Skip to content

akifitu/kepler-agent-authorization-thesis

Repository files navigation

Kepler Agent Authorization Infrastructure

Thesis PoC: delegated-authority authorization infrastructure for third-party AI agents acting against a mock university SIS (Kepler). Agents never impersonate users and never reach Kepler directly.

Architecture

Five services + shared library:

Service Role Port
kepler-twin/ ITU-style mock university SIS (standalone FastAPI app, own venv) 9000
services/auth_server Identity, consent, CIBA, Ed25519 JWT mint 8001
services/gateway PEP: token validation + PDP consult + Kepler Twin proxy 8000
services/pdp AuthZEN-aligned decision engine 8002
services/mobile_simulator Trusted approval channel (device-bound Ed25519) 8005

Kepler Twin is the only SIS used end-to-end; it exposes both a human UI (for login + course management) and an /internal/* service-to-service surface that the Gateway consumes under a shared X-Service-Token.

See docs/architecture/00-overview.md and docs/security/related-work.md for deeper rationale.

Core Security Principles

  • No impersonation: user (sub) and agent (act.sub) are distinct principals (RFC 8693).
  • Deny-by-default; PDP short-circuits on first failing rule.
  • PEP/PDP separation (NIST SP 800-162 + OpenID AuthZEN).
  • Fresh approval for high-risk: action-bound, single-use, short-lived JWTs.
  • Ed25519 JWS tokens; JWKS rotation-friendly.
  • Device-bound signed approval evidence from mobile (non-repudiation).
  • Every decision correlated with a request_id and appended to a JSONL audit store.

Quick Start

# 1. Create venv and install
python3.12 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"

# 2. Bootstrap: generate JWKS keys + seed demo data
python -m scripts.bootstrap

# 3. Run all five services (five terminals or use scripts/run-all-dev.sh)
bash scripts/run-all-dev.sh

# 4. Run a demo
bash scripts/demo-low-risk.sh    # schedule.read happy path
bash scripts/demo-high-risk.sh   # course.add with mobile approval

# 5. Run tests
pytest -v

Deployment

The production-like deployment target is a Linux VM running Docker Compose behind Caddy with automatic HTTPS. See docs/deployment/aws-ec2-caddy.md or docs/deployment/azure-vm-caddy.md.

Flow Summary

  1. Agent → Auth Server: CIBA-like token request (user_hint, scope, optional action+resource).
  2. Auth Server → Mobile: push approval.
  3. Mobile → Auth Server: device-signed approval_evidence.
  4. Auth Server → Agent: delegated Ed25519 JWT (contains sub user + act.sub agent).
  5. Agent → Gateway: POST /v1/actions/{action_name} + bearer token.
  6. Gateway: validate JWT + introspect + enrich context.
  7. Gateway → PDP: AuthZEN decision request.
  8. PDP: rule pipeline; short-circuit on first deny.
  9. Gateway → Kepler: internal call only if permit.
  10. Response → Agent. Audit event written at every step with shared request_id.

References

  • OAuth 2.1 draft-ietf-oauth-v2-1, CIBA Core 1.0, RFC 8693 (act claim), RFC 7662 (introspection), RFC 7009 (revocation), OpenID AuthZEN draft.

License

MIT (thesis project).

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors