Skip to content
On-demand recording | SAP IdM End of Life: Migration Without Disruption | With Deloitte · 60 min Watch recording
Standards & Compliance

Built on Open Standards

Every protocol choice is deliberate — designed for interoperability, partner integration, and long-term defensibility. No proprietary lock-in.

Security architects CISOs & compliance leads Auditors & risk teams

Core Standards

OpenID AuthZEN 1.0

Authorization · Final Specification (Jan 2026)

Policy evaluation API for interoperable authorization. EmpowerNow's PDP implements AuthZEN with constraints, obligations, and TTL extensions. Single PDP surface for LLMs and tools.

Learn more →

Model Context Protocol (MCP)

Agent Integration · Living Spec (Agentic AI Foundation)

Anthropic's protocol for AI agent tool integration. EmpowerNow natively publishes governed MCP tools from any connector action, with policy-scoped discovery, schema pinning, and runtime authorization.

Learn more →

OAuth 2.1

Authentication · Internet-Draft

Modern OAuth with mandatory PKCE and refresh rotation. EmpowerNow's credential isolation builds on OAuth 2.1 for three-zone trust boundaries.

Learn more →

OAuth 2.0 DPoP (RFC 9449)

Token Security · Final RFC (Sep 2023)

Demonstration of Proof-of-Possession binds tokens to the client that requested them. JKT binding on delegation edges prevents token theft and replay.

Learn more →

Rich Authorization Requests (RFC 9396)

Authorization · Final RFC (May 2023)

Fine-grained capability expression beyond OAuth scopes. Enables per-operation constraints — budget caps, velocity limits, time windows — in authorization requests.

Learn more →

Token Exchange (RFC 8693)

Delegation · Final RFC (Jan 2020)

Secure delegation chains for agent-on-behalf-of-user flows. Enables user → agent → tool identity chaining with verifiable delegation.

Learn more →

SCIM 2.0

Provisioning · Final RFC

Standard provisioning protocol. EmpowerNow's SAP IAS connector implements full SCIM 2.0 with 70 MCP-enabled tools for user, group, and entitlement management.

Learn more →

HTTP Conditional Requests (RFC 9110)

Workflow · Final RFC (Jun 2022)

Workflow state versioning via ETag/If-Match. WAITING contracts use 412 Precondition Failed on mismatch for optimistic concurrency control.

Why standards matter

Architecture decisions that protect your investment

Partner-Deployable

Standards-based architecture means partners (Deloitte, Accenture, SIs) can deploy and operate without proprietary training.

OEM-Embeddable

AuthZEN-compliant PDP and MCP-native tools can be embedded into partner platforms with clean integration boundaries.

Future-Proof

Open standards outlast vendor lock-in. EmpowerNow's architecture is built to evolve with the standards ecosystem, not against it.

OWASP LLM Top-10 Mapping

How ARIA maps controls to each documented LLM risk

OWASP Risk ARIA Control Component Residual Risk
LLM01: Prompt Injection Egress allowlist, classification policies ARIA Shield Advanced jailbreaks may evade
LLM02: Insecure Output Handling Data scope row filtering, redaction (x-redact) Backend + Policy Complex output requires review
LLM04: Model Denial of Service Streaming caps, rate limits, HTTP 402 ARIA Shield Distributed attacks require upstream
LLM05: Supply Chain Schema pins (Pin JWS), MCP server verification MCP Gateway + Edge/Signer Compromised upstream servers
LLM06: Sensitive Info Disclosure Prompt redaction, data_scope, receipts ARIA Shield + Policy Inference attacks on outputs
LLM07: Insecure Plugin Design Parameter allowlists, egress pinning, schema validation MCP Gateway Tool implementation vulnerabilities
LLM08: Excessive Agency Capability limits, plan discipline, delegation model Delegation + MCP Gateway Within-scope misuse
LLM09: Overreliance User-in-loop for high-risk, approval obligations PDP + Policy Automation bias

LLM03 (Training Data Poisoning) and LLM10 (Model Theft) are provider responsibilities and out of ARIA's scope.

MITRE ATLAS Mapping

AI-specific threat framework coverage

ATLAS Tactic ARIA Defense Enforcement Layer
Resource Hijacking Budget caps, rate limits, HTTP 402 enforcement PDP + ARIA Shield
ML Model Access Delegation + per-operation capabilities Membership Graph
Evade ML Model Schema pins prevent tool drift MCP Gateway
Exfiltration via AI Egress allowlist, data scope row filtering ARIA Shield + Policy
Impact / Abuse Signed receipt chains (tamper-evident audit) Receipt Vault

Selected ATLAS tactics relevant to agent-based AI systems. Full ATLAS coverage requires additional application-layer and provider-side controls.

EU AI Act Compliance

Regulation 2024/1689 — GPAI provider obligations entered force August 2025; full enforcement from August 2026

AI Act Requirement ARIA Implementation Component
Transparency (Article 53) Policy snapshots in receipts, SSC evidence digests Receipt Vault, Approval Engine
Technical Documentation Tool schema versioning, MCP catalog, param_schema Edge/Signer, Membership
Traceability of Decisions Signed receipts with decision_id, policy_hash, workflow fingerprints Receipt Vault, PDP
Logging & Retention (Annex IV) Tamper-evident receipt chains, WORM storage (S3 Object Lock) Receipt Vault, Analytics
Risk Management (Article 9) Classification, constraints, dual PEP enforcement, SSC risk banding ARIA Shield, MCP Gateway, PDP
Human Oversight (Article 14) Approval obligations, consent flows, requires_human enforcement PDP, Approval Engine
Accuracy & Robustness Schema pins prevent drift, parameter validation MCP Gateway, Edge/Signer
Record Keeping (Annex IV) Receipts with 6+ year retention option Analytics + S3 Object Lock
Audit Trail Integrity Per-agent hash chains, state versioning, idempotency tracking Receipt Vault, Workflow API

ARIA does not claim blanket AI Act compliance. Obligations vary by role (provider, deployer, integrator) and risk classification. Legal review remains necessary.

Threat-to-Control Reference

Quick lookup for security architects

Tool tampering / rug-pull
Cryptographic schema pins (Pin JWS)
MCP Gateway + Edge/Signer
Budget overrun
Pre-check + stream-time caps + HTTP 402
PDP + ARIA Shield
Confused deputy
First-class Delegation records with per-user scope
Membership Graph
Audit tampering
Signed hash-chained receipts (RS256 JWS)
Receipt Vault
Schema drift outage
Grace periods (current + previous version)
MCP Gateway + Edge/Signer
Excessive agency
Capability limits, plan discipline
Delegation + MCP Gateway
OAuth token theft
Token non-exposure (server-side only)
OAuth Vault
Workflow race conditions
State versioning (If-Match/ETag per RFC 9110)
Workflow API
Duplicate execution
Idempotency-Key deduplication (IETF draft)
Workflow API
Honest Scoping

Residual Risks

ARIA mitigates authorization and governance risks. The following remain provider or application responsibilities: model training security, advanced prompt jailbreak defense, tool/API implementation vulnerabilities, distributed denial-of-service attacks, and inference attacks on model outputs.

Deploy ARIA as part of defense-in-depth alongside provider-side protections (Azure Content Safety, OpenAI Moderations) and application security.

Patent Portfolio

U.S. patent applications pending

63/798,201 Systems and Methods for Graph-Anchored Attribute-Based Access Control
63/798,682 Zero-Shot AI Workflow Engine
63/799,014 Universally-Pluggable Agentic Workflow Engine

All filed May 2025. Patent pending.

Related pages

Go deeper on the architecture behind these standards

AuthZEN PDP

Single PDP for UI, API, and agent authorization

MCP Gateway

Schema pinning, plan discipline, signed receipts

Proof Chain

Four-layer evidence packs and hash chaining

Logs vs Receipts

Why observability is not proof

See standards-based governance in action

Walk through AuthZEN authorization, MCP tool governance, and cryptographic receipts on your environment.

Request a Demo Explore Platform