niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/ASL-AUTH v0-1.md
Carl Niklas Rydberg 1d552bd46a Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00

169 lines
5.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Heres a clean **v0.1 draft for ASL-AUTH**, scoped to your systems offline signing, domain authority, and certificate handling. This layer manages **trust, domain ownership, and PER signing**, while staying independent of storage or execution specifics.
---
# ASL-AUTH v0.1 Authentication, Trust, and Domain Authority
## 1. Purpose
**ASL-AUTH** specifies **domain authority, identity, and offline trust management** for ASL-based systems.
Responsibilities:
* Define **Domain Authority (DA) manifest**
* Manage **PER signing**
* Support **offline root certificates**
* Enable **foreign-domain trust pinning**
* Integrate with host (`ASL-HOST`) and store (`ASL-STORE(-INDEX)`)
It **does not define**:
* Storage encoding (ASL-STORE handles this)
* Artifact semantics (ASL-CORE)
* Execution semantics (PEL/TGK)
---
## 2. Core Concepts
| Term | Definition |
| ---------------------------- | ----------------------------------------------------------------------- |
| **Domain** | Logical namespace with a unique ID and authority |
| **Domain Authority (DA)** | Offline certificate defining domain ownership and signing root |
| **PER** | PEL Execution Receipt; may be signed to certify artifact provenance |
| **Offline Root** | Trusted certificate created and signed offline; used to bootstrap trust |
| **Foreign-Domain Trust Pin** | Local configuration specifying which external domains to trust |
| **Policy Hash** | Digest summarizing signing, visibility, and federation rules |
---
## 3. Domain Authority Manifest
* Each domain must provide a manifest containing:
* Domain ID (unique)
* Root public key(s)
* Offline root certificate fingerprint(s)
* Allowed publishing targets
* Trust policies
* Manifest may be **signed by offline root** or higher-level authority.
* Minimal format (example JSON):
```json
{
"domain_id": "uuid-xxxx-xxxx",
"roots": ["fingerprint1", "fingerprint2"],
"allowed_publish_targets": ["domain-a", "domain-b"],
"policy_hash": "sha256:..."
}
```
---
## 4. PER Signature Layout
Each signed PER contains:
| Field | Description |
| -------------- | ------------------------------------------------------------- |
| `canonical_id` | Unique identifier of PER artifact |
| `snapshot_id` | Snapshot the PER is bound to |
| `domain_id` | Signing domain |
| `signer_id` | Identity of signing authority |
| `logseq` | Monotonic sequence number for deterministic ordering |
| `signature` | Cryptographic signature over canonical PER data + policy hash |
| `policy_hash` | Digest of policy applied during signing |
* Signatures can use Ed25519, ECDSA, or RSA as required by domain policy.
---
## 5. Offline Roots & Trust
* **Offline roots** provide immutable, verifiable trust anchors.
* Recommended minimum: **2 roots per domain** (primary + backup)
* Host machine signs DA manifest using offline root before deploying store.
* Offline roots are **never exposed** to runtime environment.
---
## 6. Foreign-Domain Trust Pinning
* Pin trusted external domains locally to control which published artifacts can be imported.
* Configuration includes:
* Domain ID
* Allowed snapshot ranges
* Policy hash for verification
* Enforces **read-only, immutable** cross-domain references.
---
## 7. Certificate & Signing Workflow
1. Generate **offline root** (offline machine, e.g., Debian VM)
2. Mint **domain authority certificates**
3. Create **policy hash** for signing rules
4. Deploy manifest + roots to ASL-HOST
5. At runtime:
* Sign PERs with domain authority key
* Verify foreign-domain pins before accepting imported artifacts
---
## 8. Policy Hash Contents
* Includes hash of:
* Permitted snapshot range
* Allowed publishing domains
* Signing algorithm
* Domain-specific constraints
* Ensures deterministic, verifiable policy at PER level
---
## 9. Integration with Other Layers
| Layer | Role with ASL-AUTH |
| ----------------- | -------------------------------------------- |
| ASL-HOST | Provides identity and secure key storage |
| ASL-STORE(-INDEX) | Provides artifact storage; PER signing hooks |
| PEL / TGK | Generates PERs for deterministic execution |
| Federation Layer | Enforces trust of foreign domains |
---
## 10. Security Considerations
* Offline roots must remain **offline** and **physically protected**
* Signing keys should be **rotated with policy update**
* Foreign-domain trust must be **explicitly pinned**
* Policy hash ensures **tamper detection** and **auditability**
---
## 11. Summary
**ASL-AUTH v0.1**:
* Defines domain ownership and trust
* Enables deterministic PER signing
* Supports offline root certificates
* Provides foreign-domain trust pinning
* Integrates cleanly with ASL-HOST, ASL-STORE, and PEL/TGK layers
---
I can now **draft a practical “Rescue Node ASL Deployment” diagram**, showing:
* Personal domain
* Common domain / Unity tree
* Foreign-domain trust pins
* How ASL-HOST + ASL-AUTH + ASL-STORE are instantiated
This would give a concrete picture for your old laptop recovery workflow.
Do you want me to do that next?
Reference in a new issue View git blame Copy permalink