Academy Glossary
Glossary for verifiable authority in agentic systems.
Use this page as a companion reference while moving through the Academy. It translates the recurring Mandaitor, identity, authorization, evidence, and governance terms into practical language for learners, reviewers, and builders.
The Academy introduces ideas from identity standards, verifiable credentials, runtime authorization, protocol-based tool use, and AI risk management. The W3C DID Core specification defines decentralized identifiers as URI-based identifiers whose associated DID documents can express verification methods and services.1 The W3C Verifiable Credentials Data Model describes a model for tamper-evident claims exchanged between issuers, holders, and verifiers.2 The Model Context Protocol provides a common way for applications to connect language models to external tools and context, which makes explicit authorization boundaries increasingly important.3 NIST's AI Risk Management Framework frames AI governance as a socio-technical risk discipline rather than a purely technical checklist.4
This glossary keeps those background ideas close to Mandaitor's product vocabulary. It is intentionally shorter than an API reference: each entry explains what the term means, why it appears in the Academy, and where to go next for deeper reading.
| Use case | How to use the glossary |
|---|---|
| First-time learner | Keep this page open while reading the beginner and identity lessons, especially when terms such as mandate, delegate, verifier, and credential appear together. |
| Builder or architect | Use the runtime and evidence entries to align mental models before reading implementation guides for mandate creation, verification, and agent registry integration. |
| Reviewer or governance stakeholder | Use the evidence and governance entries to connect dashboard signals, evidence packs, audit events, and escalation paths to real control objectives. |
Authority and delegation
Authority
Read moreThe bounded right to perform an action on behalf of another party. In Mandaitor, authority should be explicit, inspectable, and limited to a defined action context.
- Academy use
- Authority is the central question behind the Academy: can an agent prove it is allowed to act before it uses a tool or business system?
- Related terms
- Mandate, Principal, Delegate, Scope
Mandate
Read moreA digital, verifiable record of delegated authority. It connects who grants authority, who receives it, what action is allowed, and which constraints apply.
- Academy use
- Mandates are the Academy's main object for turning informal permission into a runtime-verifiable authority boundary.
- Related terms
- Principal, Delegate, Scope, Constraints, Proof-of-Mandate
Principal
Read moreThe person, organization, service, or legal entity that owns the authority and grants it to another actor.
- Academy use
- The principal is the source of delegation. A mandate has no business meaning unless the principal is understood and trusted.
- Related terms
- Delegate, Subject, Mandate
Delegate
Read moreThe actor that receives authority from the principal. In agentic systems this is often an AI agent, service account, workflow, or automation layer.
- Academy use
- The delegate is the actor whose action must be checked before execution, especially when it can call tools, APIs, or operational systems.
- Related terms
- Principal, Agent, Mandate
Scope
Read moreThe exact action and resource boundary of a mandate. Scope answers what the delegate may do and where that permission applies.
- Academy use
- Scope keeps authorization narrow enough for runtime verification and later review instead of relying on broad platform access.
- Related terms
- Action, Resource, Taxonomy, Constraints
Constraints
Read moreAdditional limits that control when and how a mandate is valid, such as time windows, financial limits, rate limits, approval rules, or escalation thresholds.
- Academy use
- Constraints explain why a credential or mandate may be technically valid but still not acceptable for a specific runtime action.
- Related terms
- Scope, Lifecycle state, Human escalation
Taxonomy
Read moreA structured vocabulary for domain-specific actions and resources. It gives mandate scopes a shared language instead of free-form permission text.
- Academy use
- Taxonomies help teams define reusable action names, resource patterns, and policy boundaries for a specific industry or workflow.
- Related terms
- Scope, Action, Resource
Identity and proof
Decentralized Identifier (DID)
Read moreA standards-based identifier that can be associated with verification material without depending on a single centralized identity provider.
- Academy use
- DIDs help the Academy explain how an agent, organization, or service can have a stable identity that can be resolved and verified.
- Related terms
- DID document, Verification method, Subject
DID document
Read moreThe document associated with a DID. It commonly contains verification methods, service endpoints, and metadata needed to interact with or verify the DID subject.
- Academy use
- The DID document bridges an identifier and the verification material needed to decide whether a signature or credential should be accepted.
- Related terms
- DID, Verification method, Trust chain
Verifiable Credential
Read moreA tamper-evident digital statement made by an issuer about a subject. A verifier can check the credential's integrity and issuer context.
- Academy use
- Verifiable credentials explain how claims about mandates, authority, identity, or status can become portable proof artifacts.
- Related terms
- Issuer, Holder, Verifier, Claim, Presentation
Claim
Read moreA specific statement inside a credential, such as an agent identity, allowed action, mandate identifier, status, or issuance timestamp.
- Academy use
- Claims are the data points reviewers and systems inspect when deciding whether a proof says what it appears to say.
- Related terms
- Credential, Presentation, Selective disclosure
Presentation
Read moreA package of credential material shown to a verifier. A presentation may reveal all claims or only selected claims depending on the disclosure model.
- Academy use
- Presentations connect credential theory to the practical question of what proof a reviewer, partner, or system receives.
- Related terms
- Credential, Verifier, Selective disclosure
Trust chain
Read moreThe sequence of issuers, keys, registries, policies, and business decisions that explain why a verifier should accept a proof.
- Academy use
- Trust chains help learners separate cryptographic validity from the broader decision that a proof is appropriate for a business context.
- Related terms
- Issuer, Verifier, DID document, Credential status
Runtime authorization and evidence
Runtime verification
Read moreThe act of checking a proposed action at the moment an agent or service wants to perform it, rather than only reviewing permissions beforehand or logs afterward.
- Academy use
- Runtime verification is the control point where mandate scope, constraints, lifecycle state, and request context are evaluated before execution.
- Related terms
- Verification decision, Mandate, Constraints
Verification decision
Read moreThe result of a runtime authorization check, such as allowing, denying, or requiring escalation for a proposed action.
- Academy use
- Verification decisions teach learners that authorization should produce a reasoned outcome, not merely a silent technical pass or failure.
- Related terms
- Runtime verification, Reason code, Evidence pack
Proof-of-Mandate
Read moreA cryptographically secured evidence artifact showing that a specific action was authorized by a valid mandate at a specific time.
- Academy use
- Proof-of-Mandate is the bridge between runtime authorization and later auditability, because it preserves why a specific action was allowed.
- Related terms
- Mandate, Verifiable Credential, Audit event, Evidence pack
Audit event
Read moreA recorded event that captures something important in the mandate or verification lifecycle, such as creation, status change, verification, denial, or evidence generation.
- Academy use
- Audit events are the raw timeline that evidence packs, dashboards, and governance reviews rely on.
- Related terms
- Audit trail, Evidence pack, Compliance dashboard
Evidence pack
Read moreA review package that organizes proofs, audit events, decisions, reason codes, and context so a human or downstream system can understand what happened.
- Academy use
- Evidence packs turn runtime authorization into reviewable operational evidence for security, compliance, customer support, and dispute resolution.
- Related terms
- Proof-of-Mandate, Audit event, Compliance dashboard
Selective disclosure
Read moreA proof pattern where only selected claims are revealed while hidden claims remain protected without breaking verification.
- Academy use
- Selective disclosure helps explain how Mandaitor can support auditability while reducing unnecessary exposure of sensitive identifiers or tenant data.
- Related terms
- Presentation, Credential, Proof-of-Mandate
Governance and adoption
Compliance dashboard
Read moreA product surface that summarizes mandate status, verification outcomes, evidence availability, and review signals for teams responsible for oversight.
- Academy use
- The dashboard lesson teaches that summarized status must always connect back to proof, reason codes, and underlying evidence.
- Related terms
- Evidence pack, Audit event, Governance control
Governance control
Read moreA policy, procedure, system check, reviewer action, or escalation path that reduces operational, security, legal, or compliance risk.
- Academy use
- Governance controls connect Mandaitor's technical evidence to risk owners who need accountable decisions, not just logs.
- Related terms
- Human escalation, Evidence pack, AI risk
Human escalation
Read moreA control path where a request is paused, routed, or reviewed by a person because policy, risk, confidence, or business context requires human judgment.
- Academy use
- Human escalation reminds learners that verifiable automation should support accountable operations rather than remove all human responsibility.
- Related terms
- Constraints, Governance control, Verification decision
Lifecycle state
Read moreThe current status of a mandate or proof-relevant object, such as active, pending approval, suspended, revoked, or expired.
- Academy use
- Lifecycle state matters because an otherwise well-formed mandate should not authorize action when it is no longer active for that context.
- Related terms
- Mandate, Constraints, Compliance dashboard
Product adoption path
Read moreA staged route for moving from conceptual understanding to a bounded Mandaitor evaluation, integration plan, operational review, and broader rollout decision.
- Academy use
- The adoption path helps prospects and implementation teams turn Academy concepts into a concrete first use case and evaluation checklist.
- Related terms
- Development status, Governance control, Evidence pack
How this glossary relates to the rest of the docs
The glossary is a learning aid, not a substitute for implementation guidance. When you need step-by-step product instructions, move from the term to the corresponding concept page, guide, or API reference. When you need business interpretation, move from the term back into the Academy lesson that teaches the decision context.