identity: trust-gated federated identity + cross-instance mapping (Phase 4 complete, +13)

federation.sx — peer-asserted subjects, advisory and trust-gated. An assertion is accepted only from an explicitly trusted peer (else {error, untrusted}) and is flagged {peer_asserted, Peer}, never promoted to local authority; acl decides what a peer-asserted identity may do. Cross- instance subject mapping namespaces remote subjects by peer ({federated, Peer, Remote}) so two peers' "alice" never collide, with optional explicit aliasing. Adds an audit-completeness test. New tests/federation.sx. All four phases done — 124/124. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 01:29:08 +00:00
parent a5c22c5a01
commit e448220b33
7 changed files with 179 additions and 10 deletions
--- a/lib/identity/scoreboard.json
+++ b/lib/identity/scoreboard.json
@@ -1,7 +1,7 @@
 {
  "language": "identity",
-  "total_pass": 111,
-  "total": 111,
+  "total_pass": 124,
+  "total": 124,
  "suites": [
    {"name":"session","pass":11,"total":11,"status":"ok"},
    {"name":"token","pass":18,"total":18,"status":"ok"},
@@ -11,6 +11,7 @@
    {"name":"sso","pass":10,"total":10,"status":"ok"},
    {"name":"membership","pass":17,"total":17,"status":"ok"},
    {"name":"cache","pass":9,"total":9,"status":"ok"},
-    {"name":"audit","pass":10,"total":10,"status":"ok"}
+    {"name":"audit","pass":11,"total":11,"status":"ok"},
+    {"name":"federation","pass":12,"total":12,"status":"ok"}
  ]
 }