Preview release.These docs are a work in progress. Pages are still being written, links may break, and structure may shift without notice. Treat everything here as a draft and report issues onGitHub.
Unreleased
Section titled “Unreleased”- Production and evidence-grade deployments now fail closed until signer custody
is explicitly approved for credential, access-token, and federation signing
roles.
/readyexposes typed, non-secret custody facts, while detailed deployment findings remain on authenticated operator surfaces.
- BREAKING: Static API-key and bearer-token config no longer accepts
fingerprint.commitment. Remove that field from Notary YAML. Keepfingerprint.providerwithfingerprint.nameorfingerprint.path; the referenced value must containsha256:<64 lowercase hex chars>. - Static credential rotation is now either a secret-plane update plus restart, or a signed config bundle change to a new immutable or versioned fingerprint reference, placed on the node and activated by restart. OIDC remains the preferred production model for citizen and wallet flows.
- Fixed federated evaluation policy-context handling so federation profiles can satisfy source matching gates for legal basis, consent, jurisdiction, and assurance without being treated as scoped transaction authorization details.
- Restores delegated federation evaluations that use governed source-policy gates.
- Fixed static credential policy-context compatibility for source matching: static credentials can again carry configured legal basis, consent, jurisdiction, and assurance context for PDP gates without being treated as exact per-transaction authorization scopes.
- Kept OIDC/RAR authorization details fail-closed unless transaction scope fields are present.
- Added delegated self-attestation support with explicit requester-side target binding, canonicalized delegated targets, and claim-lookup validation.
- Bound delegated authorization details to the requested identifier type so a delegated attestation cannot drift across supported identity forms.
- Hardened authorization-details handling before batch prefetch, credential issuance, render, evaluate, pre-authorization, status-list, and data-route audit paths.
- Added cache compare-and-set support for credential status transitions and status-list signing so concurrent updates fail closed.
- Refreshed the Registry Platform pin to the beta-4 platform release.
- Added citizen self-attestation flows, including bearer-token subject binding, rate limiting, denial audit metadata, and SD-JWT VC issuance.
- Added OpenID4VCI issuer primitives and HTTP routes for credential issuer
metadata, SD-JWT VC Type Metadata at configured
vctURLs, credential offers, nonce creation, and credential issuance. - Added the source adapter sidecar path for private source reads, including
built-in
http_json,http_flow, andfhirengines, source concurrency controls, target rate limits,Retry-Afterbackoff handling, bounded result caching, and DHIS2 canary smoke scripts. - Kept CEL out of default builds while adding an opt-in CEL production image profile with hardened worker execution, startup expression preflight, declared result-type enforcement, and policy-hash worker protocol checks.
- Added named SD-JWT VC signing keys under
evidence.signing_keys, including local JWK signing, publish-only rotation keys with optional bounded publication windows, disabled keys, and optional PKCS#11-backed Ed25519 signing. - Historical note: 0.3.0 introduced the first governed config prototype with
signed TUF bundles,
config verify-bundle,config apply-bundle, andconfig_trust. Current releases use Registry Config Bundle v1 instead: a local directory withmanifest.json,manifest.sig.json, andconfig/..., verified byconfig verify-bundleand activated by placing the bundle on the node and restarting the service. There is no currentapply-bundlecommand and no hot apply. - Added
server.admin_listenerto split admin and public HTTP topology. Thededicatedmode serves/admin/v1/*and/metricson a separate admin bind,shared_with_publicserves them on the public listener, anddisableddrops the admin listener entirely. Governedconfig_trustrequiresdedicated. - Changed the default
server.admin_listener.modefromshared_with_publictodisabled; local deployments that intentionally need the old shared topology must setserver.admin_listener.mode: shared_with_publicexplicitly. - Added bounded HTTP serve defaults:
server.request_timeout: 30s,server.request_body_timeout: 10s,server.http1_header_read_timeout: 10s, andserver.max_connections: 1024. The source adapter sidecar mirrors the same limits with millisecond-suffixed config keys. - Changed
auth.api_keys[]andauth.bearer_tokens[]to a committedfingerprintreference (provider,name,commitment) in place ofhash_env, so a signed config bundle can govern caller-credential rotation after restart. - Renamed OIDC config fields to the shared Registry service convention:
auth.oidc.jwks_url,auth.oidc.leeway, andauth.oidc.allowed_token_types. Legacy aliases fail config load with an error naming the replacement.auth.oidc.leewaynow uses humantime strings such as30s; self-attestationtoken_policy.max_clock_leeway_secondsstill bounds the resolved duration. - Removed
server.cors.allow_credentials; Registry Notary now always disables credentialed CORS on the operator-configured server CORS layer. Remove the field from config rather than setting it tofalse. - Renamed
audit.max_size_bytestoaudit.max_size_mband aligned the default active-file rotation to 100 MB with 14 retained files. - Added
REGISTRY_NOTARY_LOG_FORMAT=text|json; the default log filter is plaininfo. - Product binaries and container images now compile the PKCS#11 provider by default, while vendor modules, token state, labels, and PIN handling remain operator-supplied runtime configuration.
- Hardened SD-JWT VC conformance for
dc+sd-jwt, holder binding, proof validation, and OpenAPI documentation. - Replaced fake Problem Details type URLs with
https://id.registrystack.org/problems/registry-notary/.... - Changed self-attestation subject-binding hashes to keyed HMAC values and stopped recording raw query strings in request spans or audit paths.
- Known limitations: this release is
dc+sd-jwtonly, does not serve/.well-known/jwt-vc-issuer, does not implement PKCS#12 issuer keys, does not certify a vendor HSM, and leaves retention/erasure workflows to the operator.
- Added
evidence.source_connections[].allow_insecure_private_networkfor Docker Compose and private-network demos that need HTTP source registries. The escape hatch is opt-in, keeps cloud metadata endpoints blocked, and leaves the strict HTTPS policy as the default.
0.2.0 (rename)
Section titled “0.2.0 (rename)”- Renamed:
evidence-server→registry-notary. No backward compatibility; no aliases.- Crates:
evidence-core→registry-notary-core,evidence-server→registry-notary-server,evidence-server-bin→registry-notary-bin. - Binary:
evidence-server→registry-notary. - Media type:
application/vnd.evidence-server.claim-result+json→application/vnd.registry-notary.claim-result+json. - Default audience:
"evidence-server"→"registry-notary". - Cargo feature:
evidence-server-cel→registry-notary-cel. - Project-labeled env vars:
EVIDENCE_SERVER_API_KEY,EVIDENCE_SERVER_BEARER_TOKEN,EVIDENCE_SERVER_ISSUER_JWK→REGISTRY_NOTARY_API_KEY_HASH,REGISTRY_NOTARY_BEARER_TOKEN_HASH,REGISTRY_NOTARY_ISSUER_JWK. The renamed auth variables holdsha256:<64 hex>fingerprints, not plaintext tokens. - Demo config:
demo/config/evidence-server.yaml→demo/config/registry-notary.yaml.
- Crates:
- Initial Evidence Server repository cut from
registry_relay. - Preserves
evidence-coreandevidence-servercrate behavior as an independent Cargo workspace. - Adds
evidence-server-binfor standalone config loading, binding, tracing, shutdown, fail-closed API key and bearer-token auth, and redacted audit event output. - Adds HTTP Registry Data API and DCI source connectors so claim evaluation can use external source registries without linking Registry Relay.
- Keeps CEL enabled by default through
cel-mapper-core, pinned toPublicSchema/cel-mappingtagcel-mapper-core-v0.1.0. - Adds a
cargo run -p evidence-server-bin -- openapicommand for owned Evidence Server OpenAPI output.
Known non-goals for this cut:
- 0.1.0 does not include OIDC/JWKS discovery; the standalone binary supports API keys and static bearer tokens.