An authorization boundary is the point at which a proposed action is judged against policy and then permitted, refused, or held. This work names the construct and argues that a complete authorization boundary satisfies three independent properties. Output integrity: an unauthorized action cannot execute, because no path reaches the world without passing the boundary. Input integrity: a verdict does not rest on evidence whose admissible origin has not been established. Replay integrity: a verdict can be independently reconstructed from the bound inputs, the policy and version state that applied, the authority chain, and the proposed action. Beneath the three sits a substrate, input binding, which records which inputs a decision used. Input binding supports reconstruction, but it does not establish admissibility. That distinction is load-bearing: a faithfully bound, fully reproducible verdict over fabricated inputs has replay integrity and no input integrity. Because the three properties are orthogonal, the model also functions as a classification. Any authorization architecture can be located by the properties it satisfies and the one a given class structurally cannot, separating observability and advisory guardrails, policy engines that authorize caller-asserted facts, and signed logging from a complete boundary. The model states what has to be true for an authorization boundary to deserve the name. It does not claim that any one system satisfies every property, and it notes that input integrity is the newest and least developed of the three. This is the synthesis of a three-part series and the citable framework reference for the model; companion articles establish the output, input, and replay arguments individually.
Edward Meyman (Fri,) studied this question.