Cascade revocation
Revoking a parent credential instantly invalidates everything it delegated, collapsing the affected delegation tree rather than waiting for tokens to expire.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Cedar
An open, formally analyzable policy language. Highflame authors authorization policy in Cedar and enforces the same policy at every boundary an agent crosses.
Read →CIBA
Client-Initiated Backchannel Authentication: an out-of-band flow that pauses a sensitive agent action for explicit, attributable human approval.
Read →Delegated authority
The model where an agent acts on behalf of a human or another agent, holding strictly less authority than the principal that authorized it, and provably distinct from that principal.
Read →Delegation depth
How many on-behalf-of hops a credential sits from its original human authorizer. Highflame enforces depth as a first-class policy primitive.
Read →DPoP
Demonstrating Proof-of-Possession (RFC 9449): binds a token to a proof key so a stolen token is inert without it.
Read →Guardrails
Inline detection and enforcement on an agent's prompts, tool calls, and responses: blocking unsafe actions in real time.
Read →