorization with compromise containment: because a compromised component can only exercise entitlements that specific decisions have already authorised, the blast radius of compromise is structurally bounded regardless of the compromised component’s credentials, achieving process isolation without static permission assignment or over-privileged service accounts.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Download

Share

COinS