niklas/amduat
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat/tier1/asl-policy-hash-1.md
Carl Niklas Rydberg f707244888 Add federation docs and implementation notes
2026-01-18 09:48:30 +01:00

3.4 KiB
Raw Blame History

ASL/POLICY-HASH/1 -- Policy Hash Specification

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [policy, hash, federation, trust]

Document ID: ASL/POLICY-HASH/1 Layer: L2 -- Policy binding semantics (no encoding)

Depends on (normative):

  • ASL/FEDERATION/1

Informative references:

  • ASL/DAM/1 -- Domain Authority Manifest
  • ASL/DAP/1 -- Domain admission

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/POLICY-HASH/1 defines the logical structure and hashing rules for policy documents. It does not define transport or storage encodings.

1. Purpose

The policy hash binds domain rules to snapshots, authority, and federation decisions without embedding mutable policy text into artifacts.

2. Policy Coverage (Normative)

The policy hash MUST cover semantic constraints that affect correctness or trust:

  1. Publication rules
  2. Execution rules
  3. Federation rules
  4. Retention and GC constraints
  5. Visibility rules

3. Logical Structure

DomainPolicy {
    version            : u32
    publication_policy : PublicationPolicy
    execution_policy   : ExecutionPolicy
    federation_policy  : FederationPolicy
    retention_policy   : RetentionPolicy
    visibility_policy  : VisibilityPolicy
    reserved0          : u32
}

Section schemas (minimal):

PublicationPolicy {
    require_signature   : bool
    allowed_roles[]     : Role
    snapshot_required   : bool
}

ExecutionPolicy {
    per_signature_required : bool
    allowed_roles[]        : Role
    deterministic_only     : bool
}

FederationPolicy {
    export_published_only : bool
    require_snapshot      : bool
    trusted_domains[]     : DomainID
}

RetentionPolicy {
    gc_unpublished_allowed : bool
    min_snapshot_retention : u32
}

VisibilityPolicy {
    internal_hidden     : bool
    published_read_only : bool
}

4. Defaults and Validation (Normative)

All fields MUST be present. Defaults apply only to explicit values:

  • allowed_roles[] MAY be empty (no roles allowed)
  • trusted_domains[] MAY be empty (no domains trusted)
  • min_snapshot_retention MAY be 0 (no minimum)
  • reserved0 MUST be 0

A policy is invalid if any boolean is outside {0,1} or if version is unsupported.

5. Canonicalization Rules (Normative)

The policy hash MUST be computed from canonical bytes:

  1. Field order fixed
  2. Arrays sorted lexicographically
  3. No whitespace or comments
  4. Integers encoded big-endian
  5. Booleans encoded as 0x00 or 0x01
  6. No optional fields omitted; defaults must be explicit

6. Hash Computation

policy_bytes = CanonicalSerialize(DomainPolicy)
policy_hash  = HASH(policy_bytes)

The hash algorithm is SHA-256 unless explicitly overridden by domain policy.

7. Storage Locations

The policy hash SHOULD be stored in:

  • Domain Authority Manifest (DAM)
  • Snapshot metadata
  • Federation metadata
  • Optional PER metadata

8. Policy Evolution

Policy changes MUST NOT mutate history. A new policy requires:

  1. New policy document
  2. New policy hash
  3. New DAM
  4. New snapshots referencing the new hash

9. Summary

ASL/POLICY-HASH/1 defines a minimal, deterministic policy hash that binds domain rules to authority and snapshots without embedding mutable policy text into artifacts.