niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/asl-auth-host-1.md

129 lines
2.9 KiB
Markdown
Raw Normal View History

Rework ops specs
2026-01-17 09:21:47 +01:00
# ASL/AUTH-HOST/1 - Authority Node Profile
Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2026-01-17
Tags: [ops, authority, offline]
**Document ID:** `ASL/AUTH-HOST/1`
**Layer:** O2 - Authority host profile
**Depends on (normative):**
* `ASL/HOST/1`
* `ASL/DAM/1`
* `ASL/POLICY-HASH/1`
* `ASL/OFFLINE-ROOT-TRUST/1`
**Informative references:**
* `PEL/1-CORE`
* `PEL/1-SURF`
* `ENC-ASL-AUTH-HOST/1`
* `ASL/RESCUE-NODE/1`
---
## 0. Conventions
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be
interpreted as in RFC 2119.
ASL/AUTH-HOST/1 defines an operational profile. It does not define cryptography
or artifact semantics.
---
## 1. Purpose and Scope
ASL/AUTH-HOST/1 defines the profile for an offline authority node that mints
and signs domain admission artifacts. The host:
* Operates offline by default
* Maintains a local ASL/HOST store
* Produces deterministic artifacts and receipts
* Issues DAM artifacts for new domains
---
## 2. Core Principles (Normative)
1. Authority state is stored as artifacts.
2. Operations are deterministic and snapshot-bound.
3. The host remains offline during authority operations.
4. Outputs are immutable artifacts suitable for later transfer.
5. Authority functionality is limited to signing, sealing, and packaging
artifacts.
6. Receipts (PERs) are primary outputs for auditing and later federation.
---
## 3. Required Components
An authority host MUST provide:
* ASL/HOST store for authority and domain artifacts
* Root authority key material (offline)
* PEL execution environment for deterministic receipts
* Policy hash verification for admission
---
## 4. Operation Modes
The host MAY operate in the following modes:
* `GENESIS` - mint initial domain and keys
* `RESCUE` - ingest external artifacts and produce receipts
* `ADMISSION` - sign DAMs and policy artifacts
* `MAINTENANCE` - rotate keys, seal snapshots, audit state
---
## 5. Output Artifacts
The host MUST be able to produce:
* Root key artifacts (public, encrypted private)
* DAM artifacts and signatures
* Policy hash artifacts
* Environment claim artifacts
* PER receipts and associated TGK edges
---
## 6. Snapshot Discipline
Each authority operation MUST:
1. Append log entries for new artifacts
2. Seal relevant segments
3. Create a snapshot marker capturing CURRENT state
Snapshots MUST be immutable once sealed.
---
## 7. Offline Constraints
* Network interfaces SHOULD be disabled.
* External input and output MUST occur via explicit operator action.
* No background services SHOULD alter authority state.
* Garbage collection SHOULD be disabled for authority domains.
---
## 8. Security Considerations
* Private keys MUST remain offline and encrypted at rest.
* Only signed outputs may leave the host.
* Operator presence is required for authority operations.
---
## 9. Versioning
Backward-incompatible profile changes MUST bump the major version.
Reference in a new issue Copy permalink