25 lines
1.4 KiB
Markdown
25 lines
1.4 KiB
Markdown
# Architecture Review
|
|
|
|
## Findings
|
|
|
|
### Medium: scope discipline is good, but the draft risks under-specifying the portable core
|
|
|
|
The draft correctly avoids becoming a universal reputation system. The remaining risk is that so much is left to local policy that the portable assertion core becomes too thin. The architecture should define a firmer minimum portable envelope.
|
|
|
|
### Medium: the trust-event object may be more than the first revision needs
|
|
|
|
The draft has both trust events and trust assertions. That layering is sensible, but the architecture should say more directly whether trust-event interoperability is a primary goal or merely a feeder model for assertions. Otherwise readers may assume both layers are equally mature.
|
|
|
|
### Medium: revocation and supersession deserve a cleaner conceptual split
|
|
|
|
The draft treats revocation as withdrawal or supersession, but those are not always the same. One invalidates a prior assertion; the other replaces it with a newer one. This distinction should be sharper.
|
|
|
|
## Open questions
|
|
|
|
- Is the first implementable milestone portable assertions only, with trust events described as optional supporting input?
|
|
- Should revocation be kept as a general umbrella term or split explicitly into revoke and supersede actions?
|
|
|
|
## Residual risk
|
|
|
|
The document has good boundaries. The main architectural risk is not scope creep but insufficient commitment to a concrete portable core.
|