Skip to content

feat(trust): add SOVP-v1 pre-execution infrastructure attestation type (§5.2.1, §5.2.2)#48

Closed
litzki-systems wants to merge 1 commit into
ards-project:mainfrom
litzki-systems:feat/sovp-v1-attestation-type
Closed

feat(trust): add SOVP-v1 pre-execution infrastructure attestation type (§5.2.1, §5.2.2)#48
litzki-systems wants to merge 1 commit into
ards-project:mainfrom
litzki-systems:feat/sovp-v1-attestation-type

Conversation

@litzki-systems

Copy link
Copy Markdown

Summary

Adds SOVP-v1 as a documented attestation type in §5.2.1 and §5.2.2, complementing TRACE-v0.2 (runtime governance) and install-manifest (install-time consent).

The layer SOVP-v1 occupies

The four-layer stack that converged in this repo this week:

Layer Type Attests
L1 ARD catalog What the resource is and where to find it
L2 install-manifest (#43) Install-time consent, scopes, kill_switch
L3 SOVP-v1 Host measured and hardened before connection
L4 TRACE-v0.2 (#7) What the agent actually did at runtime

Each attests a distinct axis. As @imran-siddique confirmed: "What SOVP addresses is the infrastructure the enclave sits on: cluster hardening, network topology, sovereign compliance of the broader environment. Those are distinct axes, not overlapping ones."

Changes

  • §5.2: Extends digest field from String to structured object (alg + value) for content-addressable verification
  • §5.2.1: Adds registered attestation types table (SOC2-Type2, HIPAA-Audit, TRACE-v0.2, SOVP-v1)
  • §5.2.2: Adds full SOVP-v1 documentation: seven-property contract, example catalog entry, references

References

- Add SOVP-v1 to registered attestation types table in §5.2.1
- Add §5.2.2 with seven-property contract, example, and references
- Extend digest field to structured object with alg + value
- Cross-reference TRACE-v0.2 and install-manifest as complementary layers

Closes ards-project#41
yepgent added a commit to yepgent/ard-spec that referenced this pull request Jun 26, 2026
Per review feedback on ards-project#49 (litzki-systems): the detached JWS in §5.1.1
shares the RFC 8785 (JCS) canonicalization baseline with SOVP-v1's
attestation payload (ards-project#48, §5.2.1). Note the shared signing primitive as
a composition property — disjoint sections, no normative coupling.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@evalstate

Copy link
Copy Markdown
Collaborator

I'm closing this until your IETF proposal gets accepted. Please reopen with use-cases etc. at that time.

@evalstate evalstate closed this Jun 26, 2026
@litzki-systems

Copy link
Copy Markdown
Author

Understood and appreciated, @evalstate. Will reopen once draft-litzki-sovp advances to a later stage. The layer position and seven-property contract remain available as reference in the meantime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants