For Japanese version, see ISignatureTrustStore-jp.md.
ISignatureTrustStore (Interface Specification)
1. Responsibility Boundary
ISignatureTrustStore is the trust-anchor boundary that evaluates signer trust, key revocation, certificate-chain validity, and anchor health.
- Role:
- Non-role:
Provide signer trust-score resolution, key revocation checks, expiry checks, chain verification, trusted-anchor discovery, and store health checks.
Cryptographic signature matching itself belongs to IPromptVerifier.
2. Contract Signature
namespace AIKernel.Abstractions.Governance;\n\npublic interface ISignatureTrustStore\n{\n Task<double> ResolveTrustScoreAsync(string signerId, CancellationToken cancellationToken = default);\n Task<bool> IsKeyRevokedAsync(string keyId, CancellationToken cancellationToken = default);\n Task<DateTime?> GetKeyExpiryAsync(string keyId, CancellationToken cancellationToken = default);\n Task<bool> VerifyCertificateChainAsync(string signerId, CancellationToken cancellationToken = default);\n Task<IReadOnlyList<string>> GetTrustedAnchorsAsync(CancellationToken cancellationToken = default);\n Task<bool> IsHealthyAsync(CancellationToken cancellationToken = default);\n}
3. Related Use Cases
UC-13Runtime signature verification and governance:UC-20Deterministic replay and audit chain:UC-32Trust-anchor operations:
Resolves signer trust prerequisites before signature acceptance.
Enables historical validation of trust decisions at execution time.
Monitors revocation, expiry, and chain status.
4. Fail-Closed Semantics
- If
ResolveTrustScoreAsyncreturns negative (unreachable/untrusted), execution must be denied. - If
IsHealthyAsyncisfalse, do not downgrade to warning-only mode. - Revoked or expired keys must trigger immediate blocking.
5. Governance & Determinism
- Deterministic trust evaluation:
- Audit integrity:
Under identical time/context inputs, trust outcomes should be reproducible.
Decisions and evidence (keyId, expiry, chain, anchors) should be traceable in audit logs.
6. Implementation Notes
- Revocation freshness:
- Snapshot discipline:
Treat CRL/OCSP fetch failures as fail-closed conditions.
Persist trust-state snapshots to replay "as-of-execution-time" decisions accurately.
Changelog
- v0.0.0 / v0.0.0.0: Initial draft
- v0.0.1 (2026-05-06): Version upgrade aligned with documentation guidelines
architecture/interfaces/governance/ISignatureTrustStore.md