IssuerDirectory

Status: Implemented (source relocated by Sprint 216) Source: src/Authority/StellaOps.IssuerDirectory/ (previously src/IssuerDirectory/) Owner: Authority domain (Identity & Trust)

Purpose

IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.

Domain ownership

As of Sprint 216, IssuerDirectory source is owned by the Authority domain. The runtime service identity, container, and database schema remain independent. Schema isolation from AuthorityDbContext is a deliberate security feature.

See docs/modules/authority/architecture.md (sections 21.1--21.4) for schema ownership and the no-merge ADR.

Components

Services:

StellaOps.IssuerDirectory - Main service for issuer registry management and API

Configuration

See etc/issuer-directory.yaml.sample for configuration options.

Key settings:

PostgreSQL connection (schema: issuer_directory)
Authority integration settings
Issuer discovery endpoints
Trust validation policies
CSAF provider metadata validation

Dependencies

PostgreSQL (schema: issuer_directory)
Authority (authentication)
Concelier (consumes issuer metadata)
VexHub (consumes issuer trust data)
VexLens (trust scoring integration)

Architecture: ../authority/architecture.md (sections 21.1--21.4)
Archived original: docs-archived/modules/issuer-directory/
Concelier: ../concelier/
VexHub: ../vexhub/
VexLens: ../vex-lens/

1.6 KiB Raw Blame History