prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
master
@@ -0,0 +1,19 @@
|
||||
# Authority Crypto Provider Contract Prep — PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI
|
||||
|
||||
Status: Draft (2025-11-20)
|
||||
Owners: Authority Core Guild · Security Guild
|
||||
Scope: Capture the provider/key/JWKS contract Authority must publish to unblock sovereign crypto enablement.
|
||||
|
||||
## Required contract elements
|
||||
- Provider registry binding for Authority signing keys (FIPS, GOST, PQ optional): fields `provider_id`, `key_id`, `alg`, `kid`, `usage`, `tenant_scope?`.
|
||||
- JWKS export requirements: which keys exposed, `x5u`/`x5c` handling, `kid` format, and rotation cadence.
|
||||
- Signing profiles: mapping of Authority API operations to provider profiles (default, ru-gost, pq-experimental).
|
||||
- Determinism: canonical JSON for JWKS; stable `kid` composition (hash of public key + profile).
|
||||
|
||||
## Acceptance / unblock criteria
|
||||
- Publish provider contract in `docs/modules/authority/crypto-provider-contract.md` (or update existing doc) with sample JWKS and provider config snippet.
|
||||
- Record schema hash/kid composition rule here and in Sprint 0514 Decisions/Risks.
|
||||
- Notify downstream consumers (Scanner, Attestor, Concelier) via sprint links once frozen.
|
||||
|
||||
## Handoff
|
||||
Use this doc as the prep artefact for PREP-AUTH-CRYPTO-90-001-NEEDS-AUTHORITY-PROVI. Update with the final contract and samples; then set the sprint task to DONE and unblock AUTH-CRYPTO-90-001 implementation.
|
||||
Reference in New Issue
Block a user