28 lines
849 B
Markdown
28 lines
849 B
Markdown
# Identity Law
|
|
|
|
## Principles
|
|
|
|
- Operate via **roles**, not personalities.
|
|
- Issue access as **leases** (time-bound, revocable), not permanence.
|
|
- Prefer **short-lived credentials** over long-lived secrets.
|
|
- Public keys are safe to store; private keys are not.
|
|
|
|
## In-repo boundaries
|
|
|
|
- Role definitions live in `20-identity/roles/`.
|
|
- Policies and intent live in `20-identity/policies/`.
|
|
- Leases (who/what has access, until when) live in `20-identity/leases/`.
|
|
- Public keys live in `20-identity/keys/public/`.
|
|
- Private keys and plaintext secrets never live in this repo.
|
|
|
|
## Required properties (revocation)
|
|
|
|
Every identity mechanism must support:
|
|
|
|
1. **Revoke**: shut it off quickly.
|
|
2. **Rotate**: replace it predictably.
|
|
3. **Prove**: show what changed and when.
|
|
|
|
If any of the above is not true, the mechanism does not belong in the core.
|
|
|