Abstract

This publication discloses methods and systems for governed execution proxies that bridge the gap between decision-governed authorization and target systems that cannot implement authorization verification. In one embodiment, a governed execution proxy receives an execution authorization derived from a sealed decision record, performs an authorization verification protocol comprising credential signature validation, condition verification, and invalidation status checking, and upon successful verification translates the authorization into a structured task record in a target system rather than directly executing the authorized action. The proxy enforces a credential isolation boundary where raw authorization credentials are retained within a trusted domain and only derived task metadata crosses to the target system, enabling legacy system integration without exposing credentials across cross- domain trust boundaries. In one embodiment, the governed execution proxy enables legacy enterprise software, manual execution processes, physical equipment, batch processing environments, message-based systems, and API-based services to participate in governed execution without modification, bridging heterogeneous systems through deferred task execution. In one embodiment, the proxy establishes a commitment boundary at verified acceptance — confirming that the target system has accepted the structured task record before reporting commitment — decoupling the commitment boundary from eventual task completion. In one embodiment, a governed proxy artifact with deferred execution semantics enables temporal constraints on authorization, maintaining the governance chain from decision through authorization through proxy through deferred execution through confirmation. In one embodiment, a fault isolation mechanism protects the authorization verification layer from target system unavailability. The credential isolation and authorization verification techniques disclosed herein intersect with zero trust architecture principles, OAuth token exchange patterns, and policy enforcement point designs, extending those established approaches to govern task record creation across heterogeneous system boundaries. The specific authorization verification protocol, task record format, target system interface, credential isolation mechanism, and fault isolation strategy are not prescribed.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Download

Share

COinS