2.1 KiB
2.1 KiB
Predicate Schema: stella.ops/federatedConsent@v1
Overview
This predicate type represents a consent attestation for federated telemetry participation. A valid consent proof must exist before any telemetry data can be aggregated and shared with federation peers.
Predicate Type
stella.ops/federatedConsent@v1
Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"required": ["tenantId", "grantedBy", "grantedAt", "type"],
"properties": {
"tenantId": {
"type": "string",
"description": "Identifier of the tenant granting consent"
},
"grantedBy": {
"type": "string",
"description": "Identity of the actor who granted consent (email or service account)"
},
"grantedAt": {
"type": "string",
"format": "date-time",
"description": "UTC timestamp when consent was granted"
},
"expiresAt": {
"type": ["string", "null"],
"format": "date-time",
"description": "Optional expiry timestamp; null means consent has no TTL"
},
"type": {
"type": "string",
"const": "stella.ops/federatedConsent@v1"
}
}
}
Consent Lifecycle States
| State | Description | Transition |
|---|---|---|
| Not Granted | Default state; no federation data shared | -> Granted (via POST /consent/grant) |
| Granted | Active consent; federation data flows | -> Revoked (via POST /consent/revoke) or -> Expired (TTL) |
| Expired | TTL-based automatic revocation | -> Granted (re-grant) |
| Revoked | Explicit admin revocation | -> Granted (re-grant) |
Validation Rules
tenantIdmust be non-empty and match the requesting tenant.grantedBymust be a valid identity string.grantedAtmust be a valid UTC timestamp not in the future.- If
expiresAtis set, it must be aftergrantedAt. - The consent proof is DSSE-signed; the digest is stored as
sha256:<hex>.
Example Payload
{
"tenantId": "org-acme-production",
"grantedBy": "admin@acme.com",
"grantedAt": "2026-02-20T10:00:00Z",
"expiresAt": "2026-03-20T10:00:00Z",
"type": "stella.ops/federatedConsent@v1"
}