Claim Authorization Architecture Specification

RFC Set 0001–0006 • Public Draft

This document is the technical specification for Ontic Labs' Claim Authorization Architecture (CAA). It is intended for architects, security teams, and integrators who need the precise semantics behind the Reality Fidelity concepts described elsewhere on this site.

Canonical Ontology & Claim Authorization RFCs

RFC-0001: Canonical Ontology Objects (COO)

Defines the structure and requirements for representing real-world entities before authoritative claims can be made. Key interfaces: • OntologyObject — identity, state dimensions, authority requirements • StateAxis — dimensions of state (enum, range, validated_free) • RequiredStateLogic — always required, value constraints, conditional requirements • AuthorityRequirements — oracle usage, verification methods

RFC-0002: Interaction & State Negotiation Protocol

Details how the system interacts with users when required state is missing or ambiguous. Status codes: • AUTHORIZED — all required state present, provenance verified • REQUIRES_SPECIFICATION — missing required state • AMBIGUOUS_MAPPING — multiple valid interpretations • UNRESOLVABLE — cannot determine required state Inferred State Rule: Explicit user confirmation required for inferred state in sensitive domains.

RFC-0003: Oracle & Verification Model

Specifies how external reality is referenced and verified. Oracle types: • Database — verified external data source • Standards document — regulatory or industry standard • Human lock — explicit human confirmation • Telemetry — real-time measurement Requirements: Every authoritative output must declare oracle reference, verification method, and resolution layer.

RFC-0004: Drift Detection & Versioning

Focuses on preventing silent degradation of safety over time. Mandates: • Versioning of ontology objects • Invalidation of cached authorizations upon schema changes • Drift detection tests to challenge minimal state definitions • Audit trails for schema evolution

RFC-0005: Proposal & Authorization Envelope

Separates proposal generation from authority granting. AuthorizationEnvelope types: • measurement — verified quantitative output • narrative — explanatory content without authority • refusal — explicit rejection with reason • dispute_summary — conflicting oracle resolution Clients must explicitly handle each variant.

RFC-0006: Fallback & Degraded Modes

Maintains usability without leaking authority. Modes: • NARRATIVE_ONLY — can explain, cannot emit authoritative claims • CANNED_RESPONSE_ONLY — pre-approved responses only Grammar constraints on narrative output: • Attributive language required • No definitive classifications • Streaming rule: sentences not rendered until authorization status cleared

Adversarial Test Requirement

All implementations must pass the Ontic Adversarial Prompt Suite to prevent:

Prompt injection attacks
Fictional wrapper attacks
Adjective smuggling ("safe", "standard", "best")
Semantic coercion
Narrative smuggling
JSON protocol injection
Streaming race conditions

For the complete specification with code examples and test cases, contact enterprise or view the architecture overview.