stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
a7f3880e9f38d35162b0f9724b6ab5dea018cf16
git.stella-ops.org/docs/modules/issuer-directory/README.md
master fdf95e0f46 docs: module dossier + install/quickstart sync for truthful cutover sprints 
- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring.
- docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026.
- docs/features/checked/web/**: update feature notes where UI changed.
- docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts.
- docs/setup/**, docs/technical/**: align with setup wizard contracts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 14:45:09 +03:00

56 lines
2.1 KiB
Markdown
Raw Blame History

# IssuerDirectory
**Status:** Implemented (source relocated by Sprint 216)
**Source:** `src/Authority/StellaOps.IssuerDirectory/` (previously `src/IssuerDirectory/`)
**Owner:** Authority domain (Identity & Trust)
## Latest updates (2026-04-16)
- IssuerDirectory web runtime no longer silently falls back to in-memory persistence outside `Testing`; non-testing hosts now require PostgreSQL wiring.
- Canonical configuration now lives under `IssuerDirectory:Persistence:*`, while legacy `IssuerDirectory:Postgres:*` settings remain supported for compatibility.
- Focused runtime coverage lives in `StellaOps.IssuerDirectory.WebService.Tests`.
## Purpose
IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.
## Domain ownership
As of Sprint 216, IssuerDirectory source is owned by the Authority domain. The runtime service identity, container, and database schema remain independent. Schema isolation from AuthorityDbContext is a deliberate security feature.
See `docs/modules/authority/architecture.md` (sections 21.1--21.4) for schema ownership and the no-merge ADR.
## Components
**Services:**
- `StellaOps.IssuerDirectory` - Main service for issuer registry management and API
## Configuration
See `etc/issuer-directory.yaml.sample` for configuration options.
Key settings:
- `IssuerDirectory:Persistence:Provider=Postgres`
- `IssuerDirectory:Persistence:PostgresConnectionString`
- `IssuerDirectory:Persistence:SchemaName` (defaults to `issuer`)
- Authority integration settings
- Issuer discovery endpoints
- Trust validation policies
- CSAF provider metadata validation
## Dependencies
- PostgreSQL (schema: `issuer_directory`)
- Authority (authentication)
- Concelier (consumes issuer metadata)
- VexHub (consumes issuer trust data)
- VexLens (trust scoring integration)
## Related Documentation
- Architecture: `../authority/architecture.md` (sections 21.1--21.4)
- Archived original: `docs-archived/modules/issuer-directory/`
- Concelier: `../concelier/`
- VexHub: `../vexhub/`
- VexLens: `../vex-lens/`
Reference in New Issue View Git Blame Copy Permalink