Economic Access Control
The security primitive for the agent economy — why RBAC isn't enough and what replaces it.
The problem
Traditional access control asks: "Who are you?" (Identity → Role → Permission). This works for humans who make a few dozen API calls a day.
AI agents make thousands. An agent with permission to call an API has no spending limit, no budget, no throttle beyond rate limits. If your agent decides to call GPT-4 10,000 times, RBAC says "yes" every time — because the agent is authorized.
The question isn't "can this agent call this API?" It's "can this agent afford to call this API?"
What is EAC?
Economic Access Control (EAC) is a security model where access is governed by economic constraints — budgets, costs, and spending limits — rather than (or in addition to) identity and roles.
Instead of "this agent has the api:read role," EAC says "this agent has 500 credits and each API call costs 2 credits."
RBAC vs EAC
| Dimension | RBAC | EAC |
|---|---|---|
| Core question | Who are you? | What can you afford? |
| Control mechanism | Roles & permissions | Budgets & costs |
| Token type | JWT / API key | Macaroon (attenuated) |
| Delegation | Admin creates all tokens | Any token can delegate down |
| Runaway cost protection | None (rate limits only) | Built-in budget enforcement |
| Designed for | Humans (few calls) | Agents (millions of calls) |
The Economic Firewall
SatGate is an Economic Firewall that enforces EAC. Just as a network firewall controls which packets flow based on IP/port rules, an economic firewall controls which API calls flow based on budgets and costs.
The analogy to a traditional network firewall is deliberate: SatGate sits inline (as a proxy), inspects every request, and decides pass/block based on economic policy. The only difference is the policy language: credits instead of ACLs.
Why macaroons?
EAC requires tokens that can carry economic constraints and be delegated without a central authority. Macaroons are the only bearer token format that supports both — caveats (conditions) that can only be added (never removed) and delegation that requires no server roundtrip.