KYE Ontology Profile™ · v1.0

Semantic authority, not just permissions.

A login session, an OAuth scope, a payment mandate, a legal delegation, a healthcare consent, an API permission and an AI-agent capability are not the same thing. KYE™ maps these concepts without collapsing them into one vague permission model.

KYE Ontology Profile™ defines how entities, authorities, capabilities, scopes, states, decisions and evidence relate across systems, sectors and profiles. Schemas make data valid. Ontologies make data meaningful.

stacks Where it sits category 12 domains compare_arrows Mapping types schema Schemas apps Apps balance Open / paid

1 · Where the semantic layer sits

Schemas. Dictionaries. Taxonomies. Ontology. Graph. Policy. Runtime.

The ontology layer is not a replacement for any of the others. It gives them shared meaning so different systems can agree on what an entity, agent, authority, capability, state, decision or evidence pack actually is.

DictionariesAllowed terms. Stable names KYE™ recognises.

TaxonomiesParent / child classification of those names.

KYE Ontology Profile™Semantic relationships between names — what they mean, what they require, what they are not.

Schemas (JSON Schema)Runtime validation. Bytes on the wire.

Knowledge graphLive instances of entities, authorities, decisions.

Policy engineDecisions over meaning + state.

Runtime gatewayEnforcement at the decision point.

Evidence Pack™Signed semantic artefact a regulator can replay offline.

2 · The twelve ontology domains

Every KYE™ term belongs to exactly one domain.

Domains carve the semantic surface so terms cannot drift across categories silently. delegated_payment_authority lives in authority; payment_initiation lives in capability; amount_limit lives in scope. Mappings between domains are explicit.

personentityHuman, org, agent, model, tool, device, dataset, credential, instrument, asset.

verified_userauthorityDelegation, mandate, consent, approval, permission, entitlement, licence, power_of_attorney.

extensioncapabilitypayment_initiation, card_purchase, data_access, contract_signing, tool_invocation.

straightenscopeamount_limit, time_window, jurisdiction, data_class, environment, retention_limit.

timelinestateentity, authority, delegation, credential, capability, risk, recovery, continuity, discovery, certification.

balancedecisionallow, allow_with_constraints, require_approval, deny, continuity_*.

verifiedevidenceaudit_event, decision_map, evidence_pack, payload_hash, signature, intent_trace.

trending_upcontinuityDrift types and continuity dimensions.

explorediscoverabilityDiscovery modes, risk-discovery types, masking classes.

powerconnectorConnector Profile™ family kinds.

apartmentsectorpayments, open_finance, legal, health, pensions, cyber, critical_infrastructure, sovereign_ai, telecom, pharma_gxp.

workspace_premiumcertificationConformance / certification artefacts.

3 · Mapping types — interactive

Six explicit mapping types. Including "not equivalent."

Every external-system term mapped into KYE™ declares exactly one mapping type. The runtime enforces it. An OAuth scope may be related_not_identical to a delegated payment authority — presenting the scope alone, without the companion authority record, is denied.

When does it apply?

Source and KYE™ term are interchangeable for runtime purposes. Rare in practice; usually only safe within a single trust domain.

Example: oidc_id_token.sub ≡ kye:term:entity:human when both reference the same KYE-issued URN.

Runtime effect: presenting either term resolves to the same KYE™ term. No companion object required.

When does it apply?

The source term MUST NOT be treated as the KYE™ term. Asserting equivalence is itself a policy violation.

Example: oauth.scope:profile.read ≠ kye:term:legal:power_of_attorney.

Runtime effect: deny with reason code semantic_equivalence_rejected.

When does it apply?

A label-level alias only — same KYE™ term under a different display name.

Example: "payment mandate" alias of kye:term:authority:delegated_payment_authority.

Runtime effect: presenting either resolves identically; no policy gate.

When does it apply?

The source term is a narrower meaning than the KYE™ term.

Example: card_purchase subsumes the broader kye:term:capability:payment_initiation only for card-rail subset.

Runtime effect: resolves to the KYE™ term but only within the declared narrow scope.

When does it apply?

The source term is a broader meaning than the KYE™ term.

Example: generic.access subsumed_by kye:term:authority:delegated_payment_authority — presenting the broad term is insufficient.

Runtime effect: require additional KYE™ objects to narrow the resolution; deny if absent.

4 · Schemas (Apache 2.0, public mirror)

Five normative objects + JSON-LD context. Validated in CI.

ontology-profile.json — KYE Ontology Profile™ manifest
ontology-term.json — one canonical term
ontology-relationship.json — (subject, predicate, object) triple with constraints
ontology-mapping.json — external term → KYE™ term mapping with mapping_type + companion-objects
semantic-assertion.json — decision-bound semantics, hash-chained into the audit ledger
jsonld-context.json — JSON-LD context for semantic interoperability

RDF / OWL export is supported as an optional serialization for research, public-sector, and regulator integrations. KYE™ is JSON-native at runtime and ontology-aware at the semantic layer.

5 · Apps that compose this profile

Four planned apps. Contracts open; engines paid.

menu_bookKYE Ontology Registry™Define and govern terms, relationships, mappings and semantic assertions.

compare_arrowsKYE Semantic Authority Mapper™Map OAuth scopes, IAM roles, payment mandates, legal delegations and healthcare consents into KYE™ without losing meaning.

hubKYE Semantic Graph™Graph view of the ontology + live instances; semantic-path search + risk-ranked traversal.

workspace_premiumKYE Ontology Conformance™Conformance fixture suite + certification track for ontology-correct implementations.

6 · Open / paid boundary

The contracts are open. The semantic engine is paid.

Open under Apache 2.0

Open

KYE Ontology Profile™ schema
Term + relationship + mapping + semantic-assertion schemas
JSON-LD context
Predicate dictionary + 6 mapping types
Reason-code dictionary
Sample terms + sample mappings
RDF / OWL optional export examples
Basic conformance fixtures

Commercial / patent track

Paid

KYE Ontology Registry™ Pro
KYE Semantic Authority Mapper™
KYE Semantic Graph™ engine
False-equivalence detection engine
Cross-profile mapping reconciliation
Sector ontology packs
Tenant ontology overlays
Risk-weighted traversal
Certification workflow

7 · How it strengthens Continuity + Discoverability

Ontology makes discovery meaningful and continuity portable.

explore+ DiscoverabilityWithout ontology: "find all payment permissions." With ontology: "find all active delegated payment authorities, including mapped payment mandates, excluding ordinary API scopes that do not prove principal authority."

trending_up+ ContinuityUser says "book travel." Agent interprets "buy airline ticket." Ontology checks whether book implies prepare-only, reserve-only, or purchase authority — preventing intent / authority drift.

verified+ EvidenceEach runtime decision emits a signed KYESemanticAssertion, hash-chained into the audit ledger; a regulator can re-derive what the decision meant, not just what it returned.

KYE™ is JSON-native at runtime, JSON-LD-ready for semantic interoperability, and graph-aware for authority discovery, continuity and evidence.

Where to go next

Semantic authority, not just permissions.

Schemas. Dictionaries. Taxonomies. Ontology. Graph. Policy. Runtime.

Every KYE™ term belongs to exactly one domain.

Six explicit mapping types. Including "not equivalent."

Five normative objects + JSON-LD context. Validated in CI.

Four planned apps. Contracts open; engines paid.

The contracts are open. The semantic engine is paid.

Ontology makes discovery meaningful and continuity portable.

Adjacent reading.