129 lines
2.9 KiB
Markdown
129 lines
2.9 KiB
Markdown
# ASL/AUTH-HOST/1 - Authority Node Profile
|
|
|
|
Status: Draft
|
|
Owner: Architecture
|
|
Version: 0.1.0
|
|
SoT: No
|
|
Last Updated: 2026-01-17
|
|
Tags: [ops, authority, offline]
|
|
|
|
**Document ID:** `ASL/AUTH-HOST/1`
|
|
**Layer:** O2 - Authority host profile
|
|
|
|
**Depends on (normative):**
|
|
|
|
* `ASL/HOST/1`
|
|
* `ASL/DAM/1`
|
|
* `ASL/POLICY-HASH/1`
|
|
* `ASL/OFFLINE-ROOT-TRUST/1`
|
|
|
|
**Informative references:**
|
|
|
|
* `PEL/1-CORE`
|
|
* `PEL/1-SURF`
|
|
* `ENC-ASL-AUTH-HOST/1`
|
|
* `ASL/RESCUE-NODE/1`
|
|
|
|
---
|
|
|
|
## 0. Conventions
|
|
|
|
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be
|
|
interpreted as in RFC 2119.
|
|
|
|
ASL/AUTH-HOST/1 defines an operational profile. It does not define cryptography
|
|
or artifact semantics.
|
|
|
|
---
|
|
|
|
## 1. Purpose and Scope
|
|
|
|
ASL/AUTH-HOST/1 defines the profile for an offline authority node that mints
|
|
and signs domain admission artifacts. The host:
|
|
|
|
* Operates offline by default
|
|
* Maintains a local ASL/HOST store
|
|
* Produces deterministic artifacts and receipts
|
|
* Issues DAM artifacts for new domains
|
|
|
|
---
|
|
|
|
## 2. Core Principles (Normative)
|
|
|
|
1. Authority state is stored as artifacts.
|
|
2. Operations are deterministic and snapshot-bound.
|
|
3. The host remains offline during authority operations.
|
|
4. Outputs are immutable artifacts suitable for later transfer.
|
|
5. Authority functionality is limited to signing, sealing, and packaging
|
|
artifacts.
|
|
6. Receipts (PERs) are primary outputs for auditing and later federation.
|
|
|
|
---
|
|
|
|
## 3. Required Components
|
|
|
|
An authority host MUST provide:
|
|
|
|
* ASL/HOST store for authority and domain artifacts
|
|
* Root authority key material (offline)
|
|
* PEL execution environment for deterministic receipts
|
|
* Policy hash verification for admission
|
|
|
|
---
|
|
|
|
## 4. Operation Modes
|
|
|
|
The host MAY operate in the following modes:
|
|
|
|
* `GENESIS` - mint initial domain and keys
|
|
* `RESCUE` - ingest external artifacts and produce receipts
|
|
* `ADMISSION` - sign DAMs and policy artifacts
|
|
* `MAINTENANCE` - rotate keys, seal snapshots, audit state
|
|
|
|
---
|
|
|
|
## 5. Output Artifacts
|
|
|
|
The host MUST be able to produce:
|
|
|
|
* Root key artifacts (public, encrypted private)
|
|
* DAM artifacts and signatures
|
|
* Policy hash artifacts
|
|
* Environment claim artifacts
|
|
* PER receipts and associated TGK edges
|
|
|
|
---
|
|
|
|
## 6. Snapshot Discipline
|
|
|
|
Each authority operation MUST:
|
|
|
|
1. Append log entries for new artifacts
|
|
2. Seal relevant segments
|
|
3. Create a snapshot marker capturing CURRENT state
|
|
|
|
Snapshots MUST be immutable once sealed.
|
|
|
|
---
|
|
|
|
## 7. Offline Constraints
|
|
|
|
* Network interfaces SHOULD be disabled.
|
|
* External input and output MUST occur via explicit operator action.
|
|
* No background services SHOULD alter authority state.
|
|
* Garbage collection SHOULD be disabled for authority domains.
|
|
|
|
---
|
|
|
|
## 8. Security Considerations
|
|
|
|
* Private keys MUST remain offline and encrypted at rest.
|
|
* Only signed outputs may leave the host.
|
|
* Operator presence is required for authority operations.
|
|
|
|
---
|
|
|
|
## 9. Versioning
|
|
|
|
Backward-incompatible profile changes MUST bump the major version.
|