LFDT Phoenix: From Identity-First to Authority Continuity

We built security around identity, tokens, and roles. It was never quite right, capability theorists knew this decades ago. AI agents just made the cracks impossible to ignore. This is the moment to correct the model. We will reason from first principles. What identity is. What an identifier is. What authority actually is, not a token you hold, but a continuous property of execution that can only shrink, never expand. Why confused deputy and privilege escalation are not edge cases. They are the structural outcome of building on possession. We will work through the real delegation cases that break every IAM system built today, defined by Alan Karp, who has spent decades mapping them. Delegation and attenuation. Chained delegation across organizations. Revocation, including the hard case where you need to revoke someone you never delegated to directly. The confused deputy, known since 1988, still appearing in every generation of systems. Seven aspects of sharing that people rely on in the real world and that no identity-based, role-based, or attribute-based system handles correctly. The use cases are here: alanhkarp.com/UseCases.pdf We will then explore how authority continuity changes everything. Moving from identity-first to an intent and execution model means authority is anchored at the origin, flows through a verifiable chain, and cannot be expanded, stolen, or reinterpreted at any hop. AI agents are the opportunity we did not expect. Authority continuity is the correction we always needed.