New DTF framework replaces standing credentials with proof-based AI agent authorization

The paper addresses a critical flaw in modern cloud and enterprise systems: their reliance on identity-centric authorization, which assumes that callers with valid credentials are safe to execute commands. Autonomous AI agents break this assumption by generating syntactically valid but semantically unsafe actions. The authors introduce a Distributed Trust Framework (DTF) that shifts authorization from standing identity to proof-derived authority. DTF introduces a Justification Proof — a structured artifact encoding why an action is admissible — which must be independently validated through a consensus model before execution can proceed. Once approved, an ephemeral Execution Identity is derived from the proof, and the entire authorization lifecycle is recorded in an append-only Evidence Chain.

Under the proposed architecture, no high-stakes execution happens without a proof object, no derived authority exists without consensus, and no valid mutation occurs detached from evidence. The framework is instantiated over an OpenKedge-based governed mutation substrate and maps onto cloud-native environments. This approach makes agentic execution governable, auditable, and bounded — especially crucial for sovereign AI systems interacting with regulated data, financial workflows, and national-scale digital services. By eliminating standing privileges and replacing them with verifiable, distributed, and replayable authorization artifacts, DTF provides an infrastructure foundation for safe autonomous agent operations.