Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

OpenPort Protocol: A Security Governance Specification for AI Agent Tool Access

Genliang Zhu, Chu Wang, Ziyuan Wang, Zhida Li, Qiang Li

TL;DR

This paper introduces OpenPort Protocol (OPP), a governance-first specification for exposing application tools through a secure server-side gateway that is model- and runtime-neutral and can bind to existing tool ecosystems.

Abstract

AI agents increasingly require direct, structured access to application data and actions, but production deployments still struggle to express and verify the governance properties that matter in practice: least-privilege authorization, controlled write execution, predictable failure handling, abuse resistance, and auditability. This paper introduces OpenPort Protocol (OPP), a governance-first specification for exposing application tools through a secure server-side gateway that is model- and runtime-neutral and can bind to existing tool ecosystems. OpenPort defines authorization-dependent discovery, stable response envelopes with machine-actionable \texttt{agent.*} reason codes, and an authorization model combining integration credentials, scoped permissions, and ABAC-style policy constraints. For write operations, OpenPort specifies a risk-gated lifecycle that defaults to draft creation and human review, supports time-bounded auto-execution under explicit policy, and enforces high-risk safeguards including preflight impact binding and idempotency. To address time-of-check/time-of-use drift in delayed approval flows, OpenPort also specifies an optional State Witness profile that revalidates execution-time preconditions and fails closed on state mismatch. Operationally, the protocol requires admission control (rate limits/quotas) with stable 429 semantics and structured audit events across allow/deny/fail paths so that client recovery and incident analysis are deterministic. We present a reference runtime and an executable governance toolchain (layered conformance profiles, negative security tests, fuzz/abuse regression, and release-gate scans) and evaluate the core profile at a pinned release tag using artifact-based, externally reproducible validation.

OpenPort Protocol: A Security Governance Specification for AI Agent Tool Access

TL;DR

This paper introduces OpenPort Protocol (OPP), a governance-first specification for exposing application tools through a secure server-side gateway that is model- and runtime-neutral and can bind to existing tool ecosystems.

Abstract

AI agents increasingly require direct, structured access to application data and actions, but production deployments still struggle to express and verify the governance properties that matter in practice: least-privilege authorization, controlled write execution, predictable failure handling, abuse resistance, and auditability. This paper introduces OpenPort Protocol (OPP), a governance-first specification for exposing application tools through a secure server-side gateway that is model- and runtime-neutral and can bind to existing tool ecosystems. OpenPort defines authorization-dependent discovery, stable response envelopes with machine-actionable \texttt{agent.*} reason codes, and an authorization model combining integration credentials, scoped permissions, and ABAC-style policy constraints. For write operations, OpenPort specifies a risk-gated lifecycle that defaults to draft creation and human review, supports time-bounded auto-execution under explicit policy, and enforces high-risk safeguards including preflight impact binding and idempotency. To address time-of-check/time-of-use drift in delayed approval flows, OpenPort also specifies an optional State Witness profile that revalidates execution-time preconditions and fails closed on state mismatch. Operationally, the protocol requires admission control (rate limits/quotas) with stable 429 semantics and structured audit events across allow/deny/fail paths so that client recovery and incident analysis are deterministic. We present a reference runtime and an executable governance toolchain (layered conformance profiles, negative security tests, fuzz/abuse regression, and release-gate scans) and evaluate the core profile at a pinned release tag using artifact-based, externally reproducible validation.
Paper Structure (102 sections, 12 equations, 9 figures, 7 tables)

This paper contains 102 sections, 12 equations, 9 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Problem Statement and Threat Model
  3. System Model and Trust Boundaries
  4. Assets
  5. Assumptions
  6. Adversary Model
  7. Key Threats
  8. Security Goals
  9. Non-goals
  10. Protocol Overview
  11. Design Principles
  12. Versioning and Compatibility
  13. Core Objects
  14. Tool Manifest
  15. Core Endpoints
  16. ...and 87 more sections

Figures (9)

  • Figure 1: System model and trust boundaries.
  • Figure 2: OpenPort separates governance semantics from tool ecosystems: compatibility is achieved via optional bindings.
  • Figure 3: Integration token provisioning and authorized tool discovery.
  • Figure 4: Authorized reads with policy enforcement and audit emission.
  • Figure 5: Write request flow with optional preflight and draft-first defaults.
  • ...and 4 more figures