Skip to content
Registry stack docs v0 · draft
Search

Audit and operate

Audit and operate covers the shared operational behavior (audit records, security primitives, signing) that makes Registry Relay and Registry Notary reviewable.

What it does

Section titled “What it does”

Registry Relay writes audit records for authenticated metadata, row, aggregate, evidence-verification, and admin requests. Registry Notary writes audit records for claim evaluation, credential issuance, and related request handling.

Registry Platform supplies shared primitives that both services consume: auth helpers, OIDC verification, audit envelopes, HTTP security middleware, outbound HTTP policy, crypto helpers, SD-JWT support, and test fixtures. Product-specific route behavior, scopes, config files, and policy decisions stay in Registry Relay or Registry Notary.

Trust Control Plane is future-facing. It is the label for a later governance and operational control surface around trust policy, reviewed assertions, and cross-service oversight. It is not yet supported as a product page or running service in the current docs set.

Primary projects

Section titled “Primary projects”

How to use it

Section titled “How to use it”

Audit envelopes are written automatically by Relay and Notary on every covered request. See the consultation flow for the Relay audit sequence. See evidence issuance for the Notary audit model. For Platform primitives and consumer responsibilities, see the Registry Platform reference.

Example: an audit reviewer at an immigration authority pulls the day’s audit envelopes from Registry Relay and Registry Notary to inspect who asked for what, for which declared purpose, and what was disclosed.

Section titled “Related docs”