Concepts · six clickable primitives

The six primitives KYE ships.

KYE Protocol is built on six primitives. Each is a real protocol object — a schema, an endpoint, an example payload, a decision role, an audit event — not an explanatory abstraction. Click any card to jump straight to its definition + schema + endpoint + open-banking flow.

person Identity link On-Behalf-Of tune Authority filter_alt Scope timeline State verified Audit
Why six

Together they answer six questions.

Identitywho or what is acting?  On-Behalf-Ofon whose behalf?  Authorityunder what authority?  Scopewithin what scope?  Statein what state?  Auditwith what proof?

Combined, they produce Authority Finality: a replayable, signed answer to all six questions for every action a human, service or AI agent takes.

Primitive 1 / 6 · vocabulary →

person Identity — one URN, every actor.

Definition. A KYE identity is a single durable URN that uniquely names any actor — human, service, AI agent, model, tool, workflow, business — and binds it to a public key. URN format: kye:<class>:<trust-domain>:<subclass>:<local>. Identifiers persist across rebuilds, redeployments, and tool invocations.

Schema
https://kyeprotocol.com/schemas/entity.json
Endpoints
POST /v1/entities · GET /v1/entities/{id} · POST /v1/entities/{id}:rotate-key
Decision role
Resolves subject, actor, and principal in every authorize call.
Audit event
entity.registered · entity.key_rotated · entity.tombstoned

Open-banking example.

  • kye:human:acme.eu:psu:alice-meier — payment-service user (account holder).
  • kye:business:acme.eu:corp:acme-treasury-gmbh — corporate account holder.
  • kye:agent:fintech-x.eu:tpp:ai-finance-bot — the TPP’s AI finance agent.
  • kye:service:bank-z.eu:aspsp:rail-gateway — the bank’s ASPSP rail.
Primitive 2 / 6 · the missing layer

link On-Behalf-Of — the layer most stacks omit.

Definition. A signed delegation chain that binds every action back to a human or business who is legally on the hook. Each link carries a parent_delegation_id, a scope (which must attenuate the parent’s — never exceed it), and a signature from the delegator. The chain is the answer to “who authorised this?” in seconds, not a Slack thread.

Why it matters. Modern systems do not just authenticate users. They delegate authority across humans, companies, agents, APIs, wallets, workflows, and payment rails. KYE makes acting on behalf of explicit, scoped, state-aware, revocable, and auditable. This is the layer OAuth, OIDC, and SPIFFE leave to ad-hoc app code.

Schema
https://kyeprotocol.com/schemas/delegation.json
Endpoints
POST /v1/delegations · GET /v1/delegations/{id} · POST /v1/delegations/{id}:revoke · GET /v1/graph/authority-path
Decision role
Every authorize call walks the chain to verify continuity from acting agent to root principal. Break in the chain → deny: chain_broken.
Audit event
delegation.issued · delegation.revoked · delegation.expired

Open-banking flow:

  1. Account holder grants the TPP a delegation: “initiate payments on my behalf, ≤ €1,000 single, ≤ €10,000 monthly.”
  2. TPP sub-delegates an attenuated scope to its AI finance agent: “EUR only, EU corridors, prepare-and-stage; final submit requires human approval > €500.”
  3. AI agent prepares a payment. The KYE ePDP walks: agent → TPP → account holder. Every link is signed; every scope attenuates. The bank receives a payment intent with the full chain attached.
  4. ASPSP verifies the chain offline using public keys; pays the rail or denies with a reason code.
Primitive 3 / 6

tune Authority — scope-bound, revocable, recursive.

Definition. An authority grant declares what an actor may do, over what resource, under what conditions, until when. Authority is bound to a delegation chain (on-behalf-of) so it always traces to a root principal. Authority is recursively revocable: revoke a parent and the cascade kills every child grant in < 1 second.

Schema
https://kyeprotocol.com/schemas/authority-grant.json
Endpoints
POST /v1/authority-grants · GET /v1/authority-grants/{id} · POST /v1/authority-grants/{id}:revoke · POST /v1/runtime/authorize
Decision role
The runtime authorize call returns one of three decisions backed by Authority: allow_with_constraints · require_approval · deny. Every decision carries the obligations the caller must honour.
Audit event
authority.granted · authority.exercised · authority.revoked · authority.cascade_revoked

Open-banking example.

  • Authority: payment_initiation; Scope: EUR ≤ €1,000; Conditions: SCA satisfied at edge; Until: 90 days.
  • If the holder revokes consent at minute 0, the cascade kills every authority + every downstream agent grant by minute 0:00.4. The PISP cannot keep transacting on a stale consent.
Primitive 4 / 6

filter_alt Scope — parameter-level, attenuable.

Definition. Scope is the parameter-level constraint set on an authority. Not a single “can transact” flag — structured fields: amount.max, currency.allowlist, corridor.allowlist, beneficiary.first_time, time_window, approval.threshold. Attenuation invariant: a child’s scope MUST be a subset of its parent’s. Enforced by the protocol, not the policy bundle.

Schema
https://kyeprotocol.com/schemas/scope.json
Endpoints
POST /v1/scopes · POST /v1/scopes:attenuate · POST /v1/scopes:check-subset
Decision role
Every authorize call evaluates whether the request is inside the active grant’s scope. Outside → deny: scope_attenuation_violation.
Audit event
scope.created · scope.violated

Open-banking example.

  • Holder grants TPP scope {amount.max: 1000, currency: ["EUR"], corridor: ["SEPA"]}.
  • TPP attenuates for the AI agent to {amount.max: 500, currency: ["EUR"], beneficiary.first_time: false}. Protocol verifies the child is a subset; rejects any agent grant claiming €2,000 (would exceed parent).
Primitive 5 / 6

timeline State — six dimensions, point-in-time replayable.

Definition. Every KYE entity carries six state dimensions, each independently versioned: lifecycle (created/active/quarantined/tombstoned), authority (granted/exercised/revoked), delegation (issued/expired), credential (valid/rotated/revoked), recovery (normal/break-glass/restored), risk (telemetry-derived posture). The runtime evaluates state at the moment of decision — auditors replay the same point-in-time state offline.

Schema
https://kyeprotocol.com/schemas/state-composition.json · https://kyeprotocol.com/schemas/state-composition.json
Endpoints
GET /v1/entities/{id}/state · GET /v1/entities/{id}/state:at-time · POST /v1/state-transitions
Decision role
The PDP composes all six state dimensions into a single decision input. Mismatch (e.g. credential rotated mid-flight) → deny: state_mismatch.
Audit event
state.transitioned · state.replayed

Open-banking example.

  • At T+0, account holder revokes consent. State transitions: authority.revoked on the TPP grant, cascade fires.
  • At T+0:00.5, AI agent attempts a payment. PDP evaluates state at T+0:00.5 — deny: authority_revoked. The decision is replayable: at T+30 days an auditor evaluates state “as of” T+0:00.5 and gets the same answer.
Primitive 6 / 6

verified Audit — signed evidence, public-key verifiable.

Definition. An append-only, hash-linked audit chain. Every authorise call, every state transition, every signal cascade emits a signed audit event. Bundles project to Evidence Packs — the artefact a regulator, court, auditor, or dispute panel verifies offline using public keys alone. No read-access to your runtime required.

Schema
https://kyeprotocol.com/schemas/audit-event.json · https://kyeprotocol.com/schemas/evidence-pack.json · https://kyeprotocol.com/schemas/proof-bundle.json
Endpoints
POST /v1/audit/events · GET /v1/proof-bundles/{id} · GET /v1/decisions/{id}/map · POST /v1/oscal/export
Decision role
The runtime emits a signed Decision Map per authorise call: actor → principal → delegation → capability → authority → scope → state → policy → decision → audit → evidence.
Audit event
audit.appended · evidence_pack.exported · decision.replayed

Open-banking example.

  • Every TPP→AI→ASPSP transaction emits the full chain to the audit log: consent granted, scope attenuated, payment intent, decision, rail confirmation, settlement.
  • 30 days later, a complainant disputes the €420 payment. The bank pulls the Evidence Pack; the regulator verifies the chain with the public keys it already holds for each party. No spreadsheets, no SQL.
Where to go next

Adjacent reading.

code Developer quickstart → architecture Protocol overview lightbulb Use cases (incl. open banking) menu_book Vocabulary checklist Readiness self-test

Ready to see your AI agents flagged?

Start in shadow mode. We’ll deliver your first Evidence Pack in 4–8 weeks.

rocket_launch Apply for pilot → science Try the sandbox →