IBA INTENT BOUND AUTHORIZATION · CONCEPT DEMONSTRATION
Authorization Before Payment
IBA UPSTREAM OF STRIPE MACHINE PAYMENTS PROTOCOL (MPP) · PATENT PENDING GB2603013.0
SIMULATION ONLY · NO REAL PAYMENT · NO REAL TRANSACTION
AI AGENT
wants to pay
payment request
IBA GATE
authorized?
if ALLOW →
STRIPE MPP
HTTP 402 flow
payment + receipt
SERVICE
resource delivered
▶ INTENT CERTIFICATE (IBA) · BEFORE AGENT CONNECTS
// Signed before agent executes. Not a prompt.
{
“intent”: “Pay for API data access”,
“principal”: “[email protected]”,
“scope”: [“mpp_payment”, “api_read”],
“forbidden”: [“skill_modify”, “subagent_spawn”,
“external_api_write”],
“limits”: {
“max_single_payment_usd”: 5.00,
“max_session_usd”: 20.00,
“permitted_merchants”: [“browserbase.com”,
“postalform.io”, “data-api.example.com”]
},
“kill_threshold”: “any_merchant_not_in_list
· session_usd_exceeded”,
“expires”: “2026-05-03T18:00:00Z”,
“signature”: “ed25519:a7f3c2…”
}
// MPP handles the rail. IBA handles: was this
// agent authorized to pay at all, and to whom?
{
“intent”: “Pay for API data access”,
“principal”: “[email protected]”,
“scope”: [“mpp_payment”, “api_read”],
“forbidden”: [“skill_modify”, “subagent_spawn”,
“external_api_write”],
“limits”: {
“max_single_payment_usd”: 5.00,
“max_session_usd”: 20.00,
“permitted_merchants”: [“browserbase.com”,
“postalform.io”, “data-api.example.com”]
},
“kill_threshold”: “any_merchant_not_in_list
· session_usd_exceeded”,
“expires”: “2026-05-03T18:00:00Z”,
“signature”: “ed25519:a7f3c2…”
}
// MPP handles the rail. IBA handles: was this
// agent authorized to pay at all, and to whom?
▶ GATE SIMULATION · SELECT SCENARIO
Certificate valid + not expired
Merchant in permitted list
Amount within single payment limit
Session total within cap ($20.00)
Action in declared scope
WitnessBound record written
—
AWAITING GATE CHECK
▶ WITNESSBOUND AUDIT LOG · IMMUTABLE · PRE-EXECUTION
0 RECORDS