stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/attestor/policies.md
StellaOps Bot 150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
up
2025-11-24 07:52:25 +02:00

544 B
Raw Blame History

Attestor Policies (DOCS-ATTEST-73-003)

Guidance on verification policies applied by Attestor.

  • Scope: DSSE envelope validation, subject hash matching, optional transparency checks.
  • Policy fields:
    • allowed issuers / key IDs
    • required predicates (e.g., stella.ops/vexObservation@v1)
    • transparency requirements (allow/require/skip)
    • freshness window for attestations
  • Determinism: policies must be pure; no external lookups in sealed mode.
  • Versioning: include policyVersion and hash; store alongside attestation records.