Glossary — 50 terms for the AI-era IAM team

If your team can't define "delegation token," your agents can't be trusted. Fifty terms. One canonical definition each. Read top to bottom or jump in.

Identity primitives

DID (Decentralized Identifier). A self-sovereign identifier resolvable to a public key, controlled by the human, not the platform. VC (Verifiable Credential). A signed claim about a subject, issued by an authority, presentable selectively. SSI (Self-Sovereign Identity). An architecture where humans own their identity outright. PoP (Proof of Personhood). Cryptographic evidence that an account is a unique human. PoHW (Proof of Human Work). Continuous attestation of attributable contribution.

Agents and delegation

Agent. An autonomous program acting on a human's behalf. NHI (Non-Human Identity). Any identity not bound to a human — service accounts, machine credentials, agent identities. Delegation token. A scoped, time-bound, signed authority granted by a human to an agent. Scope. The set of permitted actions in a delegation. TTL. Time-to-live; the expiry on a delegation. Magnitude cap. A spending or volume ceiling on a delegation. Audience. The set of relying parties allowed to accept the token.

Chains and attestation

Attestation chain. An ordered, verifiable sequence proving the path from a human action to a final output. Authored / Supervised / Directed. Three roles a human can play in an agent's output, with descending attestation strength. Work attestation. A signed claim that a specific work artifact was produced under a named human's involvement at a specific role.

Cryptography you'll meet

Ed25519. The default signature scheme for Manav delegations. ZK proof (zero-knowledge proof). A proof that reveals only what is necessary. Selective disclosure. Presenting a subset of credential claims without revealing others. BBS+ signatures. A signature scheme supporting selective disclosure natively. JWT / JWS / JWE. JSON Web Token / Signature / Encryption — formats Manav builds on.

Operations

Kill switch. A mechanism to halt all delegated agent activity instantly. Revocation latency. Time from "click revoke" to "all relying parties stop accepting." Manav target: under 200ms. Rotation. Replacing keys or credentials on schedule. Posture. The current security configuration of an identity. Drift. Unintended divergence between intended and actual posture.

Compliance

Article 14. The EU AI Act provision requiring human oversight of high-risk AI, enforceable today. Two-natural-person rule. Article 14's requirement that critical-system identifications be confirmed by two verified humans. Annex III. The list of high-risk AI use cases under the EU AI Act. DPDPA. India's Digital Personal Data Protection Act. eIDAS 2.0. EU regulation on electronic identification and trust services.

Standards

MCP (Model Context Protocol). Anthropic's open standard for AI tool integration; donated to the Linux Foundation's Agentic AI Foundation. x402. Coinbase's payment-protocol extension for agent-to-agent micropayments. ERC-8004. The Ethereum standard for AI agent identification on-chain. OAuth-AgentExt. The emerging OAuth profile for agent delegation. DID:web / DID:key / DID:manav. DID method namespaces.

Economics

$MANAV. The Manav protocol's utility token, earned through Proof of Human Work. Verification gas. Token consumed when an agent action is cryptographically verified. Trust staking. Locking tokens to amplify a Trust Score. Halving. The 2-year reduction in $MANAV emission rate. Fully Diluted Value (FDV). Token price × total supply.

Threats

Sybil attack. Operating many synthetic identities to game protocol rewards. Deepfake. AI-generated media impersonating a real person. Laptop farm. A facility hosting multiple devices used by remote operators with stolen identities. Proxy interview. A more-skilled stand-in taking an interview for a less-skilled candidate. Permission accretion. The unintended growth of granted permissions over time. Agent laundering. Misattributing agent output as human-authored work.

Verification methods

Liveness. Evidence that the human is present at the moment of verification. Behavioral biometrics. Identity cues from typing cadence, mouse movement, and gait. Hardware attestation. A signed claim from the device's secure element. Passkey. A FIDO2 credential bound to a device's secure element.

HATI itself

HATI. Human-Agent Trust Infrastructure — the cryptographic layer binding every agent action to a verifiable human principal. Manav. Sanskrit for "human"; the open protocol implementing all five HATI layers. Trust Score. A privacy-preserving, dynamic reputation derived from work attestations.

Each entry has its own page in the full glossary at /glossary. Each is internal-linked across the blog. Words matter. We picked these on purpose.

Common objections

Two objections come up across every conversation. Will the platform vendors ship this themselves? Some will, inside their boundary; none can ship the cross-platform shape, by their own architectural choice. Is the category too narrow to matter? It's the layer beneath every agent action — narrow looks broad once the wire bends.

Frequently asked questions

Why does this category not already exist? Because the failure mode it addresses is recent. The pre-agent enterprise could pretend the service account was the human; the agentic enterprise cannot. The category becomes named when the failure becomes regulator-visible, which is now.

Where does this end up in the standards stack? As a layer above OAuth and below the application. OAuth carried scoped delegation between services; this layer carries scoped delegation from a verified human to an agent. The IETF and W3C working groups are converging on the shape; the protocol that ships first sets the verbs.

What does adoption look like in practice? Quietly. The integrations are middleware, not platforms. Each vertical sees its specific compliance pain solved — healthcare gets Article 14, finance gets SOC 2 evidence, hiring gets continuous identity — and treats the underlying primitive as plumbing once it ships.

Where to start

Read what is hati next for the deeper architecture. Then seven layers of trust for the closest practical anchor. The mental model that holds those two together holds the rest of the site as well.

If you can't name the primitive, you can't audit the gap.