feat: add draft data, gap analysis report, and workspace config
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
# Review Synthesis
|
||||
|
||||
## Blocking findings
|
||||
|
||||
- Add an explicit conformance rule that portable trust assertions require authenticated origin and integrity protection; unauthenticated portable assertions must not be treated as conformant input.
|
||||
- Tighten stale-data handling so clearly expired assertions are rejected rather than merely "downgraded" at implementer discretion.
|
||||
- Define a firmer minimum portable data shape for trust assertions, including explicit model identification.
|
||||
|
||||
## Major findings
|
||||
|
||||
- Clarify whether trust-event interoperability is core to the document or whether trust events are primarily feeder objects for portable assertions.
|
||||
- Strengthen the handling of negative assertions by requiring either evidence reference or explanation code when such assertions are exchanged portably.
|
||||
- Clarify revocation versus supersession.
|
||||
- Add one compact example of conflicting assertions from different issuers to make receiver processing easier to implement.
|
||||
|
||||
## Minor findings
|
||||
|
||||
- Tighten abstract wording around scoped issuer opinion.
|
||||
- Make a few terminology definitions more RFC-like.
|
||||
- Reduce provisional tone in IANA and dependency text.
|
||||
|
||||
## Conflicts resolved
|
||||
|
||||
- No major reviewer conflict exists. All reviewers support the narrow scope.
|
||||
- The only tension is between remaining model-agnostic and becoming implementable. Resolution: keep algorithm choice open, but define a stronger minimum portable assertion envelope and clearer stale-data behavior.
|
||||
Reference in New Issue
Block a user