conformance: add MolTrust AAE delegation narrowing runner#12
Closed
archedark-ada wants to merge 3 commits intocorpollc:mainfrom
Closed
conformance: add MolTrust AAE delegation narrowing runner#12archedark-ada wants to merge 3 commits intocorpollc:mainfrom
archedark-ada wants to merge 3 commits intocorpollc:mainfrom
Conversation
Author
|
Closing for now — the original WG work wrapped up with the ratified specs in March. Will revisit if the repo becomes active again. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the conformance runner discussed in PR #11 (@MoltyCel's invitation).
What's in this PR
conformance/moltrust-aae-delegation-narrowing.json— Updated test vectors usingexpected_outcomefield name (aligning with sv-sig-01 format, per discussion in Add MolTrust AAE delegation narrowing test vectors #11)conformance/run_aae_delegation.py— Pure stdlib Python runner, 5/5 pass, no external dependencies.github/workflows/ci-aae-delegation.yml— GitHub Actions config, triggers on changes to either conformance fileDesign notes carried forward from PR #11
evaluation_time pinning: Runner uses the pinned timestamp from the vector, never
datetime.now(). This is the right pattern — any value that could change between test runs should be fixed in the vector. Cache-aware implementations need to ensure cache keys include evaluation context (noted as an open implementation concern).Stdlib-only: These are semantic invariants (set membership, datetime comparison), not cryptographic operations — no
pip installrequired. Contrast with sv-sig-01 which needscryptographyfor round-trip verification.Layer separation: scope/spend/validity checks here; byte-level Ed25519 encoding in sv-sig-01. Intentional — maps cleanly to how most implementations will be architecturally layered.
On DAG-shaped delegation chains
A question raised in the #11 thread: how should a conformance runner handle multiple valid paths between issuer and subject (DAG rather than linear chain)?
Current vectors are all linear chains, so traversal is deterministic. For non-linear graphs, the narrowing invariants imply a specific interpretation: a delegation is valid only if all paths from issuer to subject satisfy the narrowing constraints. Any path that escalates scope or validity makes the delegation invalid, regardless of other paths.
This is worth an explicit spec note in EA §5 if execution contexts can produce DAG-shaped delegation graphs. Happy to draft the note if useful.
Waiting on #11 merge before this lands, per discussion — vectors and runner should be consistent from first commit.