Add device key, public key directory, and key epoch trust model #1

Open
opened 2026-07-09 15:03:45 +02:00 by zemion · 0 comments
Owner

Define the trust primitives needed for encrypted postbox access: device keys, public key directory, key epochs, assurance metadata, and audited key-access decisions.

Source concept/wiki doc: govoplan-identity-trust/docs/DEVICE_KEY_TRUST_CONCEPT.md; govoplan-core/docs/POSTBOX_E2EE_ARCHITECTURE.md.

Acceptance criteria:

  • A public key/device key DTO contract exists and is independent from access-owned login/session state.
  • Key epoch and revocation semantics are documented for role/function postboxes.
  • Access approval and identity-trust key release/rewrap boundaries are explicit.

Context recovered from previous GovOPlaN planning chats and consolidated into the roadmap/docs on 2026-07-09.

Define the trust primitives needed for encrypted postbox access: device keys, public key directory, key epochs, assurance metadata, and audited key-access decisions. Source concept/wiki doc: `govoplan-identity-trust/docs/DEVICE_KEY_TRUST_CONCEPT.md; govoplan-core/docs/POSTBOX_E2EE_ARCHITECTURE.md`. Acceptance criteria: - [ ] A public key/device key DTO contract exists and is independent from access-owned login/session state. - [ ] Key epoch and revocation semantics are documented for role/function postboxes. - [ ] Access approval and identity-trust key release/rewrap boundaries are explicit. Context recovered from previous GovOPlaN planning chats and consolidated into the roadmap/docs on 2026-07-09. <!-- govoplan-recovered-concept:3f66c0be92b66606 -->
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-identity-trust#1
No description provided.