Deontic Policies for Runtime Governance of Agentic AI Systems
Pith reviewed 2026-06-26 21:07 UTC · model grok-4.3
The pith
AgenticRei applies deontic policies in OWL to enforce obligations, dispensations, and conflict resolutions for agentic AI systems outside the LLM.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
We propose AgenticRei, which realizes key governance requirements such as obligations, dispensations, policy conflict resolutions, and reasoning over policies, as well as the basic permit/prohibit constraints. We use a deontic policy language built on the Rei framework, expressed as OWL and evaluated at runtime by a high-performance logic engine entirely outside the LLM. The same pipeline governs both tool invocations by the agent and agent-to-agent messages.
What carries the argument
The deontic policy language built on the Rei framework and expressed in OWL, evaluated at runtime by an external logic engine that manages obligation lifecycles, dispensations, and meta-policy precedence.
If this is right
- The same policy pipeline applies uniformly to tool invocations and agent-to-agent messages.
- Governance constraints for security and privacy become expressible that current production engines such as XACML, Rego, and Cedar cannot state.
- Ontological reasoning over domain class hierarchies is available for applications including healthcare, cybersecurity, and data privacy.
- The approach composes directly with industry-standard frameworks such as A2AS.
Where Pith is reading between the lines
- Keeping evaluation outside the LLM could stop agents from bypassing rules through internal model outputs rather than external checks.
- Real-time policy auditing of agent actions against formal deontic rules becomes feasible for compliance reporting.
- The separation of policy logic from the model might allow policy updates without retraining or restarting the agents.
Load-bearing premise
The Rei framework can be extended to handle obligation lifecycle management, meta-policy conflict resolution, and dispensations while remaining practical to evaluate at runtime outside the LLM.
What would settle it
A concrete test case in which an agent triggers an obligation, meets a stated dispensation condition, and the external engine either still enforces the obligation or fails to apply the correct precedence among conflicting policies.
Figures
read the original abstract
Autonomous agentic AI systems driven by Large Language Models (LLMs) introduce a new class of security, privacy, and compliance challenges: an agent that can invoke tools, manipulate data, install software, and coordinate with peer agents across organizational boundaries must be constrained not just by authentication and access control, but by the full structure of enterprise governance. This includes specifying what agents are permitted and prohibited from doing, what they areobliged to do after certain actions (e.g., notify the CISO), under what conditions a standing obligation may be waived, and which rules take precedence when policies conflict. This governance problem exceeds what current policy engines provide. Systems such as XACML, Rego, and Cedar address only the permit/prohibit subset of this governance structure. They do not provide obligation lifecycle management, meta-policy conflict resolution, dispensations that waive obligations in specific circumstances, and ontological reasoning over domain class hierarchies commonly found in applications such as healthcare, cybersecurity, or data privacy. We propose AgenticRei, which realizes key governance requirements such as obligations, dispensations, policy conflict resolutions, and reasoning over policies, as well as the basic permit/prohibit constraints. We use a deontic policy language built on the Rei framework, expressed as OWL (Web Ontology Language) and evaluated at runtime by a high-performance logic engine entirely outside the LLM. The same pipeline governs both tool invocations by the agent and agent-to-agent messages. We show through examples that deontic policies capture governance constraints around security and privacy that mostly cannot be expressed in current production engines. Our approach composes naturally with industry-standard frameworks like A2AS.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript proposes AgenticRei, a runtime governance system for agentic AI that extends the Rei framework into a deontic policy language expressed in OWL. Policies are evaluated by a high-performance logic engine outside the LLM to enforce obligations, dispensations, meta-policy conflict resolution, ontological reasoning over class hierarchies, and basic permit/prohibit rules. The authors claim this addresses gaps in engines such as XACML, Rego, and Cedar, and that examples demonstrate expressiveness for security and privacy constraints not capturable elsewhere; the same pipeline is said to govern both tool calls and agent-to-agent messages while composing with A2AS.
Significance. If the claimed Rei extensions for obligation lifecycle management, dispensations, and conflict resolution can be realized in OWL and evaluated correctly and efficiently at runtime, the work would fill a recognized gap in policy languages for enterprise governance of autonomous agents. The design choice to keep evaluation entirely outside the LLM is a clear strength for auditability and reliability. No machine-checked proofs, reproducible code, or empirical evaluations are present to credit.
major comments (3)
- [Abstract] Abstract: the central claim that 'we show through examples that deontic policies capture governance constraints around security and privacy that mostly cannot be expressed in current production engines' is unsupported; the manuscript supplies neither the examples, the concrete policies, nor any comparison of expressiveness against XACML/Rego/Cedar.
- [Abstract] Abstract: no description is provided of the specific extensions to the Rei framework, the OWL axioms or rules added for obligation lifecycle management and dispensations, the chosen high-performance logic engine, or any conflict-resolution mechanics, all of which are required to substantiate the runtime evaluation claim.
- [Abstract] Abstract: the assertion that the approach 'realizes key governance requirements such as obligations, dispensations, policy conflict resolutions, and reasoning over policies' rests on an unshown implementation; without the OWL constructs or evaluation details, it is impossible to assess whether the weakest assumption (practical runtime use without performance or expressiveness failure) holds.
minor comments (1)
- [Abstract] Abstract: missing space in 'they areobliged'.
Simulated Author's Rebuttal
We thank the referee for the constructive comments on the abstract. We agree that greater specificity is needed to substantiate the claims and will revise the abstract accordingly.
read point-by-point responses
-
Referee: [Abstract] Abstract: the central claim that 'we show through examples that deontic policies capture governance constraints around security and privacy that mostly cannot be expressed in current production engines' is unsupported; the manuscript supplies neither the examples, the concrete policies, nor any comparison of expressiveness against XACML/Rego/Cedar.
Authors: We agree the abstract does not embed the examples or comparisons. The full manuscript supplies concrete OWL policies (e.g., obligation to notify after data access with dispensation under audit conditions) and shows they exceed the permit/prohibit scope of XACML, Rego, and Cedar. We will revise the abstract to include one brief policy example and a one-sentence expressiveness comparison. revision: yes
-
Referee: [Abstract] Abstract: no description is provided of the specific extensions to the Rei framework, the OWL axioms or rules added for obligation lifecycle management and dispensations, the chosen high-performance logic engine, or any conflict-resolution mechanics, all of which are required to substantiate the runtime evaluation claim.
Authors: The abstract summarizes rather than details the extensions. The manuscript specifies the Rei extensions in OWL (axioms for obligation states and dispensation conditions), the high-performance logic engine used for external evaluation, and meta-policy rules for conflict resolution. We will revise the abstract to name the engine and briefly characterize the added OWL constructs and conflict mechanics. revision: yes
-
Referee: [Abstract] Abstract: the assertion that the approach 'realizes key governance requirements such as obligations, dispensations, policy conflict resolutions, and reasoning over policies' rests on an unshown implementation; without the OWL constructs or evaluation details, it is impossible to assess whether the weakest assumption (practical runtime use without performance or expressiveness failure) holds.
Authors: We accept that the abstract does not display the OWL constructs or runtime metrics. The manuscript presents the OWL axioms realizing obligations, dispensations, and conflict resolution together with the external evaluation pipeline. We will revise the abstract to reference the relevant sections containing the constructs and evaluation approach. revision: yes
Circularity Check
No derivations or equations present; proposal does not reduce to its inputs
full rationale
The manuscript is a system proposal describing AgenticRei as an extension of the existing Rei framework expressed in OWL and evaluated externally. No equations, first-principles derivations, fitted parameters, or predictions appear in the abstract or described full text. The central claim is an engineering architecture whose correctness rests on concrete OWL axioms and runtime evaluation (not supplied here), not on any self-referential reduction. No load-bearing self-citations, ansatzes, or renamings are exhibited. This is the normal non-finding for a descriptive proposal paper.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption OWL-based deontic reasoning suffices for runtime policy evaluation outside the LLM
invented entities (1)
-
AgenticRei
no independent evidence
Reference graph
Works this paper leans on
-
[1]
Experiences of using agentic AI to fill tooling gaps in a security operations center,
K. Banstola, F. Al Faisal, and X. Ou, “Experiences of using agentic AI to fill tooling gaps in a security operations center,” inWorkshop on SOC Operations and Construction (WOSOC), co-located with NDSS 2026, 2026. [Online]. Available: https: //www.ndss-symposium.org/wp-content/uploads/wosoc26-02.pdf
2026
-
[2]
Open-source large language models in radiology: a review and tutorial for practical research and clinical deployment,
C. H. Savage, A. Kanhere, V . Parekh, C. P. Langlotz, A. Joshi, H. Huang, and F. X. Doo, “Open-source large language models in radiology: a review and tutorial for practical research and clinical deployment,” Radiology, vol. 314, no. 1, p. e241073, 2025
2025
-
[3]
Impostors among us: An agentic approach to identifying and resolving conflicts in collaborative network environments,
S. S. L. Chukkapalli, D. Ledbetter, A. Joshi, T. Finin, and J. Freeman, “Impostors among us: An agentic approach to identifying and resolving conflicts in collaborative network environments,” inIEEE Military Communications Conference, 2025
2025
-
[4]
A2AS: Agentic ai runtime security and self-defense,
E. Neelou, I. Novikov, M. Moroz, O. Narayan, T. Saade, M. Ayenson, I. Kabanov, J. Ozmen, E. Lee, V . S. Narajala, E. Guilherme Junior, K. Huang, H. Gulsin, J. Ross, M. Vyshegorodtsev, A. Travers, I. Habler, and R. Jadav, “A2AS: Agentic ai runtime security and self-defense,”
-
[5]
Available: https://arxiv.org/abs/2510.13825
[Online]. Available: https://arxiv.org/abs/2510.13825
-
[6]
Introducing the agent governance toolkit: Open-source runtime security for AI agents,
Microsoft Open Source, “Introducing the agent governance toolkit: Open-source runtime security for AI agents,” https://opensource.mic rosoft.com/blog/2026/04/02/introducing-the-agent-governance-toolkit- open-source-runtime-security-for-ai-agents/, 2026
2026
-
[7]
Cisco reimagines security for the agentic workforce,
Cisco, “Cisco reimagines security for the agentic workforce,” https: //newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-reimagin es-security-for-the-agentic-workforce.html, 2026
2026
-
[8]
Careful adoption of agentic AI services,
ASD’s ACSC, CISA, NSA, Canadian Centre for Cyber Security, NCSC-NZ, and NCSC-UK, “Careful adoption of agentic AI services,” United States Cybersecurity and Infrastructure Security Agency, Tech. Rep., April 2026. [Online]. Available: http://bit.ly/49JP3wm
2026
-
[9]
Open policy agent (opa) – philosophy and rego language reference,
Styra, “Open policy agent (opa) – philosophy and rego language reference,” 2025. [Online]. Available: https://www.openpolicyagent.org/ docs/
2025
-
[10]
Cedar: A new language for expressive, fast, safe, and analyzable authorization,
J. W. Cutler, C. Disselkoen, A. Eline, S. He, K. Headley, M. Hicks, K. Hietala, E. Ioannidis, J. Kastner, A. Mamat, D. McAdams, M. Mc- Cutchen, N. Rungta, E. Torlak, and A. M. Wells, “Cedar: A new language for expressive, fast, safe, and analyzable authorization,” in Proceedings of OOPSLA, 2024, pp. 670–697
2024
-
[11]
A policy language for a pervasive computing environment,
L. Kagal, T. Finin, and A. Joshi, “A policy language for a pervasive computing environment,” inIEEE 4th International Workshop on Poli- cies for Distributed Systems and Networks. IEEE, 2003, pp. 63–74
2003
-
[12]
Semantic web in a pervasive context- aware architecture,
H. Chen, T. Finin, and A. Joshi, “Semantic web in a pervasive context- aware architecture,” inWorkshop on Artificial Intelligence in Mobile System, 5th Annual Conf. on Ubiquitous Computing, A. Kr ¨uger and R. Malaka, Eds. IEEE, 2003, pp. 33–40
2003
-
[13]
Enforcing policies in pervasive environments,
A. Patwardhan, V . Korolev, L. Kagal, and A. Joshi, “Enforcing policies in pervasive environments,” inThe First Annual International Confer- ence on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004, 2004, pp. 299–308
2004
-
[14]
Owl - semantic web standards - w3c,
World Wide Web Consortium, “Owl - semantic web standards - w3c,” https://www.w3.org/OWL/, 2026, accessed: 2026-06-12
2026
-
[15]
AI agents in action: Foundations for evaluation and governance,
World Economic Forum and Capgemini, “AI agents in action: Foundations for evaluation and governance,” Nov. 2025. [Online]. Available: https://reports.weforum.org/docs/WEF AI Agents in Actio n Foundations for Evaluation and Governance 2025.pdf
2025
-
[16]
Supervisory guidance on model risk management,
Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency, “Supervisory guidance on model risk management,” Board of Governors of the Federal Reserve System, Tech. Rep. SR Letter 26-2, Attachment, Apr. 2026, footnote 3 explicitly excludes generative and agentic AI models from sco...
2026
-
[17]
AI agent standards initiative, center for AI standards and innovation (CAISI),
National Institute of Standards and Technology, “AI agent standards initiative, center for AI standards and innovation (CAISI),” 2026. [Online]. Available: https://www.nist.gov/artificial-intelligence/ai-agen t-standards-initiative
2026
-
[18]
Agentic AI governance lessons from financial services,
R. Saxena, “Agentic AI governance lessons from financial services,” Responsible AI Institute; republished in the PLI Chronicle, Apr. 2026. [Online]. Available: https://www.responsible.ai/news/agentic-ai-governa nce-lessons-from-financial-services/
2026
-
[19]
AIUC-1: A certification standard for AI agents,
AIUC-1 Consortium, “AIUC-1: A certification standard for AI agents,” 2026, six control families: data/privacy, security, safety, reliability, accountability, and society; crosswalks to NIST AI RMF, MITRE ATLAS, ISO 42001, and OW ASP agentic lists. [Online]. Available: https://www.aiuc-1.com/
2026
-
[20]
Artificial intelligence risk management framework (AI RMF 1.0),
National Institute of Standards and Technology, “Artificial intelligence risk management framework (AI RMF 1.0),” National Institute of Standards and Technology, Tech. Rep. NIST AI 100-1, 2023
2023
-
[21]
Authenticated delegation and authorized AI agents,
T. South, S. Marro, T. Hardjono, R. Mahari, C. D. Whitney, D. Greenwood, A. Chan, and A. Pentland, “Authenticated delegation and authorized AI agents,” 2025. [Online]. Available: https://arxiv.org/ abs/2501.09674
-
[22]
ODRL information model 2.2,
W3C ODRL Community Group, “ODRL information model 2.2,” W3C, 2018. [Online]. Available: https://w3.org/TR/odrl-model/
2018
-
[23]
Rdfox: A highly-scalable rdf store,
Y . Nenov, R. Piro, B. Motik, I. Horrocks, Z. Wu, and J. Banerjee, “Rdfox: A highly-scalable rdf store,” inThe Semantic Web - ISWC 2015. Springer International Publishing, 2015
2015
-
[24]
Financial industry business ontology (FIBO),
EDM Council, “Financial industry business ontology (FIBO),” https: //edmcouncil.org/frameworks/industry-models/fibo/, 2024
2024
-
[25]
Financial regulation ontology (FinRegOnt): Semantic compliance in finance,
Jayzed Data Models Inc., “Financial regulation ontology (FinRegOnt): Semantic compliance in finance,” https://finregont.com/, 2024
2024
-
[26]
The financial regulation XBRL ontology,
——, “The financial regulation XBRL ontology,” https://finregont.com /xbrl-ontology/, 2024
2024
-
[27]
Agent-fence: Mapping security vulnerabilities across deep research agents,
S. Puppala, I. Hossain, M. J. Alam, Y . Lee, J. Yoo, T. Ahad, S. B. Alam, and S. Talukder, “Agent-fence: Mapping security vulnerabilities across deep research agents,” arxiv:2602.07652, 2026. [Online]. Available: https://arxiv.org/abs/2602.07652
-
[28]
AI agents under threat: A survey of key security challenges and future pathways,
Z. Deng, Y . Guo, C. Han, W. Ma, J. Xiong, S. Wen, and Y . Xiang, “AI agents under threat: A survey of key security challenges and future pathways,”ACM Computing Surveys, vol. 57, no. 7, 2025
2025
-
[29]
AgentDojo: A dynamic environment to evaluate prompt injection attacks and defenses for LLM agents,
E. Debenedetti, J. Zhang, M. Balunovi ´c, L. Beurer-Kellner, M. Fischer, and F. Tram `er, “AgentDojo: A dynamic environment to evaluate prompt injection attacks and defenses for LLM agents,” inAdvances in Neural Information Processing Systems 37 (NeurIPS 2024) Datasets and Benchmarks Track, 2024. [Online]. Available: https: //openreview.net/forum?id=m1YYAQjO3w
2024
-
[30]
InjecAgent: Benchmarking indirect prompt injections in tool-integrated large language model agents,
Q. Zhan, Z. Liang, Z. Ying, and D. Kang, “InjecAgent: Benchmarking indirect prompt injections in tool-integrated large language model agents,” inFindings of the Association for Computational Linguistics. Bangkok, Thailand: ACL, 2024, pp. 10 471–10 506. [Online]. Available: https://aclanthology.org/2024.findings-acl.624
2024
-
[31]
Agent security bench (ASB): Formalizing and benchmarking attacks and defenses in LLM-based agents,
H. Zhang, J. Huang, K. Mei, Y . Yao, Z. Wang, C. Zhan, H. Wang, and Y . Zhang, “Agent security bench (ASB): Formalizing and benchmarking attacks and defenses in LLM-based agents,” in13th Int. Conference on Learning Representations), 2025. [Online]. Available: https://openreview.net/forum?id=KbwJPDKimp
2025
-
[32]
Cloak, honey, trap: Proactive defenses against LLM agents,
D. Ayzenshteyn, R. Weiss, and Y . Mirsky, “Cloak, honey, trap: Proactive defenses against LLM agents,” inProceeddings of the 34th USENIX Security Symposium. Seattle, W A, USA: USENIX Association, 2025, pp. 8095–8114. [Online]. Available: https://usenix.org/conference/usen ixsecurity25/presentation/ayzenshteyn
2025
-
[33]
Security and privacy challenges in open and dynamic environments,
L. Kagal, T. Finin, A. Joshi, and S. Greenspan, “Security and privacy challenges in open and dynamic environments,”IEEE Computer, vol. 39, no. 6, pp. 89–91, Jun. 2006
2006
-
[34]
Z. Ji, D. Wu, W. Jiang, P. Ma, Z. Li, Y . Gao, S. Wang, and Y . Li, “Taming various privilege escalation in llm-based agent systems: A mandatory access control framework,”arXiv preprint arXiv:2601.11893, 2026
-
[35]
Shieldagent: Shielding agents via verifiable safety policy reasoning,
Z. Chen, M. Kang, and B. Li, “Shieldagent: Shielding agents via verifiable safety policy reasoning,”arXiv preprint arXiv:2503.22738, 2025
-
[36]
SAGA: A security architecture for governing AI agentic systems,
G. Syros, A. Suri, J. Ginesin, C. Nita-Rotaru, and A. Oprea, “SAGA: A security architecture for governing AI agentic systems,” inNetwork and Distributed System Security (NDSS) Symposium, 2026. [Online]. Available: https://arxiv.org/abs/2504.21034
-
[37]
Veriguard: Enhancing llm agent safety via verified code generation,
L. Miculicich, M. Parmar, H. Palangi, K. D. Dvijotham, M. Montanari, T. Pfister, and L. Le, “Veriguard: Enhancing llm agent safety via verified code generation,” 2025
2025
-
[38]
Progent: Securing AI Agents with Privilege Control
T. Shi, J. He, Z. Wang, L. Wu, H. Li, W. Guo, and D. Song, “Progent: Programmable privilege control for LLM agents,”arXiv preprint arXiv:2504.11703, 2025. [Online]. Available: https://arxiv.org/ abs/2504.11703
work page internal anchor Pith review Pith/arXiv arXiv 2025
-
[39]
AgentSpec: Customizable Runtime Enforcement for Safe and Reliable LLM Agents
H. Wang, C. M. Poskitt, and J. Sun, “AgentSpec: Customizable runtime enforcement for safe and reliable LLM agents,” inProceedings of the 48th IEEE/ACM International Conference on Software Engineering (ICSE 2026), 2026. [Online]. Available: https://arxiv.org/abs/2503.18666
work page internal anchor Pith review Pith/arXiv arXiv 2026
-
[40]
Policy compiler for secure agentic systems,
N. Palumbo, S. Choudhary, J. Choi, P. Chalasani, M. Christodorescu, and S. Jha, “Policy compiler for secure agentic systems,” 2026
2026
-
[41]
MI9 — agent intelligence protocol: Runtime governance for agentic AI systems,
C. L. Wang, T. Singhal, A. Kelkar, and J. Tuo, “MI9 — agent intelligence protocol: Runtime governance for agentic AI systems,”arXiv preprint arXiv:2508.03858, 2025
-
[42]
Model context protocol (MCP) security: Secure design patterns for agentic systems,
CoSAI / OASIS Workstream 4, “Model context protocol (MCP) security: Secure design patterns for agentic systems,” https://github.com/cosai-o asis/ws4-secure-design-agentic-systems, 2025
2025
-
[43]
The Ponder policy specification language,
N. Damianou, N. Dulay, E. Lupu, and M. Sloman, “The Ponder policy specification language,” inPolicies for Distributed Systems and Networks (POLICY 2001), ser. Lecture Notes in Computer Science, vol. 1995. Berlin, Heidelberg: Springer, 2001, pp. 18–38
2001
-
[44]
eXtensible Access Control Markup Language (XACML) version 3.0,
OASIS, “eXtensible Access Control Markup Language (XACML) version 3.0,” OASIS Standard, 2013. [Online]. Available: https: //docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
2013
-
[45]
XACML policy evalu- ation with dynamic context handling,
N. Ammar, Z. Malik, E. Bertino, and A. Rezgui, “XACML policy evalu- ation with dynamic context handling,”IEEE Transactions on Knowledge and Data Engineering, 2015
2015
-
[46]
A policy system for control of data fusion processes and derived data,
E. Bertino, D. Verma, and S. Calo, “A policy system for control of data fusion processes and derived data,” in21st International Conference on Information Fusion, 2018, pp. 807–813
2018
-
[47]
Advice from Belnap policies,
C. Hankin, F. Nielson, and H. R. Nielson, “Advice from Belnap policies,” inProceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009). IEEE, 2009, pp. 234–247
2009
-
[48]
Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition,
G. Bruns and M. Huth, “Access control via Belnap logic: Intuitive, expressive, and analyzable policy composition,”ACM Transactions on Information and System Security, vol. 14, no. 1, pp. 9:1–9:27, 2011
2011
-
[49]
Autonomous agents and policy com- pliance: A framework for reasoning about penalties,
V . Tummala and D. Inclezan, “Autonomous agents and policy com- pliance: A framework for reasoning about penalties,”arXiv preprint arXiv:2512.03931, 2025, under consideration in Theory and Practice of Logic Programming (TPLP)
-
[50]
Artificial intelligence risk management framework: Generative artificial intelligence profile,
National Institute of Standards and Technology, “Artificial intelligence risk management framework: Generative artificial intelligence profile,” National Institute of Standards and Technology, Tech. Rep. NIST AI 600-1, Jul. 2024
2024
-
[51]
ATLAS: Adversarial threat landscape for artificial-intelligence systems,
MITRE, “ATLAS: Adversarial threat landscape for artificial-intelligence systems,” https://atlas.mitre.org/, 2025
2025
-
[52]
AI risk atlas,
IBM, “AI risk atlas,” 2025. [Online]. Available: https://www.ibm.com/ docs/en/watsonx/saas?topic=ai-risk-atlas
2025
-
[53]
Responsible scaling policy, version 3.0,
Anthropic, “Responsible scaling policy, version 3.0,” 2026, effective February 24, 2026. [Online]. Available: https://www.anthropic.com/re sponsible-scaling-policy
2026
-
[54]
C. Koch, “From governance norms to enforceable controls: A layered translation method for runtime guardrails in agentic ai,” arxiv:2604.05229, 2026. [Online]. Available: https://arxiv.org/abs/2604 .05229
work page internal anchor Pith review Pith/arXiv arXiv 2026
-
[55]
R owl bac: representing role based access control in owl,
T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thuraisingham, “R owl bac: representing role based access control in owl,” inProceedings of the 13th ACM symposium on Access control models and technologies. ACM, 2008, pp. 73–82
2008
-
[56]
Representing attribute based access control policies in owl,
N. K. Sharma and A. Joshi, “Representing attribute based access control policies in owl,” in2016 IEEE Tenth International Conference on Semantic Computing (ICSC). IEEE, 2016, pp. 333–336
2016
-
[57]
Verifiable credentials data model 2.0,
W3C, “Verifiable credentials data model 2.0,” W3C Recommendation, 2024
2024
-
[58]
The challenge of access control policies quality,
E. Bertino, A. Abu Jabal, S. Calo, C. Makaya, M. Touma, D. Verma, and C. Williams, “The challenge of access control policies quality,”ACM Journal of Data and Information Quality, vol. 10, no. 2, pp. 6:1–6:6, 2018
2018
-
[59]
Policy-as-prompt: Turning AI governance rules into guardrails for AI agents,
G. Kholkar and R. Ahuja, “Policy-as-prompt: Turning AI governance rules into guardrails for AI agents,” inWorkshop on Regulatable ML, 39th Conference on Neural Information Processing Systems (NeurIPS),
-
[60]
Available: https://arxiv.org/abs/2509.23994
[Online]. Available: https://arxiv.org/abs/2509.23994
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.