Federation And Cross-Org Agent Trust

Federation lets one tenant authorize and audit another tenant's agent without handing control to a single cloud vendor.

Handshake

1. Tenants agree to a signed federation scope.
2. Each tenant exchanges trust roots.
3. Tenant A grants Tenant B's agents explicit actions and resources.
4. Grants are time-bounded, revocable, and audited.

Cross-Linked Audit

When a federated action occurs:

• Tenant X receives an audit event for the outgoing action.
• Tenant Y receives an audit event for the inbound action.
• Both events contain Merkle proof links to the other tenant's event.
• Redaction profiles control what each tenant can see.

Dispute Evidence

Either tenant can export a signed evidence bundle that verifies offline against MeshGuard's signing key and witness proof.