# openalice-passport

> Passport Authority: the trust layer of the Soul Vault — W3C Verifiable Credential issuance + a public, signed Postgres verification registry + C2PA export attestation. NO blockchain.

## At a glance
| field | value |
|---|---|
| kind | `service` |
| priority | `—` |
| default branch | `main` |
| last activity | 2026-06-17T16:51:11+00:00 |
| features catalogued | **2** |
| runtime deps declared | **1** |

## Env drift

**Code reads, manifest omits (10):**
- `DATABASE_URL`
- `INTERNAL_SECRET`
- `OPENALICE_ENV`
- `OPENALICE_PASSPORT_MODE`
- `PASSPORT_ISSUER_DID`
- `PASSPORT_PORT`
- `PASSPORT_RATE_LIMIT_PER_MINUTE`
- `PASSPORT_RLS_ENFORCE`
- `PASSPORT_SIGNING_KEY_PATH`
- `SHARED_JWT_SECRET`

## Features (2)

### passport/crate
- **`passport.crate.passport-authority`** — Rust/Axum service (port 3993) that ISSUES W3C Verifiable Credentials (one per soul component — soul/memory/voice/visual/genome), each carrying an Ed25519 proof over the canonical credential, and serves a PUBLIC, signed-Postgres verification registry (the "CA/DNS for digital identity"). Also issues a minimal, HONEST C2PA-style export attestation (a deterrent + compliance artifact, NOT technical enforcement — strippable on transcode). NO blockchain / tokens — a signed Postgres registry only (Build Spec §7). ## Trust model (asymmetric) * **Issuance + revocation are owner-scoped** — Postgres Row-Level Security keyed on `app.owner_id` (see [`db`]); the app role MUST be NOSUPERUSER NOBYPASSRLS for FORCE RLS to bite (applied at boot via `PASSPORT_RLS_ENFORCE`). * **Verification is PUBLIC** — a permissive `FOR SELECT USING (true)` policy lets anyone verify a passport by id with NO owner context, against the issuer's public key. ## The signed crypto surface (audit this first) Every signature (VC proof + C2PA attestation) is Ed25519 over `blake3(canonical_json(payload_with_signature_field_blanked))`. The canonical form is float-free + key-sorted and byte-identical to the vault's ([`crypto::canon`]). See [`vc`] + [`c2pa`] module docs for the exact recipe.  
  *src/lib.rs:4*

### passport/middleware
- **`passport.middleware.rate-limit`** — Per-owner token-bucket rate limiter on the JWT-gated issue/revoke surface (default 600 req/min ≈ 10 RPS, overridable via PASSPORT_RATE_LIMIT_PER_MINUTE). The PUBLIC verify route is NOT rate-limited per-owner (it has no owner); it rides the shared middleware only. Provided by openalice-axum-common::rate_limit. default-rpm: 600 Routes: * `/health`                         — Traefik liveness probe. * `/metrics`                        — Prometheus scrape. * `GET  /v1/passports/{pid}/verify` — PUBLIC credential verification. * `POST /v1/identities/{id}/passports` — issue (JWT-gated). * `POST /v1/passports/{pid}/revoke`    — revoke (JWT-gated).  
  *src/main.rs:3*

---

*Generated by [openalice-atlas](https://atlas.blal.pro) — single source of truth for the openalicelabs ecosystem.*
