Authorization
Deciding whether a given actor is allowed to take a given action. Distinct from authentication (proving who you are); authorization is what an agent may do.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Blast radius
The set of systems and data a compromised agent or credential could reach. Identity-scoped access shrinks it; cascade revocation contains it.
Read →Breakout controls
Runtime controls that keep an agent aligned to its mission: containing, redirecting, or stopping it when it veers off course, before the action lands.
Read →Cascade revocation
Revoking a parent credential instantly invalidates everything it delegated, collapsing the affected delegation tree rather than waiting for tokens to expire.
Read →Cedar
An open, formally analyzable policy language. Highflame authors authorization policy in Cedar and enforces the same policy at every boundary an agent crosses.
Read →CIBA
Client-Initiated Backchannel Authentication: an out-of-band flow that pauses a sensitive agent action for explicit, attributable human approval.
Read →Delegated authority
The model where an agent acts on behalf of a human or another agent, holding strictly less authority than the principal that authorized it, and provably distinct from that principal.
Read →