150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
13 lines
544 B
Markdown
13 lines
544 B
Markdown
# Attestor Policies (DOCS-ATTEST-73-003)
|
|
|
|
Guidance on verification policies applied by Attestor.
|
|
|
|
- Scope: DSSE envelope validation, subject hash matching, optional transparency checks.
|
|
- Policy fields:
|
|
- allowed issuers / key IDs
|
|
- required predicates (e.g., `stella.ops/vexObservation@v1`)
|
|
- transparency requirements (allow/require/skip)
|
|
- freshness window for attestations
|
|
- Determinism: policies must be pure; no external lookups in sealed mode.
|
|
- Versioning: include `policyVersion` and hash; store alongside attestation records.
|