What Is Tap and Go Delegation
<!-- hierarchy:nav -->
Path: OIP › Thinker Reference › Token Drop Guides › What Is Tap and Go Delegation
Shelf: Token Drop Guides · Traversal: self-explaining · hierarchical · voxel-ready
Machine root: OIP tree · Registry
What Is Tap and Go Delegation
§SELF — what-is-tap-go
What this page is: A technical description of OIP's one-action delegation mechanism. What it explains: How Tap and Go delegation works, what it copies, and what security properties it guarantees. Why read it: To understand how OIP gives models system access without manual configuration or key management.
What Tap and Go Delegation Is
Tap and Go is OIP's (Object Invocation Protocol) delegation mechanism. The name comes from transit cards: you tap your card on a reader and you go through. There is no setup, no configuration, and no login. It is one action.
OIP Tap and Go works the same way: a single copy action gives a model everything it needs to operate a system. The model receives a data drop, reads the capability record inside it, and knows what it can access, what it can do, how to do it, and how to prove it did so. No human is required in the loop.
Why It Matters
The problem Tap and Go solves is: how do you give a model access to a system without compromising security? Traditional methods require API keys, manual permission configuration, or shared credentials. Each of these creates risk: keys can leak, permissions are often too broad, and credentials shared between humans and machines are hard to revoke cleanly.
Tap and Go replaces all of this with a single, self-describing, scoped, temporary data drop.
The Key Idea
A Tap and Go drop contains five components:
- Object map — a directory of all available objects. This tells the model what resources exist in the system.
- Capability token — a scoped, expiring proof of permission. The token is unforgeable and carries authority only for specific objects and actions. It is not a master key.
- Execution pattern — the URL patterns for invocation. This tells the model how to construct requests to operate each object.
- Receipt rule — how to prove an action was performed. This defines what evidence the model must produce to demonstrate it executed an invocation.
- Protocol bundle — the full OIP specification in machine-readable form. This lets the model verify that it understands the protocol correctly.
When a model receives a Tap and Go drop, it can:
- Read the object map to discover what objects exist.
- Read the capability token to learn what it is permitted to do.
- Read the execution patterns to learn how to invoke objects.
- Read the receipt rule to learn how to prove its actions.
- Read the protocol bundle to verify its understanding of OIP.
What It Guarantees
A Tap and Go drop has four security properties:
- Self-describing. The drop contains an explain URL where the model can verify exactly what the token permits. The model does not need external documentation.
- Scoped. The token carries limited authority. It grants access only to specific objects and actions, not to the entire system.
- Temporary. The token expires. It cannot be used indefinitely.
- Audited. Every use of the token is logged. The system records every invocation, when it happened, and by whom.
Limitations
- The model must be capable of reading and understanding the OIP protocol bundle. A model without this capability cannot use the drop.
- The drop is only as secure as the channel it travels on. If an attacker intercepts the drop, they gain the token's authority.
- Revocation requires the system to check token validity on each use. If the system caches token checks, a revoked token may remain usable until the cache clears.
- There is no guarantee the model will act correctly — only that its actions are scoped, logged, and provable.
How It Connects to Other Ideas
Capability-based security. Tap and Go follows the KeyKOS model: capabilities are unforgeable, scoped, and delegable. A Tap and Go drop is a portable capability bundle.
Zero-trust architecture. Tap and Go implements zero-trust principles: never trust, always verify. Every invocation is scoped, logged, and expires. There is no standing authorization.
API key management. Tap and Go replaces API keys. An API key grants broad, long-lived access. A Tap and Go token grants narrow, short-lived access with built-in proof of action.
Sources
- Object Invocation Protocol (OIP) Specification — delegation and capability sections.
- Hardy, Norman, et al. "KeyKOS: A Commercially Successful, Capability-Based, Persistent Operating System." Proceedings of the 12th ACM Symposium on Operating Systems Principles, 1989. (factory pattern and capability model)
---
Up the tree
- OIP root — protocol root, zero-context entry
- Thinker Reference hub — full hierarchy map
- Token Drop Guides shelf — siblings on this shelf
- Voxel graph article — how pages link as voxels
- Self-describing protocol
Related on this shelf
- How a Model Should Read an OIP Token Drop
- How to Write a Token Drop That Models Accept
- What Is a Token Drop
Machine surfaces
- Public page:
https://miscsubjects.com/a/what-is-tap-go - JSON article:
https://miscsubjects.com/api/articles/what-is-tap-go - OIP ask:
https://miscsubjects.com/api/dispatch?ask=What%20Is%20Tap%20and%20Go%20Delegation
Ask this article · 2 suggested prompts
Text the build (+14245134626) or WhatsApp — slug|question creates a question node. Paste evidence with ingest slug|q:NODE_ID|your paste.