amduat-api/tier1/asl-dam-1.md

# ASL/DAM/1 -- Domain Authority Manifest

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [authority, trust, policy, domains]

**Document ID:** `ASL/DAM/1`
**Layer:** L2 -- Authority semantics (no encoding)

**Depends on (normative):**

* `ASL/POLICY-HASH/1`

**Informative references:**

* `ASL/OCS/1` -- offline certificate system
* `ASL/OFFLINE-ROOT-TRUST/1` -- offline root policy
* `PER/SIGNATURE/1` -- PER signature verification

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.

ASL/DAM/1 defines the **logical structure and semantics** of the Domain Authority Manifest. It does not define an encoding.

---

## 1. Purpose

The Domain Authority Manifest (DAM) defines **who may assert authority** on behalf of a domain.
It binds domain identity to principals, roles, and a policy hash.

---

## 2. Core Concepts

* **Principal**: a cryptographic public key
* **Role**: capability granted to a principal
* **Policy hash**: canonical hash binding policy constraints to a domain

---

## 3. Roles (Minimal Set)

| Role       | Capability |
| ---------- | ---------- |
| produce    | Create internal artifacts |
| execute    | Emit PERs |
| publish    | Publish artifacts/snapshots |
| federate   | Export published state |
| audit      | Verify only, no mutations |

Roles are **capabilities**, not identities.

---

## 4. Logical Schema

```text
DomainAuthorityManifest {
    domain_id    : DomainID
    version      : u32
    root_key     : PublicKey
    principals[] : PrincipalEntry
    policy_hash  : Hash
}

PrincipalEntry {
    principal_id : Hash
    public_key   : PublicKey
    roles[]      : Role
}
```

The DAM is immutable once published. Rotation is performed by publishing a new DAM.

---

## 5. Validation Rules (Normative)

A node MUST reject any action unless:

1. The DAM artifact is visible in the relevant snapshot.
2. The DAM hash matches the snapshot reference (if recorded).
3. The action is signed by a principal listed in the DAM.
4. The principal has the required role.
5. The DAM `root_key` is certified by the offline root trust chain.

---

## 6. Policy Binding

The DAM `policy_hash` binds the domain to a specific policy document. If policy changes, a new DAM MUST be published and referenced by new snapshots.

---

## 7. Non-Goals

* Encoding format
* Key rotation workflow
* Live revocation

---

## 8. Summary

ASL/DAM/1 defines the minimal authority document for a domain, binding principals and roles to a policy hash under an offline root trust chain.
Add federation and trust/policy tier1 specs 2026-01-17 08:52:02 +01:00			`# ASL/DAM/1 -- Domain Authority Manifest`

			`Status: Draft`
			`Owner: Architecture`
			`Version: 0.1.0`
			`SoT: No`
			`Last Updated: 2025-01-17`
			`Tags: [authority, trust, policy, domains]`

			Document ID: `ASL/DAM/1`
			`Layer: L2 -- Authority semantics (no encoding)`

			`Depends on (normative):`

			* `ASL/POLICY-HASH/1`

			`Informative references:`

			* `ASL/OCS/1` -- offline certificate system
			* `ASL/OFFLINE-ROOT-TRUST/1` -- offline root policy
			* `PER/SIGNATURE/1` -- PER signature verification

			`---`

			`## 0. Conventions`

			`The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.`

			`ASL/DAM/1 defines the logical structure and semantics of the Domain Authority Manifest. It does not define an encoding.`

			`---`

			`## 1. Purpose`

			`The Domain Authority Manifest (DAM) defines who may assert authority on behalf of a domain.`
			`It binds domain identity to principals, roles, and a policy hash.`

			`---`

			`## 2. Core Concepts`

			`* Principal: a cryptographic public key`
			`* Role: capability granted to a principal`
			`* Policy hash: canonical hash binding policy constraints to a domain`

			`---`

			`## 3. Roles (Minimal Set)`

			`\| Role \| Capability \|`
			`\| ---------- \| ---------- \|`
			`\| produce \| Create internal artifacts \|`
			`\| execute \| Emit PERs \|`
			`\| publish \| Publish artifacts/snapshots \|`
			`\| federate \| Export published state \|`
			`\| audit \| Verify only, no mutations \|`

			`Roles are capabilities, not identities.`

			`---`

			`## 4. Logical Schema`

			```text
			`DomainAuthorityManifest {`
			`domain_id : DomainID`
			`version : u32`
			`root_key : PublicKey`
			`principals[] : PrincipalEntry`
			`policy_hash : Hash`
			`}`

			`PrincipalEntry {`
			`principal_id : Hash`
			`public_key : PublicKey`
			`roles[] : Role`
			`}`
			```

			`The DAM is immutable once published. Rotation is performed by publishing a new DAM.`

			`---`

			`## 5. Validation Rules (Normative)`

			`A node MUST reject any action unless:`

			`1. The DAM artifact is visible in the relevant snapshot.`
			`2. The DAM hash matches the snapshot reference (if recorded).`
			`3. The action is signed by a principal listed in the DAM.`
			`4. The principal has the required role.`
			5. The DAM `root_key` is certified by the offline root trust chain.

			`---`

			`## 6. Policy Binding`

			The DAM `policy_hash` binds the domain to a specific policy document. If policy changes, a new DAM MUST be published and referenced by new snapshots.

			`---`

			`## 7. Non-Goals`

			`* Encoding format`
			`* Key rotation workflow`
			`* Live revocation`

			`---`

			`## 8. Summary`

			`ASL/DAM/1 defines the minimal authority document for a domain, binding principals and roles to a policy hash under an offline root trust chain.`