{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_topology","feature":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","contains":"claims, sources, anecdotes, question_graph slice","slug":"what-is-confused-deputy","urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/topology"},"how_to_use":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/what-is-confused-deputy/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"graph_topology","name":"Cross-article graph","what":"Merged claims/sources across condition+stack slugs for one question.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/graph-topology?question=..."}},{"id":"question_graph","name":"Question graph","what":"Ask nodes (questions + gaps) and evidence_ingest nodes (pasted model output).","urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/question-graph","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/voxels","write":"https://miscsubjects.com/api/protocol/claim"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","why":"Every feature is auditable collective intelligence","how":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/what-is-confused-deputy/topology"},"imessage":null,"router":null,"related":[{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"graph_topology","what":"Merged claims/sources across condition+stack slugs for one question."},{"id":"question_graph","what":"Ask nodes (questions + gaps) and evidence_ingest nodes (pasted model output)."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."}],"not_medical_advice":true},"slug":"what-is-confused-deputy","title":"What Is a Confused Deputy","register":"standard","tags":["oip","kimi-import","self-explaining","voxel","concepts","what-is-confused-deputy"],"updated_at":"2026-07-15T04:20:53.173Z","body_excerpt":"<!-- hierarchy:nav -->\n> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Protocol Concepts](https://miscsubjects.com/a/oip-protocol-concepts) › **What Is a Confused Deputy**\n>\n> **Shelf:** Protocol Concepts · **Traversal:** self-explaining · hierarchical · voxel-ready\n> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)\n\n# What Is a Confused Deputy\n\n## §SELF — what-is-confused-deputy\n\n**What this page is:** A definition of a specific security flaw where a program misuses its authority on behalf of a requester.\n**What it explains:** The confused deputy problem, how it works, why it is dangerous, and how capability-based security prevents it.\n**Why read it:** To understand why giving a program more authority than it needs creates a security hole, and how scoped tokens eliminate that hole.\n\n### What a Confused Deputy Is\n\nA confused deputy is a security flaw. It occurs when a program (the \"deputy\") holds authority to perform actions that a requester cannot perform directly, and the deputy uses that authority to perform an action on the requester's behalf without verifying whether the requester is allowed to request that action. The deputy is \"confused\" about whose authority it is exercising — its own, or the requester's.\n\nButler Lampson named this problem in 1971. The classic example: a compiler runs with system-level privileges (it can write files to any directory). A user asks the compiler to write its compiled output to a protected system file. The compiler, because it has system privileges, overwrites the protected file. The compiler is the confused deputy. It had authority. It used that authority on behalf of a user who should not have had that authority. The compiler did not check.\n\n### Why It Matters\n\nAny system where one component acts on behalf of another is vulnerable. Web servers handle requests for users. APIs call other APIs. AI models invoke tools on behalf of users. In every case, if the deputy component has broader authority than any single request should use, a malicious or mistaken request can exploit that excess authority. The damage ranges from data corruption to unauthorized access to system compromise. The confused deputy problem is one of the most common and least understood security flaws in multi-component systems.\n\n### The Key Idea\n\nThe problem is not that the deputy has authority. The problem is that the deputy has *more* authority than the specific task requires. When a deputy holds blanket authority, it cannot distinguish between legitimate requests and illegitimate ones — it lacks the information to do so. The solution is to give the deputy only the specific authority it needs for each task, and no more.\n\nTwo approaches exist:\n\n1. **Capability security.** The deputy receives a capability (an unforgeable token) that grants access to only the specific resource needed — for example, a write handle to one directory, not to all files. The deputy cannot be confused because it does not possess excess authority. It physically cannot access resources outside its capability's scope.\n\n2. **Permission checks.** The deputy checks whether the requester has permission before acting. This works but creates coupling: the deputy must know the access control policy, must be updated when the policy changes, and must implement the check correctly every time. Missing one check creates a vulnerability.\n\n### What the Capability Approach Got Right\n\n- **Eliminates the problem by construction.** If the deputy only holds a capability for the output directory, it cannot write to a protected system file. The attack is structurally impossible, not merely checked against.\n- **No policy knowledge required.** The deputy does not need to know who the user is, what their permissions are, or what the access control policy says. It simply uses the capability it was","ranking":"safety-first (interaction_risk/limitations), then quote-gated effective_weight","claims":[],"sources":[],"anecdotal_sources":[],"scientific_sources":[],"user_reports":[],"related_articles":[],"question_graph":{"slug":"what-is-confused-deputy","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"honesty":{"active_claims":0,"retracted_claims":0,"cut_claims":0,"challenges":0,"scrub_events":0,"note":"Retracted/cut claims stay on ledger but are excluded from ask unless ?include_inactive=1"},"counts":{"claims":0,"claims_total":0,"sources":0,"anecdotal":0,"scientific":0,"user_reports":0,"questions":0,"evidence_ingests":0}}