ifp

← Garden Patch Home · Patterns

• is_a::[[Pattern Form]]
• has_status::[[Seed Stage]]
• in_domain::[[Self-Sovereign Identity]]

Three-Part Enforcement Stack

Context

Digital identity systems claim to serve users but lack mechanisms to enforce that claim. Agency law defines duties ([[Principal Authority as Agency Law for Digital Identity]]) and predicates encode authority chains ([[Authority Conferral Chain]]), but neither legal definitions nor technical encodings alone produce accountability.

Forces

• Legal duties without technical enforcement are nominal — platforms violate duties with no structural consequence.
• Technical delegation without legal grounding is unaccountable — cryptographic tools enforce rules but cannot define rights.
• Legal duties and technical enforcement without exit rights produce lock-in — the user has rights they cannot exercise because leaving is prohibitively costly.
• Each layer appears sufficient in isolation but fails without the others.

Solution

Accountability requires all three layers operating together:

Legal duties (agency law and fiduciary obligations) — Define what agents owe principals. The five agency duties (specificity, responsibility, representation, fidelity, disclosure) set the standard. Wyoming SF0039 makes this statutory for digital identity.

Technical delegation mechanisms (cryptographic enforcement of scope, revocation, auditability) — Encode authority boundaries in the system architecture. The BCR-2026-xxx predicates (conferralScope, conferralConstraints) make boundaries machine-readable. Revocation is a technical operation, not just a legal right.

Anti-lock-in design (choice architecture ensuring real alternatives and proportionate exit costs) — Guarantee that revocation is practically available, not just theoretically possible. Data portability, interoperable standards, and reasonable exit costs make the right to revoke meaningful.

Consequences

Diagnosing a system requires checking all three layers:

• If legal duties exist but no technical enforcement: consent theater. Users sign terms of service that platforms ignore structurally.
• If technical enforcement exists but no legal framework: autonomous systems with no accountability path. Smart contracts without legal recourse.
• If both exist but exit is prohibitively costly: gilded cage. Rights on paper, lock-in in practice.

The stack also applies to principal-agent relationships in augmentation systems. An AI agent with rules (legal/policy), technical constraints (sandboxing, approval gates), and replaceable tooling (no vendor lock-in) satisfies all three layers. Remove replaceability and the user depends on a system they cannot leave.

Sources

• Christopher Allen, “Principal Authority” (2021) — integration equation
• Wyoming SF0039-2021 — legal layer
• BCR-2026-xxx — technical layer predicates
• Chat archive: principle-authority.md — extended discussion of enforcement layers

Relations

• depends_on::[[Principal Authority as Agency Law for Digital Identity]]
  • The legal layer draws its duties from the agency law framework.
• depends_on::[[Authority Conferral Chain]]
  • The technical layer uses the predicate vocabulary for encoding boundaries.
• relates_to::[[Human Authority Over Augmentation Systems]]
  • The stack applies to knowledge work augmentation systems, not only digital identity.
• relates_to::[[Auditable Intermediaries Over Silent Proxies]]
  • Mandatory relay tracing in IFP is the technical enforcement layer in this three-part accountability stack.

This site is open source. Improve this page.