Attribute-based access control (ABAC)
Authorization decisions keyed to attributes (the agent's claims, owner, trust tier, and delegation depth) rather than shared keys or static roles.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Authorization
Deciding whether a given actor is allowed to take a given action. Distinct from authentication (proving who you are); authorization is what an agent may do.
Read →Blast radius
The set of systems and data a compromised agent or credential could reach. Identity-scoped access shrinks it; cascade revocation contains it.
Read →Breakout controls
Runtime controls that keep an agent aligned to its mission: containing, redirecting, or stopping it when it veers off course, before the action lands.
Read →Cascade revocation
Revoking a parent credential instantly invalidates everything it delegated, collapsing the affected delegation tree rather than waiting for tokens to expire.
Read →Cedar
An open, formally analyzable policy language. Highflame authors authorization policy in Cedar and enforces the same policy at every boundary an agent crosses.
Read →CIBA
Client-Initiated Backchannel Authentication: an out-of-band flow that pauses a sensitive agent action for explicit, attributable human approval.
Read →