Thesis PoC: delegated-authority authorization infrastructure for third-party AI agents acting against a mock university SIS (Kepler). Agents never impersonate users and never reach Kepler directly.
Five services + shared library:
| Service | Role | Port |
|---|---|---|
kepler-twin/ |
ITU-style mock university SIS (standalone FastAPI app, own venv) | 9000 |
services/auth_server |
Identity, consent, CIBA, Ed25519 JWT mint | 8001 |
services/gateway |
PEP: token validation + PDP consult + Kepler Twin proxy | 8000 |
services/pdp |
AuthZEN-aligned decision engine | 8002 |
services/mobile_simulator |
Trusted approval channel (device-bound Ed25519) | 8005 |
Kepler Twin is the only SIS used end-to-end; it exposes both a human UI (for
login + course management) and an /internal/* service-to-service surface
that the Gateway consumes under a shared X-Service-Token.
See docs/architecture/00-overview.md and docs/security/related-work.md for deeper rationale.
- No impersonation: user (
sub) and agent (act.sub) are distinct principals (RFC 8693). - Deny-by-default; PDP short-circuits on first failing rule.
- PEP/PDP separation (NIST SP 800-162 + OpenID AuthZEN).
- Fresh approval for high-risk: action-bound, single-use, short-lived JWTs.
- Ed25519 JWS tokens; JWKS rotation-friendly.
- Device-bound signed approval evidence from mobile (non-repudiation).
- Every decision correlated with a
request_idand appended to a JSONL audit store.
# 1. Create venv and install
python3.12 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
# 2. Bootstrap: generate JWKS keys + seed demo data
python -m scripts.bootstrap
# 3. Run all five services (five terminals or use scripts/run-all-dev.sh)
bash scripts/run-all-dev.sh
# 4. Run a demo
bash scripts/demo-low-risk.sh # schedule.read happy path
bash scripts/demo-high-risk.sh # course.add with mobile approval
# 5. Run tests
pytest -vThe production-like deployment target is a Linux VM running Docker Compose behind Caddy with automatic HTTPS. See docs/deployment/aws-ec2-caddy.md or docs/deployment/azure-vm-caddy.md.
- Agent → Auth Server: CIBA-like token request (
user_hint,scope, optionalaction+resource). - Auth Server → Mobile: push approval.
- Mobile → Auth Server: device-signed
approval_evidence. - Auth Server → Agent: delegated Ed25519 JWT (contains
subuser +act.subagent). - Agent → Gateway:
POST /v1/actions/{action_name}+ bearer token. - Gateway: validate JWT + introspect + enrich context.
- Gateway → PDP: AuthZEN decision request.
- PDP: rule pipeline; short-circuit on first deny.
- Gateway → Kepler: internal call only if permit.
- Response → Agent. Audit event written at every step with shared
request_id.
- OAuth 2.1 draft-ietf-oauth-v2-1, CIBA Core 1.0, RFC 8693 (
actclaim), RFC 7662 (introspection), RFC 7009 (revocation), OpenID AuthZEN draft.
MIT (thesis project).