CIBA
Client-Initiated Backchannel Authentication: an out-of-band flow that pauses a sensitive agent action for explicit, attributable human approval.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Delegated authority
The model where an agent acts on behalf of a human or another agent, holding strictly less authority than the principal that authorized it, and provably distinct from that principal.
Read →Delegation depth
How many on-behalf-of hops a credential sits from its original human authorizer. Highflame enforces depth as a first-class policy primitive.
Read →DPoP
Demonstrating Proof-of-Possession (RFC 9449): binds a token to a proof key so a stolen token is inert without it.
Read →Guardrails
Inline detection and enforcement on an agent's prompts, tool calls, and responses: blocking unsafe actions in real time.
Read →Identity provider (IdP)
The system that issues and manages identities. Highflame extends your existing IdP to agents rather than replacing it.
Read →Inline enforcement
Evaluating and deciding on an action before it executes, out-of-band and fail-closed, rather than detecting it after the fact.
Read →