niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/asl-auth-host-1.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

2.9 KiB
Raw Blame History

ASL/AUTH-HOST/1 - Authority Node Profile

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2026-01-17 Tags: [ops, authority, offline]

Document ID: ASL/AUTH-HOST/1 Layer: O2 - Authority host profile

Depends on (normative):

  • ASL/HOST/1
  • ASL/DAM/1
  • ASL/POLICY-HASH/1
  • ASL/OFFLINE-ROOT-TRUST/1

Informative references:

  • PEL/1-CORE
  • PEL/1-SURF
  • ENC-ASL-AUTH-HOST/1
  • ASL/RESCUE-NODE/1

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/AUTH-HOST/1 defines an operational profile. It does not define cryptography or artifact semantics.

1. Purpose and Scope

ASL/AUTH-HOST/1 defines the profile for an offline authority node that mints and signs domain admission artifacts. The host:

  • Operates offline by default
  • Maintains a local ASL/HOST store
  • Produces deterministic artifacts and receipts
  • Issues DAM artifacts for new domains

2. Core Principles (Normative)

  1. Authority state is stored as artifacts.
  2. Operations are deterministic and snapshot-bound.
  3. The host remains offline during authority operations.
  4. Outputs are immutable artifacts suitable for later transfer.
  5. Authority functionality is limited to signing, sealing, and packaging artifacts.
  6. Receipts (PERs) are primary outputs for auditing and later federation.

3. Required Components

An authority host MUST provide:

  • ASL/HOST store for authority and domain artifacts
  • Root authority key material (offline)
  • PEL execution environment for deterministic receipts
  • Policy hash verification for admission

4. Operation Modes

The host MAY operate in the following modes:

  • GENESIS - mint initial domain and keys
  • RESCUE - ingest external artifacts and produce receipts
  • ADMISSION - sign DAMs and policy artifacts
  • MAINTENANCE - rotate keys, seal snapshots, audit state

5. Output Artifacts

The host MUST be able to produce:

  • Root key artifacts (public, encrypted private)
  • DAM artifacts and signatures
  • Policy hash artifacts
  • Environment claim artifacts
  • PER receipts and associated TGK edges

6. Snapshot Discipline

Each authority operation MUST:

  1. Append log entries for new artifacts
  2. Seal relevant segments
  3. Create a snapshot marker capturing CURRENT state

Snapshots MUST be immutable once sealed.

7. Offline Constraints

  • Network interfaces SHOULD be disabled.
  • External input and output MUST occur via explicit operator action.
  • No background services SHOULD alter authority state.
  • Garbage collection SHOULD be disabled for authority domains.

8. Security Considerations

  • Private keys MUST remain offline and encrypted at rest.
  • Only signed outputs may leave the host.
  • Operator presence is required for authority operations.

9. Versioning

Backward-incompatible profile changes MUST bump the major version.