1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
//! Topology-Aware Federation Semantics
//!
//! Models hierarchical and scoped trust domains within a Byzantine federation.
//! Prevents flat authority assumptions by ensuring verifiers only possess
//! jurisdiction over their explicitly defined `authority_scope`.
use crate::trust_domains::TrustDomain;
use alloc::string::String;
use alloc::vec::Vec;
use serde::{Deserialize, Serialize};
/// Defines the structural role of a verifier within the federation topology.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum FederationRole {
/// Has global governance authority and can approve cross-zone transitions.
RootAuthority,
/// Has authority scoped to a specific geographic or logical zone.
RegionalAuthority,
/// Executes validation but has no governance or policy authority.
EdgeVerifier,
/// Passively mirrors state and provides auditability without voting power.
Observer,
}
/// Explicitly bounds the authority of a verifier to specific operational domains.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AuthorityScope {
/// The specific trust domains (e.g., `SecureBoot`, `RuntimeIntegrity`) this
/// verifier is authorized to evaluate or govern.
pub trust_domains: Vec<TrustDomain>,
pub governance_allowed: bool,
pub revocation_allowed: bool,
pub attestation_allowed: bool,
}
/// A distinctly bounded region of trust within the larger federation.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct FederationZone {
/// Unique identifier for this trust zone.
pub zone_id: String,
/// The identities of verifiers assigned to this zone.
pub members: Vec<String>,
/// Verifiers explicitly delegated authority over this zone.
pub delegated_authorities: Vec<String>,
}
/// The comprehensive structural model of the verifier federation.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct FederationTopology {
/// Unique identifier for the entire federation.
pub federation_id: String,
/// The collection of isolated trust zones within the federation.
pub zones: Vec<FederationZone>,
pub verifier_roles: Vec<(String, FederationRole)>,
}
impl AuthorityScope {
/// Checks if the verifier has authority over a specific trust domain within a zone.
#[must_use]
pub fn has_authority(&self, domain: &TrustDomain, require_governance: bool) -> bool {
if !self.trust_domains.contains(domain) {
return false;
}
if require_governance && !self.governance_allowed {
return false;
}
true
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn scope_enforcement() {
let edge_scope = AuthorityScope {
trust_domains: vec![TrustDomain::RuntimeIntegrity],
governance_allowed: false,
revocation_allowed: false,
attestation_allowed: true,
};
// Has authority for runtime
assert!(edge_scope.has_authority(&TrustDomain::RuntimeIntegrity, false));
// Fails on wrong domain
assert!(!edge_scope.has_authority(&TrustDomain::HardwareIdentity, false));
// Fails if governance required
assert!(!edge_scope.has_authority(&TrustDomain::RuntimeIntegrity, true));
let root_scope = AuthorityScope {
trust_domains: vec![TrustDomain::RuntimeIntegrity, TrustDomain::HardwareIdentity],
governance_allowed: true,
revocation_allowed: true,
attestation_allowed: true,
};
// Root can do governance
assert!(root_scope.has_authority(&TrustDomain::HardwareIdentity, true));
}
}