pub struct FederationAttestation {Show 13 fields
pub attestation_version: FederationAttestation_AttestationVersion,
pub attestation_id: String,
pub issuer_domain: TrustDomain,
pub subject_domain: TrustDomain,
pub subject_actor: Option<ActorId>,
pub scope: Option<Vec<ActionName>>,
pub trust_levels_granted: Option<Vec<TrustLevel>>,
pub trust_bundle: Vec<FederationAttestation_TrustBundle_Item>,
pub constraints: Option<Vec<Constraint>>,
pub issued_at: Timestamp,
pub valid_until: Timestamp,
pub issuer: ActorId,
pub signature: SignatureEnvelope,
}Expand description
Cross-trust-domain attestation: domain A signs a statement asserting that domain B’s identity (or a specific actor in B) is recognized within A’s trust fabric, optionally bounded by capability scope and time. Used by SPIFFE federated trust bundles, business-partner trust links, and sovereignty federations (TF-0002 “federated” identity mode).
Fields§
§attestation_version: FederationAttestation_AttestationVersionVersion of the federation-attestation schema.
attestation_id: StringStable identifier for this attestation; used for revocation lookups.
issuer_domain: TrustDomainDomain making the assertion.
subject_domain: TrustDomainDomain being recognized.
subject_actor: Option<ActorId>Optional specific actor inside subject_domain. When omitted the attestation covers the whole domain.
scope: Option<Vec<ActionName>>Optional list of action names this attestation permits cross-domain. Empty means “recognize identity only” (no implicit authority).
trust_levels_granted: Option<Vec<TrustLevel>>Maximum TrustLevel the issuer is willing to extend to subjects under this attestation.
trust_bundle: Vec<FederationAttestation_TrustBundle_Item>SPIFFE-style trust bundle: the public keys / certificates of subject_domain that issuer_domain accepts. Each entry is either an X.509 PEM, a SPIFFE JWT-SVID JWK, or an opaque ed25519 public key.
constraints: Option<Vec<Constraint>>Optional constraints attached to the federation grant (rate limits, target globs, time windows).
issued_at: Timestamp§valid_until: Timestamp§issuer: ActorIdAuthority within issuer_domain that signed this attestation.
signature: SignatureEnvelopeTrait Implementations§
Source§impl Clone for FederationAttestation
impl Clone for FederationAttestation
Source§fn clone(&self) -> FederationAttestation
fn clone(&self) -> FederationAttestation
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for FederationAttestation
impl Debug for FederationAttestation
Source§impl<'de> Deserialize<'de> for FederationAttestation
impl<'de> Deserialize<'de> for FederationAttestation
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for FederationAttestation
Source§impl PartialEq for FederationAttestation
impl PartialEq for FederationAttestation
Source§fn eq(&self, other: &FederationAttestation) -> bool
fn eq(&self, other: &FederationAttestation) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for FederationAttestation
impl Serialize for FederationAttestation
impl StructuralPartialEq for FederationAttestation
Auto Trait Implementations§
impl Freeze for FederationAttestation
impl RefUnwindSafe for FederationAttestation
impl Send for FederationAttestation
impl Sync for FederationAttestation
impl Unpin for FederationAttestation
impl UnsafeUnpin for FederationAttestation
impl UnwindSafe for FederationAttestation
Blanket Implementations§
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more