docs consolidation and others
This commit is contained in:
master
33
docs/modules/vex-lens/guides/issuer-directory.md
Normal file
33
docs/modules/vex-lens/guides/issuer-directory.md
Normal file
@@ -0,0 +1,33 @@
|
||||
# VEX Issuer Directory and Trust
|
||||
|
||||
Issuer trust is a first-class input to VEX decisioning. The issuer directory defines *who* a statement is from, *how* it is verified, and *how* policy should weigh it.
|
||||
|
||||
## Issuer Identity
|
||||
|
||||
An issuer can be identified by:
|
||||
|
||||
- Stable provider IDs (connector/provider identifiers)
|
||||
- Cryptographic identity (certificate chain, key identifiers, transparency inclusion proof) when available
|
||||
|
||||
Tenants may define allowlists for acceptable issuer identities and/or map issuers into trust tiers.
|
||||
|
||||
## Trust Tiers and Weights
|
||||
|
||||
Trust is commonly expressed as:
|
||||
|
||||
- **Tier label** (e.g., vendor, distro, internal, untrusted)
|
||||
- **Weight/confidence** used by consensus/policy to break ties and set posture
|
||||
- **Verification requirements** (e.g., signature required for `not_affected` gating)
|
||||
|
||||
## Offline Trust
|
||||
|
||||
Offline deployments must be able to verify issuer identity without network access:
|
||||
|
||||
- Trust roots and allowlists are bundled in the Offline Kit
|
||||
- Signature verification and transparency proofs are evaluated against bundled material
|
||||
|
||||
## References
|
||||
|
||||
- `docs/VEX_CONSENSUS_GUIDE.md`
|
||||
- `docs/modules/excititor/architecture.md`
|
||||
- `docs/modules/vex-lens/architecture.md`
|
||||
Reference in New Issue
Block a user