The Architecture: SSOAR — How It Works
Modern real-time systems maintain transport continuity but lack a control plane that maintains interaction continuity. When policies, AI computation, accessibility services, and data residency decisions must occur during a live interaction, existing architectures coordinate those actions across separate subsystems.
SSOAR provides the missing layer. It defines an interaction-scoped, session-native, orthogonal control plane that governs everything that happens inside a persistent interaction without modifying underlying transports. It does not sit above, below, or between transport and application. It operates around them as an independent control plane.
Unlike traditional coordination layers, SSOAR does not accumulate global system state. All governance state is lifecycle-bounded to the session itself and is discarded when the interaction ends.
This distinction is critical: SSOAR does not introduce a new persistent coordination surface. It constrains coordination to a finite interaction boundary. Policy engines, service meshes, and AI supervisors persist and accumulate state across the system over time. SSOAR state exists only for the duration of a single interaction and is removed when that interaction completes. This is what prevents SSOAR from becoming another source of the coordination overhead it is designed to resolve.
At its core, SSOAR treats the session as a container. A session is a persistent interaction with a unique session identifier and stable security context. Within this container, SSOAR can add, remove, or reconfigure auxiliary modalities (media, AI outputs, telemetry, accessibility streams, wait-state media, and more) without renegotiating or recreating the underlying SIP dialog or WebRTC PeerConnection.
A session-native authority layer maintains interaction identity and governs all admissible state transitions within the session.
This authority is not bound to a specific network node, transport path, or intermediary. It is bound to the persistent session identifier itself.
Implementation may involve controllers, media servers, or distributed services, but these are execution artifacts. The governing constraint is that all mutations to the interaction must be evaluated against session-scoped authority before becoming authoritative state. When an event occurs (unanswered call, accessibility request, AI pipeline need, residency constraint change, trust-policy update), SSOAR evaluates admissibility and applies the result using the platform's existing signaling and media APIs. The transports behave normally; SSOAR governs what is permitted to change within them.
Components in Practice
Hermes-Echo demonstrates this paradigm: prerecorded or fallback media is injected inside the same session with no new call setup. Multimodal orchestration shows how IoT/XR/robotics data flows can be instantiated within the same container. AI Pipeline Orchestration selects compute nodes and publishes outputs back into the session. Residency Routing ensures each modality is placed on compliant infrastructure. Zero-Trust governance authorizes auxiliary streams in real time. Recording and Provenance captures all artifacts and decisions tied to the session ID.
What SSOAR Is Not
Together, these components form an orthogonal control plane that keeps the transports standard, keeps the apps simple, and centralizes the intelligence of the system at the session boundary. SSOAR is not a protocol, not middleware, not a network control plane, not an application framework, and not a transport abstraction. It is the missing governance primitive that coordinates how modern real-time systems actually need to behave.
What SSOAR Is (Precise)
SSOAR is not a network component. It is not a transport function. It is not an orchestration tool.
SSOAR is a constraint on how distributed systems must behave under continuous interaction:
- A single persistent interaction identity must be maintained across all orchestration changes.
- All policy, compute, routing, and auxiliary decisions must bind to that identity.
- No mutation becomes authoritative session state unless it is admissible under the active constraint set.
This defines a session-scoped governance primitive. Implementations may vary. The constraint does not.
Why This Is Not Another Control Plane
A conventional control plane introduces persistent system-level state: routing tables, policy graphs, identity stores, or orchestration metadata that must be maintained and synchronized across the system indefinitely.
SSOAR does not introduce persistent global coordination state. Its state is strictly:
- Scoped: Bound to a single interaction (session identifier)
- Lifecycle-bounded: Exists only for the duration of that interaction
- Garbage-collectable: Discarded when the interaction ends
This changes the scaling model. Traditional coordination systems accumulate state across all interactions, growing with the system as a whole. SSOAR constrains coordination to the active interaction set, growing only with the number of live sessions. When a session ends, its coordination state is removed. There is no residual accumulation.
As a result, SSOAR does not add a new coordination surface. It defines a boundary that prevents coordination from accumulating globally. This is what distinguishes a session-scoped governance primitive from orchestration middleware or a network control plane.
This model is formalized in the interaction continuity requirements (draft-rocha-ioe-interaction-continuity) and the supporting constraint collapse analysis.
Where This Shows Up in Real Systems
The gap SSOAR addresses is not theoretical. It produces observable failures in deployed systems today.
A call goes unanswered. The SIP dialog terminates. Voicemail begins as a separate session. The caller's identity, the routing context, and any accessibility accommodations from the original interaction are gone. The system maintained transport continuity. It had no mechanism to maintain interaction continuity across the boundary.
An AI agent joins a live call. It has no authoritative boundary defining what it may access, what data it may process, or what jurisdictions apply to its outputs. The session is open. The agent operates on inferred context. No governing layer evaluated its join or bound its authority to the interaction's trust context.
A multiregion enterprise call spans participants in Frankfurt, Singapore, and Chicago. Each segment routes through infrastructure subject to different data sovereignty requirements. The transport layer moves packets correctly. No layer evaluates whether the routing decision itself is lawful for the specific data types flowing at that moment, in real time, before the packet moves.
A disabled user joins a video conference. Caption services initialize correctly. Fifteen seconds later a network handoff occurs. The session reconnects. Accommodation state is lost. The captioning service has no persistent reference point because the session identity was not maintained as a governing boundary across the transition.
These are not edge cases. They are the default behavior of every major real-time communications platform in production today. The absence of a session-native control plane is not a design choice. It is a structural gap that has accumulated as these systems scaled into territory their original architectures were not designed to govern.
How This Maps to Known Frameworks and Standards
SSOAR does not replace any existing standard. It operates orthogonally to the protocol stack. The mapping is direct.
SIP and WebRTC: Both maintain session signaling continuity. SIP Call-ID and WebRTC PeerConnection identity are transport-layer primitives. Neither defines a control plane that governs auxiliary computation, policy enforcement, or cross-domain authority within the session. SSOAR occupies the layer above signaling and below application, which does not currently exist as a defined architectural primitive in either standard. The IETF draft draft-rocha-ioe-interaction-continuity formalizes the problem statement.
Zero Trust architecture (NIST SP 800-207): NIST Zero Trust mandates continuous verification of every transaction. Current implementations verify at network and identity edges. No mechanism applies Zero Trust verification at the session boundary, scoped to the specific modalities active in a specific interaction at a specific moment. SSOAR provides that mechanism. Deganawida (Patent 9) implements Zero-Trust Session Authority as a first-class session modality.
GDPR Chapter V and Schrems II: Cross-border transfer restrictions require that data governance rules be enforced at the moment a routing decision is made. Current architectures enforce these rules at storage and transport layers, which are static by design. Distributed interactions are dynamic. SSOAR's Hari Seldon filing (Patent 8) defines Deterministic Data Residency Routing that evaluates jurisdictional constraints in real time, per modality, before routing executes.
European Accessibility Act and Section 508: Both frameworks attach compliance obligations to the experience, not the component. A captioning service may pass compliance review while the session fails to maintain accommodation state across a network transition. SSOAR's Ludwig's Raven filing (Patent 3) defines Dynamic Accessibility Negotiation as a session-native modality, maintained continuously within the interaction boundary.
5G network slicing and edge compute (3GPP): 5G architecture slices the transport layer for service-specific optimization. Slice transitions do not preserve application-layer session context. SSOAR's session identity layer provides the coordination substrate that makes session continuity across slice transitions structurally possible rather than ad hoc.