Update nexus: fix conflicts and sync local changes
This commit is contained in:
Shen Wei
@@ -1,40 +1,40 @@
|
||||
---
|
||||
title: "Delegation-Chain"
|
||||
type: concept
|
||||
tags: [authorization, delegation, multi-hop]
|
||||
sources: [agentic-identity-trust.md]
|
||||
last_updated: 2026-04-25
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
Delegation-Chain(委托链)是一种多跳授权链机制——当 Agent A 授权 Agent B 代表其行事,Agent B 可以进一步授权 Agent C,但每一跳都必须满足:签名有效 + 作用域不扩大 + 时间未过期。
|
||||
|
||||
## Chain Structure
|
||||
|
||||
```
|
||||
Agent A ──signs──> Agent B (scope: trade.execute)
|
||||
│
|
||||
└──signs──> Agent C (scope: trade.execute, audit.write) ❌ scope_escalation
|
||||
```
|
||||
|
||||
## Verification Rules
|
||||
|
||||
每条委托链必须通过三项验证:
|
||||
1. **签名有效性**:当前 Agent 的签名必须可被其公钥验证
|
||||
2. **作用域不扩大**:本跳授权的作用域不得宽于上一跳
|
||||
3. **时间有效性**:委托链中任意节点过期,则整链失效
|
||||
|
||||
## Fail-Closed Behavior
|
||||
|
||||
- 委托链的任意链节断裂 → **整链无效**
|
||||
- 委托链的任意节点过期 → **整链无效**
|
||||
- 无法验证某节点签名 → **整链无效**
|
||||
|
||||
## Relationships
|
||||
- [[Zero-Trust]]:Delegation-Chain 是 Zero-Trust 授权验证的核心机制
|
||||
- [[Fail-Closed]]:委托链验证采用 Fail-Closed 策略(任意断裂则整链失效)
|
||||
- [[Peer-Verification]]:Peer-Verification 协议在有委托时必须验证 Delegation-Chain
|
||||
|
||||
## Sources
|
||||
- [[agentic-identity-trust.md]]
|
||||
---
|
||||
title: "Delegation-Chain"
|
||||
type: concept
|
||||
tags: [authorization, delegation, multi-hop]
|
||||
sources: [agentic-identity-trust.md]
|
||||
last_updated: 2026-04-25
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
Delegation-Chain(委托链)是一种多跳授权链机制——当 Agent A 授权 Agent B 代表其行事,Agent B 可以进一步授权 Agent C,但每一跳都必须满足:签名有效 + 作用域不扩大 + 时间未过期。
|
||||
|
||||
## Chain Structure
|
||||
|
||||
```
|
||||
Agent A ──signs──> Agent B (scope: trade.execute)
|
||||
│
|
||||
└──signs──> Agent C (scope: trade.execute, audit.write) ❌ scope_escalation
|
||||
```
|
||||
|
||||
## Verification Rules
|
||||
|
||||
每条委托链必须通过三项验证:
|
||||
1. **签名有效性**:当前 Agent 的签名必须可被其公钥验证
|
||||
2. **作用域不扩大**:本跳授权的作用域不得宽于上一跳
|
||||
3. **时间有效性**:委托链中任意节点过期,则整链失效
|
||||
|
||||
## Fail-Closed Behavior
|
||||
|
||||
- 委托链的任意链节断裂 → **整链无效**
|
||||
- 委托链的任意节点过期 → **整链无效**
|
||||
- 无法验证某节点签名 → **整链无效**
|
||||
|
||||
## Relationships
|
||||
- [[Zero-Trust]]:Delegation-Chain 是 Zero-Trust 授权验证的核心机制
|
||||
- [[Fail-Closed]]:委托链验证采用 Fail-Closed 策略(任意断裂则整链失效)
|
||||
- [[Peer-Verification]]:Peer-Verification 协议在有委托时必须验证 Delegation-Chain
|
||||
|
||||
## Sources
|
||||
- [[agentic-identity-trust.md]]
|
||||
|
||||
Reference in New Issue
Block a user