--- robots: noindex, nofollow --- # Musing: Who Stands Behind the Work? *Principal-Agent Attribution in the Age of AI* I found myself staring at a document last week — a well-crafted explanation of a technical concept I'd been wrestling with for months. A synthesis of years of my work. The structure was clear, the arguments precise, the prose cleaner than my first drafts usually are. I'd shaped every step: set the goals, framed the arguments, corrected misunderstandings. I used the AI tool Claude to help me research and draft it. Then Shannon Appelcline — my editor and collaborator for over twenty years — refined every sentence, as he does with everything I publish. Then I approved the final version. Three contributors. One byline. Whose name goes on this? The funny thing is, I've been navigating this question for two decades without thinking about it very hard. Shannon and I have written books together, major articles, technical specifications. Sometimes he's credited as co-author, or even the author. Sometimes he is credited as editor. Sometimes not at all. The credit varies, but the relationship doesn't: I guide the work, Shannon helps shape it, I take responsibility for what we publish. He's my agent in the old sense of the word — acting on my behalf, with judgment and expertise. Adding AI to this workflow didn't create a new problem. It made an old problem visible. When Claude drafts and Shannon edits and I oversee and approve, the question "who wrote this?" has no simple answer. But it never did. The question that actually matters is different: who stands behind it? Who takes responsibility? Who do you contact when something's wrong? That question has always had a clear answer. The byline names the principal, not necessarily the person who typed the words. We've always had a gap between who creates and who's responsible. AI just makes the ghost visible. ## The Ghosts We've Always Had Here's something most readers don't know: a substantial portion of nonfiction books involve ghostwriters — estimates vary, but some industry insiders put the figure at 50% or higher for certain categories. The name on the cover isn't always the person who wrote the sentences. Sometimes it's not even close. The listed author might have provided interviews, approved drafts, and contributed the core ideas — but the actual writing? Someone else. This isn't fraud. It's how the industry works. The byline names who stands behind the work, not necessarily who typed it. "Author" has always meant something more than "person who generated the text." It means the person who takes responsibility, whose judgment shaped the result, who answers for what the work claims. I know this firsthand. Shannon Appelcline has edited nearly everything I've published for over twenty years. Some pieces credit him as co-author; some as editor; some don't mention him at all. The byline varies based on the nature of his contribution, but I'm always the one who stands behind the work. That's what "author" means in practice, even when other hands shaped the words. Film figured this out decades ago. When you see "Produced by Kathleen Kennedy" in the credits for Star Wars, or Kevin Feige for Marvel, you don't assume they wrote the dialogue or directed the camera angles. Producer, director, writer, editor — each role has defined responsibilities, defined authority, defined accountability. The guilds formalized these distinctions. WGA credits distinguish "Written by" from "Story by" from "Screenplay by." Each phrase means something specific about who contributed what. We don't ask whether Kennedy "authored" a Star Wars film. The question doesn't parse. She produced it. That's a different verb for a different kind of responsibility. The legal system codified this reality through work-for-hire doctrine. Under U.S. copyright law, when you hire someone to create something within the scope of their employment, you — the employer — become the "legal author." Not the person who wrote the words. The person who commissioned the work, oversaw it, and takes responsibility for the outcome. This is principal-agent attribution in law. The principal (the one commissioning) owns the work. The agent (the one executing) contributed labor but not authorship in the legal sense. We've been quietly handling the gap between creation and responsibility for a long time. The person writing might not be the person whose name appears. The name that appears is the person who stands behind it. What changed is that the gap became undeniable. ## Why AI Makes the Gap Impossible to Ignore When the entity doing the writing is clearly not human, we can't maintain the polite fiction that "author" and "creator" mean the same thing. The writer can't take responsibility. The writer has no intentions, no understanding of what the words mean, no accountability if something goes wrong. Academic publishers noticed this immediately. ICMJE, Elsevier, SAGE, IEEE — one after another, they issued policies declaring that AI cannot be listed as an author. The reasoning is consistent: authorship requires accountability. Authors must take responsibility for the work, understand its content, stand behind its claims. AI can do none of these things. This is correct. But it's also not new. A ghostwriter working from interviews might not fully understand the technical content they're helping express. A translator might convey meaning without endorsing the claims. A research assistant might draft sections without taking responsibility for the conclusions. We've always had contributors who couldn't fully answer for the work — we just didn't have to think about it very hard. What AI changes is the visibility. When the gap between who creates and who's responsible is between two humans, we can paper over it with social convention. When the gap is between human and machine, we're forced to name what we're doing. The question isn't whether AI can be an author. It's whether our systems can express who directed, who executed, and who stands behind the work. And right now, they can't. ## What Our Metadata Can and Cannot Say The web has metadata standards for attribution. Schema.org gives us `author`, `creator`, `contributor`, `producer`. Dublin Core offers `creator`, `contributor`, `publisher`. These properties let you list who was involved with a work. But listing isn't the same as structuring. I want to express something simple: "Christopher Allen directed this work. Claude drafted it on his behalf. Shannon edited it. Christopher takes responsibility for the result." This statement has a structure — a principal (the authority), agents (executing under delegation), and an accountability relationship between them. Try expressing that in Schema.org. You can list both Christopher and Claude as contributors. You can mark one as `author` and one as `contributor`. But you lose the structure. The metadata can't say who directed whom. It can't express that one entity acted on behalf of another. It can't distinguish "Christopher wrote this" from "Christopher commissioned this from someone who wrote it for him." The closest thing we have is W3C PROV, an ontology for data provenance. PROV has a property called `actedOnBehalfOf` that expresses delegation: > "Delegation is the assignment of authority and responsibility to an agent to carry out a specific activity as a delegate, while the agent it acts on behalf of retains some responsibility for the outcome." That's exactly right! But PROV was designed for tracking how datasets get transformed — which processing step came from which source, which agent performed which transformation. It wasn't designed for creative attribution. It lacks the vocabulary for commissioning, curating, stewarding — the creative roles that matter when works get produced through delegation. CRediT — the Contributor Role Taxonomy used in academic publishing — gets even closer. It defines fourteen specific roles: Conceptualization, Writing – Original Draft, Writing – Review & Editing, Supervision, and so on. You can specify that one person did "Supervision" while another did "Writing – Original Draft." But CRediT explicitly states it's "NOT intended to define what constitutes authorship." All fourteen roles are peers. There's no hierarchy, no principal-agent relationship, no way to express that the supervisor oversaw the writer and takes responsibility for the outcome. You can say who contributed what. You can't say who answered to whom. We have metadata that can say "who touched this." We don't have metadata that can say "who bears responsibility for it." ## Principal-Agent: A Framework That Already Exists The good news is we don't need to invent this from scratch. Principal-agent relationships are foundational to contract law, corporate governance, and agency theory. When you hire an attorney, an accountant, or a contractor, you're establishing a principal-agent relationship with defined structure. The principal delegates authority to the agent. The agent acts on behalf of the principal. The principal retains responsibility for outcomes — you can sue the company for what the employee did within scope of employment. The relationship has defined boundaries, defined duties, defined liabilities. To avoid confusion with other meanings of these common words — school principals, real estate agents, AI agents — I'll use the formal terms **Principal Authority** (the directing party who takes responsibility) and **Delegated Agent** (the party who acts under that authority). Legal scholars are already applying this framework to AI. Ayres and Balkin, in *The University of Chicago Law Review*, argue that "the law of AI is the law of risky agents without intentions." When an AI system causes harm, we don't hold the AI accountable — we hold the humans who deployed it, oversaw it, and failed to constrain it. The principal bears responsibility for the agent's actions. This isn't just theory. In 2021, Wyoming became the first jurisdiction to codify principal authority for digital identity, defining it as that "over which [a person] has principal authority and through which he intentionally communicates or acts." I helped draft that legislation, working with legal scholars including Professor Clare Sullivan of Georgetown University. The key insight was framing identity as *relational and delegable* rather than as property. Authority flows from the person, not from platform ownership. The same framework that governs who controls your digital identity should govern who stands behind your digital work. Jarrahi and Ritala, writing in *California Management Review*, apply principal-agent theory directly to AI governance. AI agents operate "on behalf of users" within "defined boundaries of delegation." The human remains the principal; the AI is the agent. And for this relationship to be meaningful — for "produced by" to mean something real rather than a polite fiction — three conditions must hold: **Legibility**: The principal can see what the agent is doing and why. Black-box AI that can't explain its reasoning breaks this. **Boundaries**: The agent operates within constraints the principal defined. Autonomous systems that decide their own scope break this. **Override**: The principal can intervene, revoke, or redirect at any point. Systems that resist correction break this. Without these conditions, "I directed this" becomes meaningless. If you can't see what's happening, can't constrain it, can't stop it — in what sense did you direct anything? ## Accountability, Not Just Credit Here's what attribution could look like if we had the vocabulary for principal-agent relationships. Take this essay as an example, expressed in Gordian Envelope syntax: ``` { CID(who-stands-behind-the-work) [ 'principalAuthority': XID(christopher-allen) 'processDisclosure': "Drafted with AI assistance (Claude), edited by Shannon Appelcline" 'hasContributor': { XID(christopher-allen) [ 'role': 'ConceptOriginator' ] } 'hasContributor': { "Claude (Anthropic)" [ 'role': 'Author' 'assertsDelegationFrom': XID(christopher-allen) 'delegationScope': "Draft essay content" 'delegationConstraints': "Voice guidelines, topic scope, factual accuracy review" ] } 'hasContributor': { XID(shannon-appelcline) [ 'role': 'Editor' 'assertsDelegationFrom': XID(christopher-allen) ] } ] } ``` The key predicates: `principalAuthority` identifies who directs and takes responsibility. `assertsDelegationFrom` expresses that an agent acts under someone's direction. `role` uses a vocabulary of fourteen creative contribution types — Author, Editor, ConceptOriginator, Architect, and others — that describe what kind of work was done, not who did it. Notice what this captures that a simple byline cannot: the chain of delegation, the different kinds of contribution, and — critically — who bears responsibility. Shannon and Claude both contributed to the text. Neither bears responsibility for what it claims. I do. This isn't about credit — it's about accountability. When something goes wrong, who do you contact? When claims need to be assessed, whose judgment do you trust? When liability attaches, who bears it? The concept of a "moral crumple zone" describes what happens without clear attribution. When a human and an automated system share a task, responsibility becomes diffuse. Something goes wrong, and everyone points at someone else. The AI was just following instructions. The human was just supervising. No one is accountable. Clear principal-agent attribution prevents this. The principal takes responsibility. The agent's contribution is recorded accurately. The relationship is explicit, not implicit. You know who to contact, who to trust, who to hold accountable. The practical implications span every domain where AI assists creation: **Code**: When AI-generated code has bugs, who's accountable? The developer who prompted the generation and approved the commit — the principal. The AI contributed execution, not judgment. **Content**: When AI-generated text contains errors, who's responsible? The person who oversaw the creation and published it under their name. **Legal documents**: Work-for-hire is already principal-agent attribution in law. Metadata that can express principal-agent relationships just makes the legal reality machine-readable. ## The Deeper Stakes: Preserving Human Agency I keep circling back to something that matters more than accurate metadata. Autonomy is not the absence of reliance. It is the right to define, revoke, and contest the terms under which others act in our name. We're building systems that assist human work. That's the promise — AI as tool, AI as collaborator, AI as amplifier of human capability. But tools can become traps. Assistance can become replacement. Amplification can become substitution. The danger isn't that AI takes your job. It's that AI takes your judgment, one small decision at a time. Systems can erode autonomy not through coercion but through convenience. The agent rewrites your draft and it's better. The agent suggests the next paragraph and you accept. The agent handles the research and you trust the summary. A thousand small delegations, and you're not sure anymore whose thinking shaped the result. If "produced by" becomes a polite fiction — if there's no real principal authority with legibility, boundaries, and override — then AI tools gradually replace human judgment rather than augment it. The byline says your name, but the thinking isn't yours. This is why the principal-agent frame matters beyond attribution metadata. It's not just about recording who did what. It's about maintaining the conditions under which human authority remains real. I should be able to see what the AI is doing. I should be able to constrain what it attempts. I should be able to stop it, redirect it, override it. When those conditions hold, "produced by" means something. When they don't, it's performance. Are we building tools that extend human agency, or quietly replace it? As I've said in my talks about digital identity and online human and civil rights: "If a system cannot hear you say no, it was never built for freedom." -- this is also true for AI. ## Making Authority Machine-Readable At Blockchain Commons, we've been working on this problem. The result is a schema — a set of predicates for Gordian Envelopes — that can express principal-agent relationships in machine-readable form. The core insight is separating what existing schemas conflate: - **Authorship**: Who performed the creative act (writing, generating, composing) - **Principalship**: Whose judgment shaped the creation; who takes responsibility - **Delegation**: The relationship between principal and agent This isn't meant to replace Schema.org or CRediT. It complements them. CRediT can say Claude performed "Writing – Original Draft" and Shannon performed "Writing – Review & Editing" — but it can't say they acted on my behalf or that I'm accountable for what they produced. The schema adds the authority layer: `principalAuthority` for who bears responsibility, `assertsDelegationFrom` for who acted on whose behalf, `delegationScope` and `delegationConstraints` for the boundaries of that delegation. The predicates support delegation chains — principal to agent to sub-agent — because that's how real work happens. A producer commissions a director who hires a writer who uses AI assistance. Each link in the chain has its own authority relationship, its own scope, its own accountability. And because these assertions live in Gordian Envelopes, they can be cryptographically signed. Not just "Christopher says he directed this" but a verifiable claim that Christopher attests to. The attribution becomes auditable, tamper-evident, something a third party can verify. The same schema handles corporate contexts. When an employee signs a contract, predicates like `signingAs` ("Chief Financial Officer") and `onBehalfOf` (the company's identifier) express the capacity and representation — the structure that makes "authorized signature" meaningful rather than magical. The film industry figured out role-based attribution decades ago. It's time for the rest of us to catch up. ## An Invitation This work is early. The predicates are specified but not yet battle-tested. The schema handles principal-agent attribution, but the full space of attribution, endorsement, and authority relationships is broader than any initial specification can cover. What we have is a starting point: machine-readable predicates that can express what film credits have expressed for decades. "Produced by" doesn't mean you wrote every word. It means you're the one standing behind it. If this matters to you — if you're working on AI attribution, creative collaboration, governance of AI systems, or just trying to figure out whose name goes on the work you're directing — I'd welcome your input. The specification is public. The conversation is open. The problem is one we're all going to face, whether we build schemas for it or not. The gap between who creates and who's responsible has always existed. We just couldn't see the ghost. Now we can. It's time to give the ghost a name. *Christopher Allen is the founder of Blockchain Commons and a co-author of the TLS standard. He writes about digital identity, trust systems, and human autonomy at www.lifewithalacrity.com.* *This essay was drafted with AI assistance (Claude), edited by Shannon Appelcline, and directed by Christopher Allen — who takes responsibility for its contents. The workflow described in this essay is the workflow that produced it.* ## Sources ### Standards - [Schema.org author property](https://schema.org/author) - [Dublin Core Metadata Terms](https://www.dublincore.org/specifications/dublin-core/dcmi-terms/) - [W3C PROV-O: The PROV Ontology](https://www.w3.org/TR/prov-o/) - [CRediT Contributor Role Taxonomy](https://credit.niso.org/) ### Creative Industries - [WGA Screen Credits Manual](https://www.wga.org/contracts/credits/manuals/screen-credits-manual) - [Producers Guild Code of Credits](https://producersguild.org/code-of-credits-feature-films/) ### Academic/Legal - [Rethinking AI Agents: A Principal-Agent Perspective](https://cmr.berkeley.edu/2025/07/rethinking-ai-agents-a-principal-agent-perspective/) (California Management Review) - [The Law of AI is the Law of Risky Agents Without Intentions](https://lawreview.uchicago.edu/online-archive/law-ai-law-risky-agents-without-intentions) (University of Chicago Law Review) - [17 U.S. Code § 201 - Work for Hire](https://www.law.cornell.edu/uscode/text/17/201) - [Wyoming SF0039 (2021) - Digital Identity](https://www.wyoleg.gov/Legislation/2021/SF0039) ### Prior Work - [Principal Authority: A New Perspective on Self-Sovereign Identity](https://www.lifewithalacrity.com/article/Principal-Authority/) (Life With Alacrity) ### Project - [BCR-2026-007: Principal Authority Predicates](https://github.com/BlockchainCommons/Research/) (part of 8-BCR attribution suite, forthcoming)