Purpose

This document introduces the SADAR Context Token (SCT) — SADAR's mechanism for propagating authorization context across trust boundaries — and describes the SCT chain, the five chain operations, and the validation properties every receiver applies to incoming SCTs. It stays at the architectural level; the full normative specification lives in 4. SCT Operations companion document (chain operations and the four abstract operations any conformant implementation must support) and in 5. Trust Models companion document Part II (asserted-model-specific validation).

Audience: enterprise architects, security architects, and implementers responsible for SCT-conformant authorization context propagation.

What the SCT Is

The SADAR Context Token is a JWS-inside-JWE— a digitally signed claim set wrapped in encryption — that travels with each invocation across a SADAR-mediated multi-agent flow. It carries authorization context attested at every trust boundary crossing: the originator's identity and authentication, the trust model under which the flow operates, the business process the call participates in, the accumulated Risk Score scalar, and the cryptographic linkage to the prior segment in the chain.

The choice of JWS-inside-JWE is deliberate. The signature provides tamper-evidence: any modification to a segment's content invalidates the signature and is detected on validation. The encryption provides confidentiality: the segment's claims are visible only to the JWE recipient. The two properties are independent — a party that cannot decrypt a segment can still verify its signature and its place in the chain. This independence is what lets an SCT chain be auditable end-to-end while preserving per-segment confidentiality across organizational boundaries.

The SCT is not an authentication token. It does not authorize the caller to make the call; the authentication baseline (OIDC Client Credentials over mTLS) does that. The SCT carries the authorization context for the operation, attested at each handoff so that downstream parties can reason about who originated the flow and under what authority.

The SCT Chain

As a flow traverses multiple agents, services, or organizational boundaries, each crossing produces a new SCT segment cryptographically chained to the prior one. The full chain — the linked list of segments from Open to Close — is the cryptographically attested record of how authorization context evolved through the flow.

The chain is the canonical audit substrate. Where retrospective reconstruction of "who authorized what, when, on whose behalf" is required — regulatory inquiry, incident investigation, compliance audit — the SCT chain is ground truth. Each segment's signature is verifiable against its issuer's published key material in the registry; each parent-child binding is verifiable against the prior segment's jti. Tampering anywhere in the chain is detectable from the chain alone, ithout external state.

Chains are structurally immutable. Adding a segment produces a new chain that includes the prior segments unchanged; modifying a prior segment invalidates that segment's signature and any downstream binding that depends on it. This is a property of the format, not a runtime constraint — implementations cannot conformantly mutate prior segments because the result would fail integrity verification by anyone with access to the issuers' public keys.

Chain Operations — The Five Segment Types

Each segment in an SCT chain represents one of five operation types, identifying the segment's role in authorization context propagation. The operation type is fixed at issuance and recorded in the segment's claims.

Operation	Purpose	Typical occurrence
Open	First-link issuance. Establishes the originator's authorization context — originator identity, authentication evidence, trust model.	When a flow begins.
Continue	Mid-chain re-issuance preserving and propagating context. Used by intermediate agents that pass authority forward without elevating it.	When an agent forwards a call without changing the authority under which it operates.
Hold	Suspension of the chain for asynchronous continuation. Permits the chain to pause (e.g., for human-in-the-loop review) with later resumption.	When a flow needs to wait for an external event before proceeding.
Authoritative Carry	Continuation with elevated authority appropriate to the carrying entity. The intermediate operates under its own authority while preserving the chain.	When an intermediate must apply its own credentials downstream rather than the originator's.
Close	Terminal issuance ending the chain. Records final disposition.	When the flow completes — successfully or otherwise.

These five operations are the vocabulary by which a chain expresses its authorization narrative. A flow that runs cleanly typically begins with Open, threads through one or more Continue or Authoritative Carry segments, and ends with Close. Asynchronous flows insert Hold-Resume pairs at the suspension points. The mid-chain trust model (the originating_user_trust claim) is fixed at Open and persists through all subsequent segments; a flow needing a different trust model partway through closes the existing chain and opens a new one, with cryptographic linkage preserved through the chain-of-chains mechanism.

General SCT Validation

Every SADAR-conformant receiver of an SCT applies the validation checks below before honoring the chain. These are the trust-model-agnostic properties — they apply to every chain, regardless of whether the originator was direct-authenticated, asserted, impersonated, or operating under deputy.

Check	What it verifies
Signature verification	Each segment's JWS signature verifies against the issuer's published key material from the issuer's signed registry manifest. A failure on any segment fails the chain.
Chain integrity	Parent-child cryptographic binding between adjacent segments. Each segment carries a `parent_sct_jti` claim referencing the prior segment's JWT ID; binding violations indicate a tampered or forged chain.
Cryptographic parity	Values appearing in multiple propagation layers — OTel baggage, span attributes, SCT claims, Telemetry Record fields — are required to be consistent at any point of observation. Parity instances include the SCT chain root `jti`, business process identifier, trust model claim, Risk Score scalar, and Transaction Instance ID.
Replay protection	Each segment carries a unique `jti`. Receivers track `jti` values within the segment's `exp` window; reuse is detected and rejected.
Crypto suite acceptance	The chain's declared Chain Crypto Suite is checked against the receiver's accepted-suite list. Suites not on the list are rejected before any cryptographic operation.

Validation is fail-closed. A receiver that cannot complete a check — for any reason — rejects the invocation rather than proceeding under reduced trust. Structured errors use the urn:sadar:error:v1 namespace; the specific error category depends on which check failed (signature, chain integrity, parity, replay, suite acceptance).

Trust-model-specific validation runs after these checks pass. The asserted model has its own additional validation algorithm — asserter identity verification, originator namespacing, Role claim handling — covered in the Trust Models page and in 5. Trust Models companion document Part II. Other trust models apply additional validation at provider discretion within the constraints of §5.1.8 and §5.1.15.

Cryptographic Suite

Every SCT chain declares a Chain Crypto Suite at the chain header level, identifying the signature, encryption, key wrap, and hash algorithms in use. The assertion is chain-wide: all segments in a chain use the same primitives. Mixed-primitive chains are not conformant.

Suite	Composition
`SADAR-CRYPTO-1` (reference)	ES256 + A256GCM + ECDH-ES+A256KW + SHA-256. The reference suite. Conformant implementations SHALL support this for both production and consumption.
`SADAR-CRYPTO-2`	ES384 + A256GCM + ECDH-ES+A256KW + SHA-384. Optional support.
`SADAR-CRYPTO-3`	EdDSA (Ed25519) + A256GCM + ECDH-ES+A256KW + SHA-256. Optional support.
`SADAR-CRYPTO-4`	RS256 (≥3072 bit) + A256GCM + RSA-OAEP-256 + SHA-256. Optional support.

Receivers inspect the asserted Chain Crypto Suite before any cryptographic operation and reject chains whose suite is not on the receiver's accepted-suite list. Acceptance-list policy is a deployment configuration concern. The suite assertion itself is covered by the JWS signature so it cannot be altered without invalidating the chain.

Post-quantum migration is documented in 4. SCT Operations §B.8.6. The migration path includes ML-DSA (FIPS 204) for signatures and ML-KEM (FIPS 203) for key encapsulation, with hybrid suites combining classical and post-quantum primitives during the transition. Specific suite identifiers will be added once IETF JOSE finalizes the corresponding JWS/JWE algorithm registrations.

Implementation Surface — Four Abstract Operations

Conformant SCT implementations support four abstract operations defined in 4. SCT Operations companion document. The operations are abstract — implementations expose them through any interface idiom appropriate to their language or runtime, provided the defined behavior is preserved.

Operation	Purpose
Validate	Verifies each in-scope segment's JWS signature and structural conformance. Returns a structured per-segment result.
Extract Claims	Returns the chain's claims with per-segment validity status. Decrypted claims are returned only for segments where the caller is the JWE recipient AND signature validates.
Append Segment	Adds a new segment to a prior chain. Validates the prior chain first; refuses to extend an invalid chain.
Verify Chain Integrity	End-to-end check covering signatures plus parent-child bindings. Operates on cleartext metadata only — does not require decryption of any segment's payload.

Most production callers use Extract Claims as their primary entry point — it provides validation and claim retrieval in a single call. Validate exists for preflight checks where a caller wants to confirm chain validity without retrieving claims (e.g., before deciding whether to proceed with a more expensive operation). Verify Chain Integrity is the operation an audit consumer uses when it has access to the issuers' public keys but may not be able to decrypt every segment — chain coherence is verifiable end-to-end on cleartext metadata alone.

Boundaries — What's Not Here

The SCT and its chain are onelayer of the SADAR security architecture. Several adjacent concerns are out of scope here and live in dedicated sibling pages or companion documents:

Concern	Where it lives
Asserted trust model validation	The asserted-model-specific algorithm (asserter identity, originator namespacing, Role claim with default handling, trust model match) lives with Trust Models. See Trust Models (sibling page) and 5. Trust Models companion document, Part II.
Authentication baseline	How entities authenticate to one another (OIDC Client Credentials over mTLS, TLS minimum, JWKS endpoints) is its own concern. See Authentication Baseline (sibling page).
Authentication scopes	OIDC scope namespace and token semantics for invocations. See Authentication Scopes (sibling page).
Trust model definitions and negotiation	What `direct_auth`, `asserted`, `impersonation`, and `deputy` mean and how the model is selected at discovery time. See Trust Models (sibling page) and 5. Trust Models companion document, Part I.
Telemetry Record schema	The persistent per-invocation audit artifact carries SCT chain references but is itself a separate artifact. See Telemetry Record (Observability) and 6. Telemetry Record and Repatriation companion document.

Where to Learn More

• Security Overview — orientation to the security layers and how they compose.

• Authentication Baseline — how entities authenticate to one another beneath the SCT.

• Trust Models — the four originator trust models, bilateral negotiation, and the asserted-model validation algorithm.

• Authentication Scopes — urn:sadar:scope:v1 namespace and the six initial scopes.

• Registry Security — registry isolation, manifest signing, and cryptographic parity.

• Telemetry Record — the per-invocation persistent audit artifact that references the SCT chain.

• 4. SCT Operations — the full normative specification of the SCT format, the four abstract operations, the error contract, the Chain Crypto Suite system, and post-quantum migration.

• 5. Trust Models, Part II — asserted-model SCT validation algorithm, four rejection conditions, default-role handling, and structured error codes.

• 2. Scope §5.1.8.2 — the umbrella SCT requirement and the five chain operations.

• 2. Scope §5.1.17 — Cryptographic Parity, the foundation for tamper-evident audit reconstruction.

‍