niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/Ready-for-Pick-Up v2.md

268 lines
5 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
Yes — and that alternative is **very powerful**, because it flips the posture from *“rescued object”* to *“self-sovereign entrant asking for admission”*.
Both modes must exist, and youre now describing the **second one**.
Let me formalize it cleanly, without mixing layers or over-specifying.
---
# Ready-for-Pick-Up v2
## (Pre-Minted Domain + Certificates, Asking for Admission)
This is a **deliberate, anticipatory stance**:
> *“I arrive with a domain, keys, intent, and discipline.
> I ask to be accepted, not rescued.”*
---
## 1. What You Bring to the Table
You do **not** bring ASL internals.
You bring **authority and intent**.
### 1.1 A Domain (Already Minted)
You arrive with:
```text
DomainID
- stable identifier
- self-declared scope
- empty or near-empty state
```
This domain:
* Has **no data obligations yet**
* Is capable of holding blocks and logs
* Is isolated and sovereign
It may contain:
* zero artifacts
* bootstrap artifacts
* policy manifests
---
### 1.2 Authority Material (Offline-Minted)
You arrive with:
* **Domain Root Certificate**
* **Signing key**
* **Policy hash**
* Optional:
* operator certificate
* device certificate (SystemRescue image)
No federation required yet.
No trust assumed yet.
This is **ASL-AUTH territory**, not ASL-CORE.
---
### 1.3 A Domain Authority Manifest (DAM)
This is the *single most important object* you bring.
It says:
> *“This is who I am, what I claim, and how I will behave.”*
Minimal DAM contents:
```text
- DomainID
- Root public key
- Policy hash
- Declared invariants
- Requested relationship(s)
```
No artifacts required yet.
---
## 2. What You Ask For (The Admission Request)
You dont ask for “access”.
You ask for **recognition under constraints**.
Example:
```text
Admission Request:
- Accept my DomainID
- Accept my root certificate
- Allow me to publish artifacts
- Optionally grant courtesy storage
- Subject to my declared policy
```
This is **not trust yet**.
It is *acknowledgment*.
---
## 3. How Common / Unity Responds
Common does **not** execute your code.
Common does **not** ingest your data yet.
It performs:
### 3.1 Structural Validation
* DomainID well-formed
* DAM syntactically valid
* Policy hash declared
* Keys match manifest
### 3.2 Policy Compatibility Check
* No invariant violations
* No forbidden claims
* No escalation attempt
### 3.3 Admission Outcome
One of:
| Outcome | Meaning |
| ------------------ | --------------------- |
| Accepted | Domain may publish |
| Accepted (limited) | Courtesy storage only |
| Deferred | Await manual review |
| Rejected | No interaction |
This is **governance**, not storage.
---
## 4. After Acceptance: What Changes
Only *after* acceptance:
* Your domain may:
* publish sealed artifacts
* pin snapshots
* emit PERs
* Common may:
* pin your published snapshots
* replicate your log
* reference your artifacts
You still own your data.
Common only **recognizes it**.
---
## 5. Why This Is Better Than “Blind Rescue”
| Rescue Mode | Admission Mode |
| ------------------------------ | ------------------------------- |
| Common acts first | You act first |
| Data arrives untrusted | Authority arrives first |
| Provenance reconstructed later | Provenance anchored immediately |
| Courtesy is implicit | Courtesy is negotiated |
Both are valid — but **this one scales better socially**.
---
## 6. How This Fits Your SystemRescue Image
Your patched SystemRescue now becomes:
> **A portable domain factory + admission client**
It can:
* generate a domain
* mint keys offline
* produce DAM
* present admission request
* wait
Standing ready is literal now.
---
## 7. What Can Be Implemented Right Now (No ASL Needed)
You can implement **all of this today**:
* DAM schema
* Certificate layout
* Policy hash definition
* Admission request format
* Verification logic
* Human / semi-automated approval
No ASL-CORE.
No PEL.
No TGK.
Just **authority and intent**.
---
## 8. Key Insight (This Is Important)
> **Storage is not the entrance. Authority is.**
ASL begins *after* admission.
This prevents:
* garbage ingestion
* unbounded courtesy
* identity ambiguity
* provenance ambiguity
---
## 9. Where This Leads Next
From here, the natural next specs are:
1. **ASL-AUTH v0.1** (you already started this)
2. **Domain Admission Protocol**
3. **DAM canonical encoding**
4. **Policy hash registry**
5. **Courtesy lease semantics**
---
## 10. Final Framing
You are no longer saying:
> *“Please take my data.”*
You are saying:
> *“Here is a domain.
> Here is my authority.
> Here is my discipline.
> May I participate?”*
Thats exactly the right posture for the system youre building.
If you want, next I can:
* formalize the **Domain Admission Protocol**
* draft the **DAM schema precisely**
* define **courtesy leases**
* or show how **rescue-mode and admission-mode unify cleanly**
Just point.
Reference in a new issue Copy permalink