# ASL/POLICY-HASH/1 -- Policy Hash Specification Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [policy, hash, federation, trust] **Document ID:** `ASL/POLICY-HASH/1` **Layer:** L2 -- Policy binding semantics (no encoding) **Depends on (normative):** * `ASL/FEDERATION/1` **Informative references:** * `ASL/DAM/1` -- Domain Authority Manifest * `ASL/DAP/1` -- Domain admission --- ## 0. Conventions The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119. ASL/POLICY-HASH/1 defines the logical structure and hashing rules for policy documents. It does not define transport or storage encodings. --- ## 1. Purpose The policy hash binds domain rules to snapshots, authority, and federation decisions without embedding mutable policy text into artifacts. --- ## 2. Policy Coverage (Normative) The policy hash MUST cover semantic constraints that affect correctness or trust: 1. Publication rules 2. Execution rules 3. Federation rules 4. Retention and GC constraints 5. Visibility rules --- ## 3. Logical Structure ```text DomainPolicy { version : u32 publication_policy : PublicationPolicy execution_policy : ExecutionPolicy federation_policy : FederationPolicy retention_policy : RetentionPolicy visibility_policy : VisibilityPolicy reserved0 : u32 } ``` Section schemas (minimal): ```text PublicationPolicy { require_signature : bool allowed_roles[] : Role snapshot_required : bool } ExecutionPolicy { per_signature_required : bool allowed_roles[] : Role deterministic_only : bool } FederationPolicy { export_published_only : bool require_snapshot : bool trusted_domains[] : DomainID } RetentionPolicy { gc_unpublished_allowed : bool min_snapshot_retention : u32 } VisibilityPolicy { internal_hidden : bool published_read_only : bool } ``` --- ## 4. Defaults and Validation (Normative) All fields MUST be present. Defaults apply only to explicit values: * `allowed_roles[]` MAY be empty (no roles allowed) * `trusted_domains[]` MAY be empty (no domains trusted) * `min_snapshot_retention` MAY be 0 (no minimum) * `reserved0` MUST be 0 A policy is invalid if any boolean is outside {0,1} or if `version` is unsupported. --- ## 5. Canonicalization Rules (Normative) The policy hash MUST be computed from canonical bytes: 1. Field order fixed 2. Arrays sorted lexicographically 3. No whitespace or comments 4. Integers encoded big-endian 5. Booleans encoded as 0x00 or 0x01 6. No optional fields omitted; defaults must be explicit --- ## 6. Hash Computation ``` policy_bytes = CanonicalSerialize(DomainPolicy) policy_hash = HASH(policy_bytes) ``` The hash algorithm is SHA-256 unless explicitly overridden by domain policy. --- ## 7. Storage Locations The policy hash SHOULD be stored in: * Domain Authority Manifest (DAM) * Snapshot metadata * Federation metadata * Optional PER metadata --- ## 8. Policy Evolution Policy changes MUST NOT mutate history. A new policy requires: 1. New policy document 2. New policy hash 3. New DAM 4. New snapshots referencing the new hash --- ## 9. Summary ASL/POLICY-HASH/1 defines a minimal, deterministic policy hash that binds domain rules to authority and snapshots without embedding mutable policy text into artifacts.