amduat-api/tier1/asl-dap-1.md

# ASL/DAP/1 -- Domain Admission Protocol

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [admission, trust, federation]

**Document ID:** `ASL/DAP/1`
**Layer:** L2 -- Admission semantics (no transport)

**Depends on (normative):**

* `ASL/DAM/1`
* `ASL/POLICY-HASH/1`

**Informative references:**

* `ASL/OCS/1` -- offline certificate system
* `ASL/OFFLINE-ROOT-TRUST/1`

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.

ASL/DAP/1 defines **admission semantics** for recognizing external domains. It does not define transport.

---

## 1. Purpose

The Domain Admission Protocol defines how a receiving domain evaluates and admits an applicant domain before any federation or trust is granted.

---

## 2. Actors

| Actor | Role |
| ----- | ---- |
| Applicant Domain | Domain requesting admission |
| Receiving Domain | Domain evaluating admission |
| Operator | Optional human/policy agent |

---

## 3. Admission Object Model

An admission request MUST include:

* Domain Authority Manifest (DAM)
* Proof of possession of the DAM root key
* Requested admission scope
* Optional courtesy lease request

No artifacts, blocks, or logs are required for admission.

---

## 4. Admission Record (Normative)

The receiving domain MUST persist an admission record that is snapshot-pinned:

```text
AdmissionRecord {
  domain_id
  dam_hash
  policy_hash
  admitted_scope[]
  decision
  decision_epoch
}
```

The `decision_epoch` is a monotonically increasing local counter (not wall time).

---

## 5. Admission Flow (Normative)

1. **Submission**

   * Applicant sends DAM and proof of root-key possession.

2. **Structural validation**

   * Receiving domain verifies DAM schema and signature.
   * Policy hash integrity MUST be verified.

3. **Policy compatibility**

   * Receiving domain evaluates requested scope and policy alignment.

4. **Decision**

   * Outcomes: ACCEPTED, ACCEPTED_LIMITED, DEFERRED, REJECTED.

---

## 6. Admission Guarantees

If accepted:

* DomainID is recognized by the receiving domain.
* Root key and policy hash are pinned.
* Admission scope is enforced for federation.

Admission does not imply trust in artifacts beyond the granted scope.

---

## 7. Scope Enforcement (Normative)

* Admission scope MUST gate federation view construction and replay admission.
* A receiving domain MUST NOT admit state outside the granted scope.
* Scope changes require a new admission decision and updated AdmissionRecord.

---

## 8. Courtesy Lease (Optional)

A courtesy lease is a **bounded, revocable grant of resources** without semantic trust.

```text
CourtesyLease {
  lease_id
  domain_id
  granted_by_domain

  resources: {
    storage_bytes
    block_count
    snapshot_count
  }

  duration: {
    start_time
    end_time
  }

  constraints: {
    encrypted_only: boolean
    no_federation: boolean
    no_public_indexing: boolean
  }
}
```

Courtesy storage MAY be deleted upon lease expiry. Courtesy does not grant federation or publication rights.

---

## 9. Non-Goals

* Transport format
* PKI integration
* Live revocation or liveness checks

---

## 10. Summary

ASL/DAP/1 defines a deterministic admission process for domains, with optional courtesy leasing for rescue and bootstrap scenarios.
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00			`# ASL/DAP/1 -- Domain Admission Protocol`

			`Status: Draft`
			`Owner: Architecture`
			`Version: 0.1.0`
			`SoT: No`
			`Last Updated: 2025-01-17`
			`Tags: [admission, trust, federation]`

			Document ID: `ASL/DAP/1`
			`Layer: L2 -- Admission semantics (no transport)`

			`Depends on (normative):`

			* `ASL/DAM/1`
			* `ASL/POLICY-HASH/1`

			`Informative references:`

			* `ASL/OCS/1` -- offline certificate system
			* `ASL/OFFLINE-ROOT-TRUST/1`

			`---`

			`## 0. Conventions`

			`The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.`

			`ASL/DAP/1 defines admission semantics for recognizing external domains. It does not define transport.`

			`---`

			`## 1. Purpose`

			`The Domain Admission Protocol defines how a receiving domain evaluates and admits an applicant domain before any federation or trust is granted.`

			`---`

			`## 2. Actors`

			`\| Actor \| Role \|`
			`\| ----- \| ---- \|`
			`\| Applicant Domain \| Domain requesting admission \|`
			`\| Receiving Domain \| Domain evaluating admission \|`
			`\| Operator \| Optional human/policy agent \|`

			`---`

			`## 3. Admission Object Model`

			`An admission request MUST include:`

			`* Domain Authority Manifest (DAM)`
			`* Proof of possession of the DAM root key`
			`* Requested admission scope`
			`* Optional courtesy lease request`

			`No artifacts, blocks, or logs are required for admission.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 4. Admission Record (Normative)`

			`The receiving domain MUST persist an admission record that is snapshot-pinned:`

			```text
			`AdmissionRecord {`
			`domain_id`
			`dam_hash`
			`policy_hash`
			`admitted_scope[]`
			`decision`
			`decision_epoch`
			`}`
			```

			The `decision_epoch` is a monotonically increasing local counter (not wall time).

			`---`

			`## 5. Admission Flow (Normative)`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`1. Submission`

			`* Applicant sends DAM and proof of root-key possession.`

			`2. Structural validation`

			`* Receiving domain verifies DAM schema and signature.`
			`* Policy hash integrity MUST be verified.`

			`3. Policy compatibility`

			`* Receiving domain evaluates requested scope and policy alignment.`

			`4. Decision`

			`* Outcomes: ACCEPTED, ACCEPTED_LIMITED, DEFERRED, REJECTED.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 6. Admission Guarantees`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`If accepted:`

			`* DomainID is recognized by the receiving domain.`
			`* Root key and policy hash are pinned.`
			`* Admission scope is enforced for federation.`

			`Admission does not imply trust in artifacts beyond the granted scope.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 7. Scope Enforcement (Normative)`

			`* Admission scope MUST gate federation view construction and replay admission.`
			`* A receiving domain MUST NOT admit state outside the granted scope.`
			`* Scope changes require a new admission decision and updated AdmissionRecord.`

			`---`

			`## 8. Courtesy Lease (Optional)`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`A courtesy lease is a bounded, revocable grant of resources without semantic trust.`

			```text
			`CourtesyLease {`
			`lease_id`
			`domain_id`
			`granted_by_domain`

			`resources: {`
			`storage_bytes`
			`block_count`
			`snapshot_count`
			`}`

			`duration: {`
			`start_time`
			`end_time`
			`}`

			`constraints: {`
			`encrypted_only: boolean`
			`no_federation: boolean`
			`no_public_indexing: boolean`
			`}`
			`}`
			```

			`Courtesy storage MAY be deleted upon lease expiry. Courtesy does not grant federation or publication rights.`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 9. Non-Goals`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`* Transport format`
			`* PKI integration`
			`* Live revocation or liveness checks`

			`---`

Refine federation replay and authority specs 2026-01-17 08:58:56 +01:00			`## 10. Summary`
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00
			`ASL/DAP/1 defines a deterministic admission process for domains, with optional courtesy leasing for rescue and bootstrap scenarios.`