niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/asl-dam-1.md
Carl Niklas Rydberg a5537e13d3 Add federation and trust/policy tier1 specs
2026-01-17 08:52:02 +01:00

2.6 KiB
Raw Blame History

ASL/DAM/1 -- Domain Authority Manifest

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [authority, trust, policy, domains]

Document ID: ASL/DAM/1 Layer: L2 -- Authority semantics (no encoding)

Depends on (normative):

  • ASL/POLICY-HASH/1

Informative references:

  • ASL/OCS/1 -- offline certificate system
  • ASL/OFFLINE-ROOT-TRUST/1 -- offline root policy
  • PER/SIGNATURE/1 -- PER signature verification

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/DAM/1 defines the logical structure and semantics of the Domain Authority Manifest. It does not define an encoding.

1. Purpose

The Domain Authority Manifest (DAM) defines who may assert authority on behalf of a domain. It binds domain identity to principals, roles, and a policy hash.

2. Core Concepts

  • Principal: a cryptographic public key
  • Role: capability granted to a principal
  • Policy hash: canonical hash binding policy constraints to a domain

3. Roles (Minimal Set)

Role Capability
produce Create internal artifacts
execute Emit PERs
publish Publish artifacts/snapshots
federate Export published state
audit Verify only, no mutations

Roles are capabilities, not identities.

4. Logical Schema

DomainAuthorityManifest {
    domain_id    : DomainID
    version      : u32
    root_key     : PublicKey
    principals[] : PrincipalEntry
    policy_hash  : Hash
}

PrincipalEntry {
    principal_id : Hash
    public_key   : PublicKey
    roles[]      : Role
}

The DAM is immutable once published. Rotation is performed by publishing a new DAM.

5. Validation Rules (Normative)

A node MUST reject any action unless:

  1. The DAM artifact is visible in the relevant snapshot.
  2. The DAM hash matches the snapshot reference (if recorded).
  3. The action is signed by a principal listed in the DAM.
  4. The principal has the required role.
  5. The DAM root_key is certified by the offline root trust chain.

6. Policy Binding

The DAM policy_hash binds the domain to a specific policy document. If policy changes, a new DAM MUST be published and referenced by new snapshots.

7. Non-Goals

  • Encoding format
  • Key rotation workflow
  • Live revocation

8. Summary

ASL/DAM/1 defines the minimal authority document for a domain, binding principals and roles to a policy hash under an offline root trust chain.