- From: Andor Kesselman <andor@andor.us>
- Date: Thu, 21 Aug 2025 17:20:49 -0700
- To: Daniel Hardman <daniel.hardman@gmail.com>
- Cc: Bob Wyman <bob@wyman.us>, Alan Karp <alanhkarp@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CADqsYLpbmy8L9mJvG3vECamSoYDKHY7TkARVwwC34kRP5oa5qQ@mail.gmail.com>
These are excellent questions & points. Just a quick flag: this is such a critical area of work relevant to the new DIF Working Group on Trusted AI Agents, with the first work item focused on Agent Authority Use Cases. This document will be brought forward for deeper discussion in that context. I’m quite excited to see how the group takes this forward and expands this. Amazing work by Alan ( who also gave a presentation at Stanford on this very subject ). For those interested in continuing the conversation in a structured and collaborative way, the WG is expected to launch next month, feel free to reach out if you have any questions. - Andor On Thu, Aug 21, 2025 at 2:33 PM Daniel Hardman <daniel.hardman@gmail.com> wrote: > Are you really comfortable with letting him combine the Q from Alice with >> the D from Bob? Doing this would allow Dave to do something that neither >> Bob nor Alice intended him to do. In fact, both Bob and Alice might be very >> surprised to learn that Dave had, in fact, done that thing. >> > > It seems to me that delegators MUST never assume that the only authority > possessed by their delegate is authority that they, themselves granted. > There are two sub-cases: > > 1. *The authorities held by delegators are disjoint*. Alice has authority > over IT systems at Acme; Bob has authority over physical facilities. These > two authorities don't overlap. Dave needs both physical access and IT > access to accomplish a task. From Alice's IT perspective, physical > facilities authority is out of scope and undefined. She MUST never make > assumptions about its state (other than the assumption that questions in > that domain are someone else's problem) when she makes decisions. > > 2. *The authorities held by delegators overlap*. Alice has authority over > IT system and physical facilities at Acme; Bob has authority just over > physical facilities. When Alice makes a decision about how to delegate to > Dave, and she chooses NOT to give Dave physical facilities access, is she > making the assumption that Dave will not get that access from Bob? And if > so, is that assumption justified? > > I think the answer in case #2 must be that Alice may need to do work to > actively protect herself, because access control systems can't predict > Alice's preference and therefore must be permissive enough for Alice to > prefer either answer. If she wants her refusal to grant physical facilities > access to be treated as a signal to enforce that lack of access, she--not > the access control system--must proactively make it so by querying whether > Dave already has the other authority via Bob (if yes, refuse to grant IT > access because she is trying to prevent the combination; if no, tell Bob > that she has refused to grant access and ask him to do the same). If, on > the other hand, Alice wants her refusal to grant access to mean that Dave's > access to physical facilities is not actively denied, but is rather > undefined in her mind, then she has to do nothing. The access control > system doesn't work according to Alice's intentions at a human level -- > only according to the question of whether Dave holds the right grants. > > --Daniel > >>
Received on Friday, 22 August 2025 00:21:05 UTC