48 lines
1.6 KiB
Markdown
48 lines
1.6 KiB
Markdown
# IssuerDirectory
|
|
|
|
**Status:** Implemented (source relocated by Sprint 216)
|
|
**Source:** `src/Authority/StellaOps.IssuerDirectory/` (previously `src/IssuerDirectory/`)
|
|
**Owner:** Authority domain (Identity & Trust)
|
|
|
|
## Purpose
|
|
|
|
IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.
|
|
|
|
## Domain ownership
|
|
|
|
As of Sprint 216, IssuerDirectory source is owned by the Authority domain. The runtime service identity, container, and database schema remain independent. Schema isolation from AuthorityDbContext is a deliberate security feature.
|
|
|
|
See `docs/modules/authority/architecture.md` (sections 21.1--21.4) for schema ownership and the no-merge ADR.
|
|
|
|
## Components
|
|
|
|
**Services:**
|
|
- `StellaOps.IssuerDirectory` - Main service for issuer registry management and API
|
|
|
|
## Configuration
|
|
|
|
See `etc/issuer-directory.yaml.sample` for configuration options.
|
|
|
|
Key settings:
|
|
- PostgreSQL connection (schema: `issuer_directory`)
|
|
- Authority integration settings
|
|
- Issuer discovery endpoints
|
|
- Trust validation policies
|
|
- CSAF provider metadata validation
|
|
|
|
## Dependencies
|
|
|
|
- PostgreSQL (schema: `issuer_directory`)
|
|
- Authority (authentication)
|
|
- Concelier (consumes issuer metadata)
|
|
- VexHub (consumes issuer trust data)
|
|
- VexLens (trust scoring integration)
|
|
|
|
## Related Documentation
|
|
|
|
- Architecture: `../authority/architecture.md` (sections 21.1--21.4)
|
|
- Archived original: `docs-archived/modules/issuer-directory/`
|
|
- Concelier: `../concelier/`
|
|
- VexHub: `../vexhub/`
|
|
- VexLens: `../vex-lens/`
|