niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/asl-federation-1.md
Carl Niklas Rydberg a5537e13d3 Add federation and trust/policy tier1 specs
2026-01-17 08:52:02 +01:00

5.2 KiB
Raw Blame History

ASL/FEDERATION/1 -- Core Federation Semantics

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [federation, domains, visibility, determinism]

Document ID: ASL/FEDERATION/1 Layer: L2 -- Federation semantics (no transport, no encodings)

Depends on (normative):

  • ASL/1-CORE
  • ASL/1-CORE-INDEX
  • ASL/LOG/1
  • ASL-STORE-INDEX

Informative references:

  • ENC-ASL-CORE-INDEX -- domain/visibility fields (tier1/enc-asl-core-index.md)
  • ASL/SYSTEM/1 -- unified system view
  • ASL/FEDERATION-REPLAY/1 -- cross-node deterministic replay
  • ASL/DAM/1 -- Domain Authority Manifest
  • ASL/POLICY-HASH/1 -- policy hash

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/FEDERATION/1 defines semantic rules for multi-domain visibility and cross-domain references. It does not define transport, replication, or encodings.

1. Purpose

ASL/FEDERATION/1 defines the multi-domain model for ASL-based systems:

  • Domain isolation and visibility rules
  • Published vs internal state
  • Cross-domain reference constraints
  • Snapshot identity and deterministic reconstruction

2. Core Concepts

Term Definition
Domain Logical namespace with its own ASL store, log, and snapshot lineage.
Internal state Artifacts/snapshots visible only within the domain.
Published state Artifacts/snapshots visible to other domains.
Federated snapshot Snapshot with visibility state that may be imported by other domains.
Cross-domain reference Reference to a published artifact from another domain.

3. Domain Semantics

  1. Domain isolation

    • Each domain has its own store, index, and log.
    • Internal state is invisible outside the domain.

  2. Published state

    • Published artifacts and snapshots are visible to other domains.
    • Published artifacts MUST satisfy ASL immutability and snapshot safety rules.

  3. Cross-domain references

    • Only published artifacts MAY be referenced by other domains.
    • Cross-domain references are read-only and immutable.
    • The consuming domain indexes imported artifacts using normal ASL index semantics.

4. Snapshot Identity

  • Snapshot IDs are unique per domain.
  • Federated snapshot identity is (DomainID, SnapshotID).
  • A federated snapshot MAY include cross-domain references only to published artifacts.

5. Visibility Rules

Object Internal Domain Other Domains
Internal artifact visible hidden
Published artifact visible visible (read-only)
Internal snapshot visible hidden
Published snapshot visible visible
Block supporting published artifact visible visible
Block supporting internal artifact visible hidden
  • Index entries follow the same visibility rules.
  • Determinism is defined per-domain and per-snapshot view.

6. Cross-Domain Operations

  1. Import published artifacts

    • A domain MAY import a published artifact from another domain.
    • Imported artifacts MUST be treated as immutable.

  2. Export published artifacts

    • Internal artifacts MAY be promoted to published state.
    • Promotion MUST be snapshot-bound and log-ordered.

  3. Federation log propagation

    • Each domain maintains its own append-only log.
    • Federation MAY replicate published log-visible state.

7. Provenance and Traceability

  • Execution receipts MAY include cross-domain inputs.
  • Provenance MUST preserve origin domain and snapshot identity.
  • Deterministic replay MUST be possible given {Snapshot, LogPrefix} for each domain.

8. Normative Invariants

  1. Determinism: Reconstructing CURRENT in a domain yields the same visible state given the same snapshot and log prefix.
  2. Immutability: Published artifacts and snapshots are immutable.
  3. Domain isolation: Internal artifacts and snapshots are never visible to other domains.
  4. Federation safety: Cross-domain references are read-only.
  5. Snapshot integrity: Federated snapshots reference only published artifacts.

9. Integration with Other Layers

Layer Role in Federation
ASL/1-CORE Artifact immutability and identity
ASL/1-CORE-INDEX Semantic mapping and shadowing
ASL-STORE-INDEX Sealing, retention, snapshot pinning
ASL/LOG/1 Log-ordered visibility
ENC-ASL-CORE-INDEX Domain/visibility metadata in records

10. Non-Goals

  • Transport protocols
  • Network replication
  • Witness signatures
  • Domain admission and trust policy

11. Summary

ASL/FEDERATION/1 defines the semantic rules for multi-domain visibility and cross-domain reference. It keeps federation deterministic, snapshot-safe, and read-only across domain boundaries.