146 lines
3 KiB
Markdown
146 lines
3 KiB
Markdown
# ASL/POLICY-HASH/1 -- Policy Hash Specification
|
|
|
|
Status: Draft
|
|
Owner: Architecture
|
|
Version: 0.1.0
|
|
SoT: No
|
|
Last Updated: 2025-01-17
|
|
Tags: [policy, hash, federation, trust]
|
|
|
|
**Document ID:** `ASL/POLICY-HASH/1`
|
|
**Layer:** L2 -- Policy binding semantics (no encoding)
|
|
|
|
**Depends on (normative):**
|
|
|
|
* `ASL/FEDERATION/1`
|
|
|
|
**Informative references:**
|
|
|
|
* `ASL/DAM/1` -- Domain Authority Manifest
|
|
* `ASL/DAP/1` -- Domain admission
|
|
|
|
---
|
|
|
|
## 0. Conventions
|
|
|
|
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.
|
|
|
|
ASL/POLICY-HASH/1 defines the logical structure and hashing rules for policy documents. It does not define transport or storage encodings.
|
|
|
|
---
|
|
|
|
## 1. Purpose
|
|
|
|
The policy hash binds domain rules to snapshots, authority, and federation decisions without embedding mutable policy text into artifacts.
|
|
|
|
---
|
|
|
|
## 2. Policy Coverage (Normative)
|
|
|
|
The policy hash MUST cover semantic constraints that affect correctness or trust:
|
|
|
|
1. Publication rules
|
|
2. Execution rules
|
|
3. Federation rules
|
|
4. Retention and GC constraints
|
|
5. Visibility rules
|
|
|
|
---
|
|
|
|
## 3. Logical Structure
|
|
|
|
```text
|
|
DomainPolicy {
|
|
version : u32
|
|
publication_policy : PublicationPolicy
|
|
execution_policy : ExecutionPolicy
|
|
federation_policy : FederationPolicy
|
|
retention_policy : RetentionPolicy
|
|
visibility_policy : VisibilityPolicy
|
|
}
|
|
```
|
|
|
|
Section schemas (minimal):
|
|
|
|
```text
|
|
PublicationPolicy {
|
|
require_signature : bool
|
|
allowed_roles[] : Role
|
|
snapshot_required : bool
|
|
}
|
|
|
|
ExecutionPolicy {
|
|
per_signature_required : bool
|
|
allowed_roles[] : Role
|
|
deterministic_only : bool
|
|
}
|
|
|
|
FederationPolicy {
|
|
export_published_only : bool
|
|
require_snapshot : bool
|
|
trusted_domains[] : DomainID
|
|
}
|
|
|
|
RetentionPolicy {
|
|
gc_unpublished_allowed : bool
|
|
min_snapshot_retention : u32
|
|
}
|
|
|
|
VisibilityPolicy {
|
|
internal_hidden : bool
|
|
published_read_only : bool
|
|
}
|
|
```
|
|
|
|
---
|
|
|
|
## 4. Canonicalization Rules (Normative)
|
|
|
|
The policy hash MUST be computed from canonical bytes:
|
|
|
|
1. Field order fixed
|
|
2. Arrays sorted lexicographically
|
|
3. No whitespace or comments
|
|
4. Integers encoded big-endian
|
|
5. Booleans encoded as 0x00 or 0x01
|
|
6. No optional fields omitted; defaults must be explicit
|
|
|
|
---
|
|
|
|
## 5. Hash Computation
|
|
|
|
```
|
|
policy_bytes = CanonicalSerialize(DomainPolicy)
|
|
policy_hash = HASH(policy_bytes)
|
|
```
|
|
|
|
The hash algorithm is SHA-256 unless explicitly overridden by domain policy.
|
|
|
|
---
|
|
|
|
## 6. Storage Locations
|
|
|
|
The policy hash SHOULD be stored in:
|
|
|
|
* Domain Authority Manifest (DAM)
|
|
* Snapshot metadata
|
|
* Federation metadata
|
|
* Optional PER metadata
|
|
|
|
---
|
|
|
|
## 7. Policy Evolution
|
|
|
|
Policy changes MUST NOT mutate history. A new policy requires:
|
|
|
|
1. New policy document
|
|
2. New policy hash
|
|
3. New DAM
|
|
4. New snapshots referencing the new hash
|
|
|
|
---
|
|
|
|
## 8. Summary
|
|
|
|
ASL/POLICY-HASH/1 defines a minimal, deterministic policy hash that binds domain rules to authority and snapshots without embedding mutable policy text into artifacts.
|