CONSENT
draft-kya-consent-01
Human-in-the-loop authorization.
Explicit approval before delegation.
Informed consent by design.
1. Consent Model
Every delegation requires explicit human consent. The human understands what they're authorizing. No hidden scopes. No silent escalation.
Human reviews: ↓ Agent identity (who) ↓ Requested scopes (what) ↓ Duration and constraints (when/how) ↓ Explicit approval Delegation created
2. Consent Request
{
"agent": {
"did": "did:key:z6Mk...",
"name": "Assistant Alpha",
"operator": "https://example.com"
},
"scopes": [
"calendar:read",
"email:send"
],
"duration": 3600,
"constraints": {
"maxInvocations": 100
}
}
3. Consent UI Requirements
Consent interfaces MUST:
1. Display agent identity clearly 2. List all requested scopes in plain language 3. Show duration and constraints 4. Require explicit action (not default-on) 5. Allow scope modification before approval 6. Provide clear reject option 7. Log consent for audit
4. Consent Response
{
"approved": true,
"scopes": ["calendar:read", "email:send"],
"duration": 3600,
"constraints": {
"maxInvocations": 100
},
"consentTimestamp": "2025-01-29T12:00:00Z",
"consentMethod": "interactive",
"userDid": "did:pkh:eip155:1:0x..."
}
5. Consent Revocation
Humans can revoke consent at any time.
Revocation immediately invalidates the delegation.
Agents MUST check delegation status before each action.
6. Implementation
Reference implementation:
npm install @kya-os/consent <kya-consent agent="did:key:z6Mk..." scopes="calendar:read,email:send" duration="3600" />