Authorization as a Missing Layer in Digital Systems

This paper examines a structural omission in modern digital systems: the absence of authorization as an explicit, first-class layer independent of execution. Contemporary architectures overwhelmingly model behavior as execution flows, embedding authorization as a conditional check evaluated at the moment of action. This collapse prevents systems from representing intent that exists prior to, independent of, or without execution.

The paper argues that authorization must be modeled as a persistent, time-bounded, and revocable object that precedes execution. When authorization is treated as an object rather than a condition, systems regain the ability to distinguish intent from action, allow permission to exist without immediate execution, and support non-action, expiration, and revocation as valid states.

A range of recurring failures across finance, automation, artificial intelligence, and human-facing software are shown to arise from the same architectural omission: execution continuing after the authority that justified it has expired. Recent financial systems are used as a proof domain demonstrating that authorization can be formalized prior to execution, with execution functioning solely as settlement.

The paper does not propose a product, protocol, or policy. It identifies a missing layer that digital systems already assume but have not explicitly modeled, and shows how its absence explains a broad class of coordination and safety failures across domains.