Skip to content
Registry StackDocsLatest

Security overview

View as Markdown

Use this page to assess the security posture of Registry Stack before you deploy it or integrate with it. It summarizes the model the software enforces, names the responsibilities that stay with the operator, and links the public evidence a reviewer can verify. The normative source for everything on this page is the security model specification RS-SEC-G; this page is its narrative summary.

WhatWhere it stands
Authentication on every route that touches a record or a claimBuilt in
Deny-by-default authorization, checked before any data is readBuilt in
Only the public half of a signing key is ever publishedBuilt in
Person-level access is written to an audit logBuilt in (fail-closed is yours to switch on)
Three disclosure modes, with redacted revealing neither value nor answerBuilt in
Selective-disclosure credentials, with did:jwk holder binding by default per profileBuilt in
Federation limited to peers you configureBuilt in
Hardened HTTP headers and outbound-traffic limitsRecommended, confirm your build applies them
Key custody, retention, isolation, TLS, rate limitingYour deployment’s job
Compliance with any external standard it citesNot claimed

Every request that returns person-level records or claim results moves through the same pipeline: authenticate, authorize, serve, audit.

  • Authenticate: a runtime service runs exactly one authentication mode, fixed by configuration: static credentials or OIDC (REQ-SEC-G-002). Static credentials are configured as SHA-256 fingerprints, never raw secrets, and compared in constant time (REQ-SEC-G-003). OIDC tokens are trusted only after signature, issuer, audience, and algorithm checks (REQ-SEC-G-004).
  • Authorize: authorization is scope-based and deny-by-default. The required scope is enforced before any source is read, and a caller’s reach is never widened at request time (REQ-SEC-G-005, REQ-SEC-G-006).
  • Serve: the service returns the configured surface: a protected read, a claim result, a selected value, a signed credential, or a denial. Every claim is answered in one of three disclosure modes: value hands back the computed value, predicate returns only a yes/no, and redacted returns neither the value nor the yes/no; the claim’s policy fixes which modes are allowed. Disclosure modes and computed answers covers this in depth.
  • Audit: the request is recorded in a hash-chained audit envelope capturing the caller principal, the scopes exercised, a request identifier, and the declared purpose (REQ-SEC-G-008). A deployment can run audit fail-closed, so a request whose audit record cannot be written does not succeed (REQ-SEC-G-009).

Every route that returns a record, evaluates a claim, or issues from a stored evaluation requires authentication. Operational probes, public verification keys, discovery metadata, docs or OpenAPI when configured, OID4VCI bootstrap routes, and credential-status reads may be public because they do not return record or claim results on their own. Issuers sign with asymmetric keys and publish only the public half, so any verifier can check an issued credential without holding a credential of its own (REQ-SEC-G-007).

When Notary issues a credential it is an SD-JWT VC: the signed body carries hashes of each disclosable field rather than the values, so the holder reveals only what they choose. Holder binding, which cryptographically ties a credential to a key the holder controls, is enabled by default with did:jwk; an operator can set holder_binding.mode: none only for an explicit bearer-style credential profile, and registry-notary doctor warns on that choice. The self-attestation (wallet) issuance path requires holder proof of possession. See Evidence issuance, end to end for the full credential lifecycle.

Delegated evaluation, where one Notary asks a trusted peer to evaluate a claim against a source only that peer can read, is admitted only from statically configured peers, and the peer’s identity, signature, freshness, and purpose are verified before any source read (REQ-SEC-G-010).

Two behaviors are recommended rather than required, so confirm them rather than assume them.

  • Registry Platform sourcing: security-critical primitives (authentication, OIDC verification, audit envelopes, HTTP security, outbound HTTP policy, cryptography, and SD-JWT VC helpers) are meant to come from Registry Platform rather than be reimplemented per service, so they behave the same everywhere and can be reviewed in one place. RS-SEC-G recommends this rather than forcing it (REQ-SEC-G-001), so confirm the service you deploy sources them from Registry Platform rather than reimplementing its own.
  • HTTP hardening: security response headers and limits on outbound source-fetch traffic are recommended posture (REQ-SEC-G-012). Check that your build applies them rather than assuming it.

A deployment states the assurance level it claims; the software then enforces gates that match the claim. Both runtime services accept a deployment block with a profile of local, hosted_lab, production, or evidence_grade. Each profile binds a findings catalog at escalating severities: a production deployment with no durable audit sink refuses to start, and an evidence_grade deployment refuses to start from an unsigned local config file. Findings, waivers (each with a mandatory reason and expiry), and the declared profile are reported by the operations posture endpoint, so the deployment’s actual state is inspectable rather than asserted. The gate catalogs are documented in the Registry Relay configuration reference and the Registry Notary operator configuration reference.

The security model ends where the deployment begins. Secret and key provisioning, key custody and rotation schedules, audit retention and storage, tenant isolation, transport termination and certificate management, edge rate limiting, deployment configuration, and incident response are operator responsibilities (RS-SEC-G Section 9). The software keeps secrets out of distributable artifacts (REQ-SEC-G-013) and provides the primitives; the operator provisions, configures, and operates them. Harden a production deployment turns this boundary into an actionable checklist.

Public, checkable evidence, from most to least formal:

These documents state known gaps alongside implemented controls. None of them is a certification, and the hosted lab is a synthetic-data demo, not a production assurance claim.

Suspected vulnerabilities go through the private disclosure process, never public issues or pull requests. See Report a vulnerability.