OASP
Spec Schemas GitHub
Home / Identity & Audit
// identity & audit

Who did what, as whom, when.

OASP treats identity and audit as part of the protocol, not a layer bolted on top. Scopes at every level, an IdP-agnostic Principal contract, on-behalf-of with scope-pinned containment — and an audit trail that is a conformance requirement.

normative

Every conformant Server MUST emit AuditEvents. Audit is not optional.

// scopes

Five scope dimensions. N at every level.

A Principal is placed by five independent dimensions — and can hold many values in each. Access composes across them; nothing is a single flat tenant id.

The model is a shape, not a schema for your IdP — you map your existing groups, roles, and tenancy onto it.

Principal scope each dimension: 0..N values
tenant 0..N acme
workspace 0..N field-ops
user 0..N alc
group 0..N dispatch supervisors
role 0..N operator
// claims contract

IdP-agnostic. OIDC-mappable.

The Principal claims contract says what a Principal must assert — not where it came from. A subject, its scopes, and a claims bag you populate from your identity provider.

OIDC is the common case and maps cleanly, but nothing in OASP is bound to it. Bring SAML, an internal directory, or a machine-identity system — the contract is the same.

Principal {
id: "prn_9x4",
sub: "user:alc", // IdP-agnostic subject
scopes: {
tenant: ["acme"],
workspace: ["field-ops"],
user: ["alc"],
group: ["dispatch", "supervisors"],
role: ["operator"]
},
claims: { // OIDC-mappable
iss: "https://idp.acme.example",
email_verified: true
}
}
// on-behalf-of

Agents act for people — inside a boundary.

When an agent acts on a user’s behalf, it carries a Credential pinned to a scope it cannot exceed. Delegation is explicit, bounded, and auditable.

containment — scope-pinned
tenant = acme · workspace = field-ops
Principal
prn_9x4
user:alc
on-behalf-of
Principal · agent
prn_agent_31
acts for alc
workspace = finance denied — exceeds containment
Credential {
principal: "prn_agent_31",
onBehalfOf: "prn_9x4", // acting for the user
containment: { // cannot exceed
tenant: ["acme"],
workspace: ["field-ops"]
},
expires: "2026-07-09T18:22:00Z"
}
// audit as conformance

The audit trail is part of the protocol.

In most systems, audit is a feature someone remembers to add. In OASP it is a conformance requirement: a conformant Server MUST emit an AuditEvent for every consequential action.

The result: “what did the agent do, as whom, when” is answerable by any implementation that passes the kit — a property a regulated-sector evaluator can rely on before choosing a vendor.

actor on-behalf-of action target session lineage timestamp
AuditEvent { // normative
id: "aud_04b9",
ts: "2026-07-09T17:04:12.882Z",
actor: "prn_agent_31",
onBehalfOf: "prn_9x4",
action: "conversation.migrate",
target: "conv_7Q2f",
session: { from: "sess_a", to: "sess_b" },
result: "ok"
}