OrgForge.io
Forge an organization
Why OrgForge How it works What you can forge The pattern Roadmap Docs Forge an organization
Whitepaper

OrgForge: Deterministic Authorization as a Cryptographic Primitive

Published March 11, 2026
DOI 10.5281/zenodo.18968718
Author Gary Chigaros
Affiliation OrgForge, Inc.
Read on Zenodo Download PDF

Abstract

This paper introduces a cryptographic primitive that converts organizational policy into a verifiable function. Actors submit intents describing the action they want to perform. The protocol evaluates each intent against an OrgSpec, a machine-readable organizational constitution. If the rules are satisfied, the protocol issues a signed authorization artifact. Execution systems verify that artifact before acting.

The result is a deterministic authorization pipeline that replaces procedural trust with cryptographic proof. The mechanism applies symmetrically to human, software, and AI agent actors, and to any execution surface willing to verify a signature. We characterize the primitive, prove its determinism and replay safety, describe the OrgSpec model, and discuss the path from hosted single-validator deployment to a fully decentralized authorization network.

What it covers

  1. The authorization gap in modern organizations and why most failures are not breaches but missing checks
  2. The deterministic authorization function Γ(I, C) and its inputs, outputs, and properties
  3. The OrgSpec model as a constitution: roles, capabilities, parameter constraints, approval thresholds, time windows, operational state, and amendment governance
  4. The signed authorization artifact: structure, binding to the originating intent, replay protection, and verification
  5. The execution-side verification protocol and the role of the artifact across systems
  6. Symmetric application to humans, software, and AI agents, with worked examples for each
  7. The characterization conjecture and why no system can be strictly stronger than the primitive without breaking determinism or composability
  8. Phased path from hosted protocol to authorization network to fully decentralized validation
  9. Comparisons to adjacent systems including DNS, TLS, OAuth, IAM, and on-chain compliance protocols

Citation

If you reference this work in research, blog posts, or product documentation, please use the canonical citation below.

BibTeX @misc{chigaros2026orgforge,
  author = {Gary Chigaros},
  title = {{OrgForge: Deterministic Authorization as a Cryptographic Primitive}},
  year = {2026},
  publisher = {Zenodo},
  doi = {10.5281/zenodo.18968718},
  url = {https://doi.org/10.5281/zenodo.18968718}
}

Companion documents

The whitepaper is the canonical reference. Supporting documents are staged.

  1. Yellow Paper. Formal technical specification covering canonicalization rules, proof format, validator protocol, and threat model. In preparation.
  2. Red Book. Plain-language teaching guide for community leaders and operators. In preparation.
  3. Foundry. Protocol reference, OrgSpec schema documentation, integration guides, and change log. In preparation.