---
title: "Answering the Laws of AIdentity"
date: "2026-06-06T21:30:00-07:00"
lastmod: "2026-06-06T21:30:00-07:00"
description: "Patrick Parker's Seven Laws of AIdentity are an independently derived requirements list for agent identity systems: split actors, generated intent, bounded agency, continuous authorization, least exposure, justifiable chains, and proof-carrying action. This post crosswalks all seven onto the handbook's machinery, law by law, and names where the handbook delegates or declines."
summary: "Two derivations, one destination. Parker derives seven laws from the dynamics of delegated, generated action: who acted, under whose authority, through what chain, and how can you prove it. The handbook derives five laws from the invariants of delegated authority. This post runs the crosswalk: split actors land on Attribution and mediated custody, generated intent lands on per-action enforcement, bounded agency is the Mission object itself, continuous authorization is only-active-permits-reliance plus the discovery loop, least exposure meets its namesake post, justifiable chains land on act chains and source digests, and proof-carrying action is the evidence family with its integrity anchors and SCITT transparency. The convergence is the validation, and the gaps are named."
slug: "answering-the-laws-of-aidentity"
tags:
  - "Agentic Identity"
  - "Authorization"
  - "Mission-Bound Authorization"
  - "IAM"
  - "Delegated Authority"
series:
  - "proving-mission-bound-authorization"
---


{{< tldr >}}

- **The framing.** [The Seven Laws of AIdentity](https://www.linkedin.com/pulse/laws-aidentity-patrick-parker-zn9pe/) are Patrick Parker's requirements for agent identity systems, in the lineage of Kim Cameron's Laws of Identity: split actors, generated intent, bounded agency, continuous authorization, least exposure, justifiable action chains, and proof-carrying action. His closing question: who acted, under whose authority, through what chain, and how can you prove it.
- **The claim.** The handbook was derived from a different starting point, the invariants of delegated authority, and it answers all seven laws with named machinery: no bolt-ons, no reinterpretation. Independent derivations converging on the same requirements is the strongest external evidence that the missing layer is real.
- **What lives in this post.** [The crosswalk, all seven laws in one table](#the-crosswalk), [the three mappings worth reading closely](#three-mappings-worth-a-closer-look), and [where the handbook delegates or declines](#where-the-handbook-delegates-or-declines).
- **The laws.** [All five](/series/mission-bound-authorization/#the-five-laws-of-delegated-authority), crosswalked: Parker's seven and the handbook's five are different decompositions of the same layer, and the table shows which carries which.
- **Specs (editor's copies).** The [issuance core](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-oauth-mission.html), [runtime enforcement](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-mission-runtime.html), [Consent Evidence](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-oauth-mission-consent-evidence.html), and [Audit Transparency](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-mission-audit.html).

**Reading path.** ~12 minutes in order, or jump to [the crosswalk table](#the-crosswalk) for the whole mapping at a glance.

{{< /tldr >}}

# Overview

The strongest validation an architecture can get is a requirements
list it did not write. Patrick Parker's
[Seven Laws of AIdentity](https://www.linkedin.com/pulse/laws-aidentity-patrick-parker-zn9pe/)
are exactly that: a statement of what agent identity systems must
guarantee, derived from the dynamics of delegated, generated action
and framed in the lineage of Kim Cameron's Laws of Identity. Parker's
summary of the shift is one sentence: control moves from login to
action, and proof moves from logs to receipts. The question a system
must answer is who acted, under whose authority, through what chain,
and how can you prove it.

The handbook was derived from a different starting point: the
[five laws of delegated authority](/series/mission-bound-authorization/#the-five-laws-of-delegated-authority),
the invariants any implementation of the missing layer must satisfy.
Two independent derivations, one from agent dynamics and one from
authority invariants, should meet if the layer they describe is real.
This post runs that test, law by law. Where Parker's law lands on
existing handbook machinery, the crosswalk names the control and the
draft behind it. Where it lands on something the handbook delegates or
declines, the last section says so plainly, because a crosswalk that
maps everything perfectly has been fitted, not tested.

# The Crosswalk

| Parker's law | What it demands | The handbook's answer |
| --- | --- | --- |
| 1. The Split Actor | Principal, delegate, authorizer, approver, credential holder, and executor stay distinct actors, or attribution collapses | [Attribution](/series/mission-bound-authorization/#the-five-laws-of-delegated-authority): `subject` and `approver` as distinct `{iss, sub}` principals, the `act` chain on every hop, [attested instance identity](/notes/mission-sub-agents-and-delegation/), and mediated custody separating the credential holder from the executor |
| 2. Generated Intent | Agents generate specific intent after authority is granted, so authorize the action, not the agent | The handbook's enemy sentence, operationalized: [per-action PEP/PDP enforcement](/notes/mission-bound-runtime-enforcement-profile/) with parameter binding, and interpretation moved to consent time through [shaping and approval](/notes/mission-approval-integrity/) |
| 3. Bounded Agency | Explicit scope, purpose, constraints, time limits, budget, and revocation paths, with humans setting the boundaries | The [Mission object](/notes/the-mission-is-the-missing-abstraction/) itself: goal, purpose, constraints, `expires_at`, the derived Authority Set, Narrowing on every derivation, Termination as the revocation path, and [Consumption Metering](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-mission-metering.html) (experimental) for the budget |
| 4. Continuous Authorization | Authorize across discovery, invocation, execution, and outcome, not just at entry | Only `active` permits reliance, [freshness with a published bound](/notes/mission-lifecycle-and-change/), the [discovery loop](/notes/adopting-mission-bound-authorization/#composing-with-the-ecosystem) for runtime discovery, and Execution Evidence for the outcome |
| 5. Least Exposure | Agents request governed outcomes rather than hold broad reusable credentials, and credentials act only inside approved boundaries | Mediated custody (the agent never holds the key for mediated classes), narrow short-lived derivation from the Mission, and [Least Exposure Is Broader Than Least Privilege](/notes/least-exposure-is-broader-than-least-privilege/), the same law under the same name |
| 6. Justifiable Action Chains | The identity, provenance, and integrity of every chain participant is proven, not assumed | The `act` chain and [instance attestation](/notes/mission-sub-agents-and-delegation/), capabilities bound to source digests with drift failing closed as `capability_drift`, strict-subset [Child Missions](/notes/mission-sub-agents-and-delegation/) with cascade revocation |
| 7. Proof-Carrying Action | Receipts, not logs: signed proof of authority, constraint, attribution, execution, and outcome, tamper-evident | The [evidence family](/notes/mission-agent-runtime-and-audit/): Consent, Decision, and Execution Evidence joined on `mission_id`, the integrity anchors and `policy_version` committing what was authorized under what policy, and SCITT transparency for the hash-chained, tamper-evident feed |

Seven demands, seven answers, and every answer is a control that
existed before the crosswalk was drawn, with a draft behind it. That
is the difference between validation and retrofit.

# Three Mappings Worth a Closer Look

**Generated intent is the deepest agreement.** Parker's second law is
the observation this handbook calls its enemy: registration and token
issuance happen before the agent decides what to actually do, so a
system that authorizes only the agent will permit operations no human
approved. The handbook's whole shape follows from taking that
seriously twice. Interpretation moves to consent time, where the human
is present and the disclosure is committed, and then every generated
action is still checked at execution time against what was approved,
because approval is a moment and the work is a span. Authorize the
action, not the instrument, was the card chapter's rule 4. Parker
derived the same sentence from the other end.

**Least exposure arrives under its own name.** Parker's fifth law and
the handbook's
[exposure discipline](/notes/least-exposure-is-broader-than-least-privilege/)
are the same claim: what an agent can see and hold is an attack
surface independent of what it may do, so credentials belong inside
mediated execution boundaries and breadth of visibility is a risk to
budget, not a convenience to default. Mediated custody is the sharpest
instance: for the classes a deployment mediates, the agent cannot leak
a credential it never holds.

**Proof-carrying action is where the wire details matter.** Parker
asks for receipts with decision context, delegation evidence, policy
snapshots, and tamper detection. The handbook's evidence family maps
piece by piece: Decision Evidence carries the decision context
including denials, the `act` chain is the delegation evidence,
`policy_version` on the record makes the derivation re-checkable
against the policy that produced it, the integrity anchors commit what
was approved, and SCITT registration makes the whole feed append-only
and tamper-evident, committed by hash so the sensitive content stays
out of the log. The receipts-not-logs shift Parker names is the same
shift the handbook makes when it says audit joins on one identifier
or it is archaeology.

# Where the Handbook Delegates or Declines

An honest crosswalk names its remainders.

- **Necessity is not judged.** Parker's sixth law asks whether every
  chain participant is *necessary*, not merely authorized. The
  handbook verifies identity, provenance, integrity, and subset
  authority for participants, and bounds fan-out by count and depth.
  Whether a given sub-agent was needed at all is an orchestration and
  design judgment the protocol records but does not decide.
- **The generator's identity is evidence, not enforcement.** Which
  model produced a proposal is captured by Shaping Evidence as audit
  material. The handbook deliberately does not condition authorization
  on model identity, because a trustworthy model is not a property the
  authorization layer can verify.
- **Policy snapshots are references, not archives.** `policy_version`
  makes a derivation re-checkable if the deployment retains its policy
  history. Parker's full receipt vision, with policy snapshots inline,
  is a retention discipline the deployment must add.
- **Embodied agents are out of scope.** Parker's laws extend to
  cyber-physical surfaces. The handbook's bindings are protocol
  substrates. The laws travel, and the wire profiles for physical
  actuation do not exist yet, which the
  [substrate requirements](https://mcguinness.github.io/mission-bound-authorization/#go.draft-mcguinness-mission-substrate.html)
  draft would govern if someone writes one.

The convergence stands regardless. Parker's closing question, who
acted, under whose authority, through what chain, and how can you
prove it, is the [vendor test](/notes/mission-based-authorization-vendor-test/)
in different words, and the fact that two framings built independently
keep producing the same six questions is the point of this chapter:
the missing layer is not one proposal's opinion. It is what everyone
finds when they look.

